SlideShare ist ein Scribd-Unternehmen logo

Prefix Filtering Design Issues and Best Practise by Nurul Islam

MyNOG
MyNOG
Internet
1 von 31
Downloaden Sie, um offline zu lesen
Prefix Filtering Design Issues and Best Practices Nurul Islam Roman, APNIC MyNOG4, KL, Malaysia
Ingress Prefixes •  There are three scenarios for receiving prefixes from other ASNs –  Customer talking BGP –  Peer talking BGP –  Upstream/Transit talking BGP •  Each has different filtering requirements and need to be considered separately
Source of Prefixes •  Upstream –  Mostly ISP •  Regional Internet Registry (RIR) –  I.e. APNIC, ARIN, ARFINIC, LACNIC, RIPE NCC
Design Consideration •  Ingress prefix from downstream: –  Option 1: Customer single home and non portable prefix •  Customer is not APNIC member prefix received from upstream ISP –  Option 2: Customer single home and portable prefix •  Customer is APNIC member receive allocation as service provider but no AS number yet –  Option 3: Customer multihome and non portable prefix •  Customer is not APNIC member both prefix and ASN received from upstream ISP –  Option 4: Customer multihome and portable prefix •  Customer is APNIC member both prefix and ASN received from APNIC
Design Consideration [Single home] •  Option 1: Single home and non portable prefix Internet can not change upstream ISP1 ISP Prefix 3fff:ffff::/32 Enterprise Prefix 3fff:ffff:dcdc:/48 Customer
Design Consideration [Single home] •  Option 2: Single home and portable prefix Internet Can change upstream ISP1 ISP Prefix 3fff:ffff::/32 Enterprise Prefix 2001:0DB8::/32 Customer
Design Consideration [Multihome] •  Option 3: Multihome and non portable prefix Internet upstream can not change ISP1 ISP Prefix 3fff:ffff::/32 Enterprise Prefix 3fff:ffff:dcdc:/48 ISP2 upstream can change Customer
Design Consideration [Multihome] •  Option 4: Multihome and portable prefix Internet upstream can change ISP1 ISP Prefix 3fff:ffff::/32 Enterprise Prefix 2001:0DB8::/32 ISP2 upstream can change Customer
Route Filtering BCP [Single home] •  Option 1: Customer single home and non portable prefix Internet upstream downstream AS17821 Static 3fff:ffff:dcdc::/48 to customer WAN Interface No LoA Check of Cust prefix ISP Prefix 3fff:ffff::/32 Customer Prefix 3fff:ffff:dcdc::/48 NO BGP Static Default to ISP WAN Interface Filter requirement for ISP Customer interface OSPF passive No BGP peering with downstream customer No route filter required Traffic filter should permit customer prefix only Filter requirement for Customer No dynamic routing protocol with ISP No route filter required Need traffic filter based on company security policy
Route Filtering BCP [Single home] •  Option 2: : Customer single home and portable prefix Internet upstream downstream AS17821 Static 2001:0DB8::/32 to customer WAN Interface BGP network 2001:0DB8::/32 AS17821 i Check LoA of Cust prefix ISP Prefix 3fff:ffff::/32 Customer Prefix 2001:0DB8::/32 NO BGP Static Default to ISP WAN Interface Static 2001:0DB8::/32 null0 Filter requirement for ISP Customer interface OSPF passive No BGP peering with downstream customer No route filter required Traffic filter should permit customer prefix only Filter requirement for Customer No dynamic routing protocol with ISP No route filter required Need traffic filter based on company security policy
Route Filtering [Multihome] •  Option 3: Customer multihome and non portable prefix Internet upstream can not change AS17821 eBGP peering with customer WAN interface No LoA Check of Cust prefix ISP Prefix 3fff:ffff::/32 Customer Prefix 3fff:ffff:dcdc::/48 Filter requirement for ISP Customer interface OSPF passive BGP peering with downstream customer Route filter permit 3fff:ffff:dcdc::/48 only in Route filter permit ::/0, AS17821cust, all /48& /32 out Or route filter permit ::/0 & AS17821 only out AS path filter permit _64500$ in Traffic filter should permit customer prefix in Filter requirement for Customer BGP peering with both upstream ISP Route filter permit 3fff:ffff:dcdc::/48 only out Route filter permit ::/0, AS17821cust, all /48& /32 in Or route filter permit ::/0 & AS17821 only in AS path filter permit ^$ out Need traffic filter based on company security policy AS131107 Check LoA of Cust prefix Manual process e-mail to tech-c Automated process route object or RPKI Nearly same filter requirement as other ISP AS64500 eBGP peering with both ISP WAN Interface BGP network 3fff:ffff:dcdc::/48 AS64500 i or aggregate address from gateway router upstream can change
Route Filtering [Multihome] •  Option 4: Customer multihome and portable prefix Internet upstream can change AS17821 Check LoA of Cust prefix Manual process e-mail to tech-c Automated process route object or RPKI ISP Prefix 3fff:ffff::/32 Customer Prefix 2001:0DB8::/32 Filter requirement for ISP Customer interface OSPF passive BGP peering with downstream customer Route filter permit 2001:0DB8::/32 only in Route filter permit ::/0, AS17821cust, all /48& /32 out Or route filter permit ::/0 & AS17821 only out AS path filter permit _64500$ in Traffic filter should permit customer prefix in Filter requirement for Customer BGP peering with both upstream ISP Route filter permit 2001:0DB8::/32 only out Route filter permit ::/0, AS17821cust, all /48& /32 in Or route filter permit ::/0 & AS17821 only in AS path filter permit ^$ out Need traffic filter based on company security policy AS131107 Check LoA of Cust prefix Manual process e-mail to tech-c Automated process route object or RPKI Nearly same filter requirement as other ISP AS64500 eBGP peering with both ISP WAN Interface BGP network 2001:0DB8::/32 AS64500 i or aggregate address from gateway router upstream can change
