Meet the Falcons Ciprian Marginean Aris Lambrianidis

Slides:



Advertisements
Similar presentations
BGP-SRx BGP - Secure Routing Extension BRITE BGP Security / RPKI Interoperability Test & Evaluation Doug Montgomery 1IETF 802/12/2014.
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.
1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
BGP.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—7-1 Optimizing BGP Scalability Limiting the Number of Prefixes Received from a BGP Neighbor.
Best Practices for ISPs
APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
Internet Routing (COS 598A) Today: Interdomain Traffic Engineering Jennifer Rexford Tuesdays/Thursdays.
Presented By: Hanping Feng Configuring BGP With Cisco IOS Software (Part 1)
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 i2rs Usecases for BGP draft-keyupate-i2rs-bgp-usecases-01.txt Keyur Patel,
APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
NOC Lessons Learned TEIN2 and CERNET Xing Li
Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.
1 San Diego, California 25 February Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network BGP Attributes and Path Selection Process.
Advertising Equal Cost Multi-Path Routes in BGP Manav Bhatia Samsung India Software Operations, Bangalore – India July 17, th IETF - Vienna draft-ecmp-routes-in-bgp-00.txt.
Lecture 4: BGP Presentations Lab information H/W update.
Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos.
RIPE NCC IRR training 4 February 2011 Zurich, Switzerland IPv6 Golden Networks Jeroen Massar Things to watch.
© 2001, Cisco Systems, Inc. A_BGP_Confed BGP Confederations.
BGP4 - Border Gateway Protocol. Autonomous Systems Routers under a single administrative control are grouped into autonomous systems Identified by a 16.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.
Remote Trigger Black Hole 111. Remotely Triggered Black Hole Filtering We use BGP to trigger a network wide response to a range of attack flows. A simple.
Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.
1 Madison, Wisconsin 9 September14. 2 Security Overlays on Core Internet Protocols – DNSSEC and RPKI Mark Kosters ARIN Engineering.
Efficient Secure BGP AS Path using FS-BGP Xia Yin, Yang Xiang, Zhiliang Wang, Jianping Wu Tsinghua University, Beijing 81th Quebec.
© 2001, Cisco Systems, Inc. 1-1 Introduction Configuring BGP on Cisco Routers.
GoBGP Open Source BGP implementation
Draft-ietf-sidr-bgpsec-reqs-01 diffs from -00 (Jul) sidr / IETF Taipei Randy Bush sidr bgpsec reqs 1.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP Prefix Origin Validation State Extended Community draft-pmohapat-sidr-origin-validation-signaling-00.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Filtering with Prefix-Lists.
Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.
1 draft-sidr-bgpsec-protocol-05 Open Issues. 2 Overview I received many helpful reviews: Thanks Rob, Sandy, Sean, Randy, and Wes Most issues are minor.
Route Selection Using Policy Controls
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Outbound Route Filtering.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Applying Route-Maps as BGP Filters.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—7-1 Optimizing BGP Scalability Implementing BGP Peer Groups.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Course Introduction.
Route Selection Using Attributes
Thoughts on TEIN2 Operation and Collaboration Xing Li
BGP L3VPN origin validation (draft-ymbk-l3vpn-origination-02) November 2012.
Network Engineering (NOC) Workshop in APAN Challenges in Layer 3 – Operation Experiences Xing Li :00-17:30.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to Multiple Service.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Introducing Confederations.
Recent Progress in Routing Standardization An IETF update for UKNOF 23 Old Dog Consulting Adrian
Making Routing Registries Great Again Jared Mauch – NTT Communications
BGP Validation Russ White Rule11.us.
Doing Don’ts: Modifying BGP Attributes within an Autonomous System Luca Cittadini, Stefano Vissicchio, Giuseppe Di Battista Università degli Studi RomaTre.
The Use of Maxlength in the RPKI draft-yossigi-rpkimaxlen-00
Goals of soBGP Verify the origin of advertisements
Module Summary BGP is a path-vector routing protocol that allows routing policy decisions at the AS level to be enforced. BGP is a policy-based routing.
Route Servers: An AMS-IX Introspective
MANRS IXP Partnership Programme
Scaling Service Provider Networks
MANRS for IXPs Why we did it? What did we do?
BGP Multiple Origin AS (MOAS) Conflict Analysis
FIRST How can MANRS actions prevent incidents .
Amreesh Phokeer Research Manager AfPIF-10, Mauritius
Validating MANRS of a network
IXP FilterCheck A New Route Analysis Tool for IXPs
Presentation transcript:

Meet the Falcons Ciprian Marginean Aris Lambrianidis

What are the Falcons? A new pair of route servers Based on BIRD (Cisco does not scale easily nor support all features) Available only in Amsterdam (for now)

Why go to the trouble? Prefix hijack (or misconfiguration) mitigation “no mechanism has been specified within BGP to validate the authority of an AS to announce NLRI information (prefixes)” (RFC )

How do we do it? RPKI validation (RFC6480) BGP community tagging based on RPKI status (valid, invalid, unknown) IRRdb object filtering or tagging

What’s new to the Falcons? FeatureLegacyFalcon BGP community based routing policies IRRdb based routing policies Inbound Routing Policies RPKI prefix validation and filtering IRRdb prefix validation and filtering AS Path prepending

Is it difficult to configure?

One more click…

The stats Active peers: 35

Key take aways? Lower the barrier for customers needing more tools to make security focused decisions The routing policy is still controlled by the customer The Falcons are running in production in parallel with existing ones

Key take aways? Lower the barrier for customers needing more tools to make security focused decisions The routing policy is still controlled by the customer The Falcons are running in production in parallel with existing ones

Key take aways? Lower the barrier for customers needing more tools to make security focused decisions The routing policy is still controlled by the customer The Falcons are running in production in parallel with existing ones

Will there be anything else, sir? Highly flexible, per peer BGP attribute manipulation using communities: set MED set ORIGIN set prepend AS BGP ADD-PATH More configuration options: (IRRDB or Web portal)+ communities DDoS attack mitigation – L2 filtering

Any questions? This is still WiP, any feedback is welcome!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.