Presentation is loading. Please wait.

Presentation is loading. Please wait.

R1R1 GD ERER ISP 1 R2R2 R3R3 R4R4 ISP 2 Normal Data Traffic AS100 AS600AS700 AS65535 AS200 Normal Operation: R1 peer to IPS1 with EBGP, and R2 peer to.

Published byRoberta Lamb Modified over 8 years ago

Similar presentations

Presentation on theme: "R1R1 GD ERER ISP 1 R2R2 R3R3 R4R4 ISP 2 Normal Data Traffic AS100 AS600AS700 AS65535 AS200 Normal Operation: R1 peer to IPS1 with EBGP, and R2 peer to."— Presentation transcript:

1 R1R1 GD ERER ISP 1 R2R2 R3R3 R4R4 ISP 2 Normal Data Traffic AS100 AS600AS700 AS65535 AS200 Normal Operation: R1 peer to IPS1 with EBGP, and R2 peer to ISP2 with EBGP and R1,R2,R3,R4 is all IBGP session. the GD is cisco anomaly guard module which is activated when ddos attack from internet IF the ddos attack starts, we advertises 32 bit host route to ISP1, and then the attack goes to ER router like numbering diversion to ER when Attack start

2 R1R1 GD ERER ISP 1 R2R2 R3R3 R4R4 ISP 2 Normal Data Traffic AS100 AS600AS700 AS65535 AS200 I would like to configure GD, R1, ER bgp configuration like below, first, the GD generates 32 bit host route and announce to R1 with community set 100:20 and then R1 is accept only community 100:20 route update from GD, and advertise to ER only 100:20 route which is received from GD, and then ER advertises finally ISP1 host ip address. My question is that I don’t know how configure R1 like above scenario. please check the configuration following next sheet. diversion to ER when Attack start

3 ! define guard’s RHI route like static access-list 10 permit 203.254.217.68 access-list 10 permit 203.254.217.66 access-list 10 permit 203.254.217.67 ! accept only match 10 and all deny route-map adm-redip permit 10 match ip next-hop 10 route-map adm-redip deny 20 ! set community tag when outgoing to R1 route-map bgp permit 10 match ip next-hop 10 set community 100:10 router bgp 200 neighbor x.x.x.x remote-as 100 neighbor x.x.x.x send-community neighbor x.x.x.x soft-reconfiguration inbound neighbor x.x.x.x next-hop-self neighbor x.x.x.x route-map bgp out redistribute static route-map adm-redip GD ! ip community-list 1 permit 100:10 ! route-map filter-a permit 10 match community 1 ! router bgp 100 neighbor x.x.x.x remote-as 200 neighbor x.x.x.x send-community neighbor x.x.x.x soft-reconfiguration inbound neighbor x.x.x.x route-map filter-a in neighbor x.x.x.x remote-as 65535 neighbor x.x.x.x send-community neighbor x.x.x.x soft-reconfiguration inbound neighbor x.x.x.x route-map filter-a out R1 ! ip community-list 1 permit 100:10 ! route-map filter-a permit 10 match community 1 ! router bgp 65535 neighbor x.x.x.x remote-as 100 neighbor x.x.x.x send-community neighbor x.x.x.x soft-reconfiguration inbound neighbor x.x.x.x route-map filter-a in neighbor x.x.x.x remote-as 600 neighbor x.x.x.x send-community neighbor x.x.x.x soft-reconfiguration inbound neighbor x.x.x.x route-map bgp out ! route-map bgp permit 10 match ip community 1 set community no-advertise ! ER the Guard generates 32bit host routing update to MSFC, and redistributed to BGP and then update R1 community tagged 100:10 the R1 received the 32bit host routing from GD tagged 100:10, if the community-tag is 100:10 then accept routing, and update ER tagged 100:10 ER received routing update from R1 tagged 100:10 32bit host route and update ISP1 to set no advertise finally the 32bit host routing goes into ER router

Download ppt "R1R1 GD ERER ISP 1 R2R2 R3R3 R4R4 ISP 2 Normal Data Traffic AS100 AS600AS700 AS65535 AS200 Normal Operation: R1 peer to IPS1 with EBGP, and R2 peer to."