Design Issue [Ingress Prefix] •  Downstream Customer BGP In process design issue: –  Option 1: ISP default only In •  Customer is accepting ::/0 only from upstream ISP prefix –  Option 2: ISP default + local In •  Customer is accepting ::/0 and upstream ISP prefix and their other customer portable prefixes (Non portable prefixes should not) –  Option 3: ISP default + local + all In •  Customer is accepting ::/0, upstream ISP aggregated prefix and their other customer portable prefixes (Non portable prefixes should not) and all other from Internet
Route Filtering •  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 AS131107 default originated AS17821 default originated
•  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 AS131107 default originated AS17821 default originated Route Filtering
•  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 AS131107 default originated AS17821 default originated Route Filtering
•  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering –  Can not re-route traffic if remote transit is down Internet Net 2001:0DB8::/32 upstream AS17821 default originated AS131107 default originated AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 Route Filtering
•  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering –  Can not re-route traffic if remote transit is down –  I.e. Network 2001:0DB8::/32 is withdrawn in AS200 but default path in AS64500 is still sending traffic via AS 17821) Internet Net 2001:0DB8::/32 upstream AS17821 default originated AS131107 default originated AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 Route Filtering
•  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering –  Can not re-route traffic if remote transit is down –  Prefixes originated in AS131107 can be routed via AS17821 (Sub- optimal path) Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 AS131107 default originated Net 3fff:ffff::/32 i AS17821 default originated Route Filtering
•  Option 2: ISP default + local In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering to the remote –  Can not re-route traffic if remote transit is down –  AS131107 is sending its portable local route to AS64500 Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 >3fff:ffff::/32 i from As131107 upstream AS100 AS200 AS131107 default originated net 3fff:ffff::/32 i AS17821 default originated Route Filtering
•  Option 2: ISP default + local In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering to the remote –  Can not re-route traffic if remote transit is down –  AS131107 is sending its portable local route to AS64500 –  Prefixes originated in AS131107 can now be routed via AS131107 (Optimal Path) Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from As131107 upstream AS100 AS200 AS131107 default originated Net 3fff:ffff::/32 i AS17821 default originated Route Filtering
•  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:0db8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
•  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) –  Need skilled people to manage large routing table Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:0db8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
•  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) –  Need skilled people to manage large routing table –  Support destination specific traffic engineering to the remote Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:0db8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
•  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) –  Need skilled people to manage large routing table –  Support destination specific traffic engineering to the remote –  Can now re-route traffic if remote transit is down Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:0db8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
•  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) –  Need skilled people to manage large routing table –  Support destination specific traffic engineering to the remote –  Can now re-route traffic if remote transit is down Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 > 2001:0db8 via AS 131107 2001:0db8 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
•  Option 3: ISP default + local + all In –  Need high configuration router (CPU/DRAM) –  Need skilled people to manage large routing table –  Support destination specific traffic engineering to the remote –  Can now re-route traffic if remote transit is down –  Prefixes originated in AS131107 or AS17821 can now be routed via AS131107 or AS17821 respectively Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:odb8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
Route Filtering BCP •  Prefixes: From Upstream/Transit Provider •  If necessary to receive prefixes from any provider, care is required. –  Don’t accept default (unless you need it) –  Don’t accept your own prefixes •  For IPv4: –  Don’t accept private (RFC1918) and certain special use prefixes: http://www.rfc-editor.org/rfc/rfc5735.txt –  Don’t accept prefixes longer than /24 (?) •  For IPv6: –  Don’t accept certain special use prefixes: http://www.rfc-editor.org/rfc/rfc5156.txt –  Don’t accept prefixes longer than /48 (?)
Route Filtering BCP •  Prefixes: From Upstream/Transit Provider •  Check Team Cymru’s list of “bogons” www.team-cymru.org/Services/Bogons/http.html •  For IPv4 also consult: datatracker.ietf.org/doc/draft-vegoda-no-more-unallocated-slash8s •  For IPv6 also consult: www.space.net/~gert/RIPE/ipv6-filters.html •  Bogon Route Server: www.team-cymru.org/Services/Bogons/routeserver.html –  Supplies a BGP feed (IPv4 and/or IPv6) of address blocks which should not appear in the BGP table
Questions?
Thank you

