Presentation is loading. Please wait.

Presentation is loading. Please wait.

Meet the Falcons Ciprian Marginean Aris Lambrianidis

Published byCecilia Potter Modified over 8 years ago

Similar presentations

Presentation on theme: "Meet the Falcons Ciprian Marginean Aris Lambrianidis"— Presentation transcript:

1 Meet the Falcons Ciprian Marginean ciprian.marginean@ams-ix.net Aris Lambrianidis aris.lambrianidis@ams-ix.net

2 What are the Falcons? A new pair of route servers Based on BIRD (Cisco does not scale easily nor support all features) Available only in Amsterdam (for now)

3 Why go to the trouble? Prefix hijack (or misconfiguration) mitigation “no mechanism has been specified within BGP to validate the authority of an AS to announce NLRI information (prefixes)” (RFC4272 3.2)

4 How do we do it? RPKI validation (RFC6480) BGP community tagging based on RPKI status (valid, invalid, unknown) IRRdb object filtering or tagging

5 What’s new to the Falcons? FeatureLegacyFalcon BGP community based routing policies IRRdb based routing policies Inbound Routing Policies RPKI prefix validation and filtering IRRdb prefix validation and filtering AS Path prepending

6 Is it difficult to configure?

7 One more click…

8 The stats Active peers: 35

9 Key take aways? Lower the barrier for customers needing more tools to make security focused decisions The routing policy is still controlled by the customer The Falcons are running in production in parallel with existing ones

10

11 Key take aways? Lower the barrier for customers needing more tools to make security focused decisions The routing policy is still controlled by the customer The Falcons are running in production in parallel with existing ones

12

13 Key take aways? Lower the barrier for customers needing more tools to make security focused decisions The routing policy is still controlled by the customer The Falcons are running in production in parallel with existing ones

14

15 Will there be anything else, sir? Highly flexible, per peer BGP attribute manipulation using communities: set MED set ORIGIN set prepend AS BGP ADD-PATH More configuration options: (IRRDB or Web portal)+ communities DDoS attack mitigation – L2 filtering

16 Any questions? This is still WiP, any feedback is welcome! noc@ams-ix.net

Download ppt "Meet the Falcons Ciprian Marginean Aris Lambrianidis"

Similar presentations

BGP-SRx BGP - Secure Routing Extension BRITE BGP Security / RPKI Interoperability Test & Evaluation Doug Montgomery 1IETF 802/12/2014.

BGP-SRx BGP - Secure Routing Extension BRITE BGP Security / RPKI Interoperability Test & Evaluation Doug Montgomery 1IETF 802/12/2014.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.
1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.

1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.

1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.

Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
BGP.

BGP.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—7-1 Optimizing BGP Scalability Limiting the Number of Prefixes Received from a BGP Neighbor.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—7-1 Optimizing BGP Scalability Limiting the Number of Prefixes Received from a BGP Neighbor.
Best Practices for ISPs

Best Practices for ISPs
APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.

APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
Internet Routing (COS 598A) Today: Interdomain Traffic Engineering Jennifer Rexford Tuesdays/Thursdays.

Internet Routing (COS 598A) Today: Interdomain Traffic Engineering Jennifer Rexford Tuesdays/Thursdays.
Presented By: Hanping Feng Configuring BGP With Cisco IOS Software (Part 1)

Presented By: Hanping Feng Configuring BGP With Cisco IOS Software (Part 1)
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 i2rs Usecases for BGP draft-keyupate-i2rs-bgp-usecases-01.txt Keyur Patel,

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 i2rs Usecases for BGP draft-keyupate-i2rs-bgp-usecases-01.txt Keyur Patel,
APNIC eLearning: Intro to RPKI 10 December 2014 12:30 PM AEST Brisbane (UTC+10)

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
NOC Lessons Learned TEIN2 and CERNET Xing Li 2007-01-22.

NOC Lessons Learned TEIN2 and CERNET Xing Li

Similar presentations

Ads by Google