Similar presentations

BGP Overview Processing BGP Routes.

BGP Overview Processing BGP Routes.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.
CCNP Network Route BGP Part -I BGP : Border Gateway Protocol. It is a distance vector protocol It is an External Gateway Protocol and basically used for.

CCNP Network Route BGP Part -I BGP : Border Gateway Protocol. It is a distance vector protocol It is an External Gateway Protocol and basically used for.
BGP Protocol & Configuration Scalable Infrastructure Workshop AfNOG2010.

BGP Protocol & Configuration Scalable Infrastructure Workshop AfNOG2010.
BGP Scaling Techniques Scalable Infrastructure Workshop AfNOG 2010.

BGP Scaling Techniques Scalable Infrastructure Workshop AfNOG 2010.
1 © 2001, Cisco Systems, Inc. All rights reserved. ISP Workshops BGP Deployment & Scalability Mike Pennington Network Consulting Engineer Cisco Systems,

1 © 2001, Cisco Systems, Inc. All rights reserved. ISP Workshops BGP Deployment & Scalability Mike Pennington Network Consulting Engineer Cisco Systems,
1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.

1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.
ISP 7 AS 7 ISP 5 AS 5ISP 3 AS 3 ISP 1 AS 1 peer ISP 9 AS 9 peer.

ISP 7 AS 7 ISP 5 AS 5ISP 3 AS 3 ISP 1 AS 1 peer ISP 9 AS 9 peer.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
BGP Multiple Origin AS (MOAS) Conflict Analysis Xiaoliang Zhao, NCSU S. Felix Wu, UC Davis Allison Mankin, Dan Massey, USC/ISI Dan Pei, Lan Wang, Lixia.

BGP Multiple Origin AS (MOAS) Conflict Analysis Xiaoliang Zhao, NCSU S. Felix Wu, UC Davis Allison Mankin, Dan Massey, USC/ISI Dan Pei, Lan Wang, Lixia.
Advanced Multihoming BGP Traffic Engineering 1. Service Provider Multihoming Previous examples dealt with loadsharing inbound traffic – Of primary concern.

Advanced Multihoming BGP Traffic Engineering 1. Service Provider Multihoming Previous examples dealt with loadsharing inbound traffic – Of primary concern.
CCNP – Advanced Routing

CCNP – Advanced Routing
BGP Scaling Techniques Philip Smith E2 Workshop, AfNOG 2006.

BGP Scaling Techniques Philip Smith E2 Workshop, AfNOG 2006.
Cabrillo College Building Scalable Cisco Networks Ch. 9 Scaling BGP Rick Graziani, Instructor with Mark McGregor December 12, 2000.

Cabrillo College Building Scalable Cisco Networks Ch. 9 Scaling BGP Rick Graziani, Instructor with Mark McGregor December 12, 2000.
Crafting Confederations An overview of the Confederation POP Approach to Network Architecture Dan Golding NetRail, Inc. Miguel Dimayuga.

Crafting Confederations An overview of the Confederation POP Approach to Network Architecture Dan Golding NetRail, Inc. Miguel Dimayuga.
Changed made by MF on 29/10/04 Delete Change Add –All slides Obtained Geoff Huston’s review – done on 26/10/2004 Obtained Doc Team’s proof read - done.

Changed made by MF on 29/10/04 Delete Change Add –All slides Obtained Geoff Huston’s review – done on 26/10/2004 Obtained Doc Team’s proof read - done.
Internet Routing (COS 598A) Today: Router Configuration Jennifer Rexford Tuesdays/Thursdays 11:00am-12:20pm.

Internet Routing (COS 598A) Today: Router Configuration Jennifer Rexford Tuesdays/Thursdays 11:00am-12:20pm.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Configuring Basic BGP BSCI Module 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Configuring Basic BGP BSCI Module 6.
Presented By: Hanping Feng Configuring BGP With Cisco IOS Software (Part 1)

Presented By: Hanping Feng Configuring BGP With Cisco IOS Software (Part 1)
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.

Similar presentations

Ads by Google