Empfohlen

Traffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie LiuTraffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie LiuMyNOG
 
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed Rawi
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed RawiManaging Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed Rawi
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed RawiMyNOG
 
ETE405-lec9.ppt
ETE405-lec9.pptETE405-lec9.ppt
ETE405-lec9.pptmashiur
 
bgp(border gateway protocol)
bgp(border gateway protocol)bgp(border gateway protocol)
bgp(border gateway protocol)Noor Ul Hudda Memon
 
Go with the Flow-v2
Go with the Flow-v2Go with the Flow-v2
Go with the Flow-v2Zobair Khan
 
ETE405-lec9.pdf
ETE405-lec9.pdfETE405-lec9.pdf
ETE405-lec9.pdfmashiur
 
Traffic Engineering for CDNs
Traffic Engineering for CDNsTraffic Engineering for CDNs
Traffic Engineering for CDNsMyNOG
 
Mpls
MplsMpls
MplsFasih Rehman
 

Empfohlen

Traffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie LiuTraffic analysis for Planning, Peering and Security by Julie Liu
Traffic analysis for Planning, Peering and Security by Julie LiuMyNOG
 
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed Rawi
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed RawiManaging Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed Rawi
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed RawiMyNOG
 
ETE405-lec9.ppt
ETE405-lec9.pptETE405-lec9.ppt
ETE405-lec9.pptmashiur
 
bgp(border gateway protocol)
bgp(border gateway protocol)bgp(border gateway protocol)
bgp(border gateway protocol)Noor Ul Hudda Memon
 
Go with the Flow-v2
Go with the Flow-v2Go with the Flow-v2
Go with the Flow-v2Zobair Khan
 
ETE405-lec9.pdf
ETE405-lec9.pdfETE405-lec9.pdf
ETE405-lec9.pdfmashiur
 
Traffic Engineering for CDNs
Traffic Engineering for CDNsTraffic Engineering for CDNs
Traffic Engineering for CDNsMyNOG
 
Mpls
MplsMpls
MplsFasih Rehman
 
BGP Overview
BGP OverviewBGP Overview
BGP OverviewMatt Bynum
 
IP/MAC Address Translation
IP/MAC Address TranslationIP/MAC Address Translation
IP/MAC Address TranslationIsmail Mukiibi
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshFakrul Alam
 
SDN Traffic Engineering, A Natural Evolution
SDN Traffic Engineering, A Natural EvolutionSDN Traffic Engineering, A Natural Evolution
SDN Traffic Engineering, A Natural EvolutionAPNIC
 
Innovation is back in the transport and network layers
Innovation is back in the transport and network layersInnovation is back in the transport and network layers
Innovation is back in the transport and network layersOlivier Bonaventure
 
NP - Unit 5 - Bootstrap, Autoconfigurion and BGP
NP - Unit 5 - Bootstrap, Autoconfigurion and BGPNP - Unit 5 - Bootstrap, Autoconfigurion and BGP
NP - Unit 5 - Bootstrap, Autoconfigurion and BGPhamsa nandhini
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNsUS-Ignite
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesMyNOG
 
MENOG-Segment Routing Introduction
MENOG-Segment Routing IntroductionMENOG-Segment Routing Introduction
MENOG-Segment Routing IntroductionRasoul Mesghali, CCIE RS
 
Community tools to fight against DDoS
Community tools to fight against DDoSCommunity tools to fight against DDoS
Community tools to fight against DDoSFakrul Alam
 
Exterior Routing Protocols And Multi casting Chapter 16
Exterior Routing Protocols And Multi casting Chapter 16Exterior Routing Protocols And Multi casting Chapter 16
Exterior Routing Protocols And Multi casting Chapter 16daniel ayalew
 
DHCP Protocol
DHCP ProtocolDHCP Protocol
DHCP ProtocolMohammed Hisham
 
Sapc upcc-pcrf- part 2 tbp
Sapc upcc-pcrf- part 2 tbpSapc upcc-pcrf- part 2 tbp
Sapc upcc-pcrf- part 2 tbpMustafa Golam
 
NP - Unit 4 - Routing - RIP, OSPF and Internet Multicasting
NP - Unit 4 - Routing - RIP, OSPF and Internet MulticastingNP - Unit 4 - Routing - RIP, OSPF and Internet Multicasting
NP - Unit 4 - Routing - RIP, OSPF and Internet Multicastinghamsa nandhini
 
Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)Juniper Networks
 
Integrated and Differentiated services Chapter 17
Integrated and Differentiated services Chapter 17Integrated and Differentiated services Chapter 17
Integrated and Differentiated services Chapter 17daniel ayalew
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Jisc
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationAndy Davidson
 
IETF 79 - Diameter Over SCTP
IETF 79 - Diameter Over SCTPIETF 79 - Diameter Over SCTP
IETF 79 - Diameter Over SCTPVictor Pascual Ávila
 
BGP Monitoring Protocol
BGP Monitoring ProtocolBGP Monitoring Protocol
BGP Monitoring ProtocolBertrand Duvivier
 
Prefix Filtering BCP
Prefix Filtering BCP Prefix Filtering BCP
Prefix Filtering BCP Bangladesh Network Operators Group
 
Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]
Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]
Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]APNIC
 

Weitere ähnliche Inhalte

Was ist angesagt?

IP/MAC Address Translation
IP/MAC Address TranslationIP/MAC Address Translation
IP/MAC Address TranslationIsmail Mukiibi
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshFakrul Alam
 
SDN Traffic Engineering, A Natural Evolution
SDN Traffic Engineering, A Natural EvolutionSDN Traffic Engineering, A Natural Evolution
SDN Traffic Engineering, A Natural EvolutionAPNIC
 
Innovation is back in the transport and network layers
Innovation is back in the transport and network layersInnovation is back in the transport and network layers
Innovation is back in the transport and network layersOlivier Bonaventure
 
NP - Unit 5 - Bootstrap, Autoconfigurion and BGP
NP - Unit 5 - Bootstrap, Autoconfigurion and BGPNP - Unit 5 - Bootstrap, Autoconfigurion and BGP
NP - Unit 5 - Bootstrap, Autoconfigurion and BGPhamsa nandhini
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNsUS-Ignite
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesMyNOG
 
Community tools to fight against DDoS
Community tools to fight against DDoSCommunity tools to fight against DDoS
Community tools to fight against DDoSFakrul Alam
 
Exterior Routing Protocols And Multi casting Chapter 16
Exterior Routing Protocols And Multi casting Chapter 16Exterior Routing Protocols And Multi casting Chapter 16
Exterior Routing Protocols And Multi casting Chapter 16daniel ayalew
 
Sapc upcc-pcrf- part 2 tbp
Sapc upcc-pcrf- part 2 tbpSapc upcc-pcrf- part 2 tbp
Sapc upcc-pcrf- part 2 tbpMustafa Golam
 
NP - Unit 4 - Routing - RIP, OSPF and Internet Multicasting
NP - Unit 4 - Routing - RIP, OSPF and Internet MulticastingNP - Unit 4 - Routing - RIP, OSPF and Internet Multicasting
NP - Unit 4 - Routing - RIP, OSPF and Internet Multicastinghamsa nandhini
 
Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)Juniper Networks
 
Integrated and Differentiated services Chapter 17
Integrated and Differentiated services Chapter 17Integrated and Differentiated services Chapter 17
Integrated and Differentiated services Chapter 17daniel ayalew
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Jisc
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationAndy Davidson
 

Was ist angesagt? (20)

BGP Overview
BGP OverviewBGP Overview
BGP Overview
 
IP/MAC Address Translation
IP/MAC Address TranslationIP/MAC Address Translation
IP/MAC Address Translation
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
SDN Traffic Engineering, A Natural Evolution
SDN Traffic Engineering, A Natural EvolutionSDN Traffic Engineering, A Natural Evolution
SDN Traffic Engineering, A Natural Evolution
 
Innovation is back in the transport and network layers
Innovation is back in the transport and network layersInnovation is back in the transport and network layers
Innovation is back in the transport and network layers
 
NP - Unit 5 - Bootstrap, Autoconfigurion and BGP
NP - Unit 5 - Bootstrap, Autoconfigurion and BGPNP - Unit 5 - Bootstrap, Autoconfigurion and BGP
NP - Unit 5 - Bootstrap, Autoconfigurion and BGP
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNs
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry Services
 
MENOG-Segment Routing Introduction
MENOG-Segment Routing IntroductionMENOG-Segment Routing Introduction
MENOG-Segment Routing Introduction
 
Community tools to fight against DDoS
Community tools to fight against DDoSCommunity tools to fight against DDoS
Community tools to fight against DDoS
 
Exterior Routing Protocols And Multi casting Chapter 16
Exterior Routing Protocols And Multi casting Chapter 16Exterior Routing Protocols And Multi casting Chapter 16
Exterior Routing Protocols And Multi casting Chapter 16
 
DHCP Protocol
DHCP ProtocolDHCP Protocol
DHCP Protocol
 
Sapc upcc-pcrf- part 2 tbp
Sapc upcc-pcrf- part 2 tbpSapc upcc-pcrf- part 2 tbp
Sapc upcc-pcrf- part 2 tbp
 
NP - Unit 4 - Routing - RIP, OSPF and Internet Multicasting
NP - Unit 4 - Routing - RIP, OSPF and Internet MulticastingNP - Unit 4 - Routing - RIP, OSPF and Internet Multicasting
NP - Unit 4 - Routing - RIP, OSPF and Internet Multicasting
 
Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)
 
Integrated and Differentiated services Chapter 17
Integrated and Differentiated services Chapter 17Integrated and Differentiated services Chapter 17
Integrated and Differentiated services Chapter 17
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing Optimisation
 
IETF 79 - Diameter Over SCTP
IETF 79 - Diameter Over SCTPIETF 79 - Diameter Over SCTP
IETF 79 - Diameter Over SCTP
 
BGP Monitoring Protocol
BGP Monitoring ProtocolBGP Monitoring Protocol
BGP Monitoring Protocol
 

Ähnlich wie Prefix Filtering Design Issues and Best Practise by Nurul Islam

Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]
Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]
Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]APNIC
 
IRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoIRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoAPNIC
 
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]APNIC
 
Routing Registry Function Automation using RPKI & RPSL
Routing Registry Function Automation using RPKI & RPSLRouting Registry Function Automation using RPKI & RPSL
Routing Registry Function Automation using RPKI & RPSLAPNIC
 
Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...Muhammad Moinur Rahman
 
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...APNIC
 
Computer network (14)
Computer network (14)Computer network (14)
Computer network (14)NYversity
 
SGNOG2 - Using communities for multihoming ISP workshop
SGNOG2 - Using communities for multihoming ISP workshopSGNOG2 - Using communities for multihoming ISP workshop
SGNOG2 - Using communities for multihoming ISP workshopAPNIC
 
BGP Techniques for Network Operators
BGP Techniques for Network OperatorsBGP Techniques for Network Operators
BGP Techniques for Network OperatorsAPNIC
 
E rou01 routing_basics
E rou01 routing_basicsE rou01 routing_basics
E rou01 routing_basicstanawan44
 

Ähnlich wie Prefix Filtering Design Issues and Best Practise by Nurul Islam (20)

Prefix Filtering BCP
Prefix Filtering BCP Prefix Filtering BCP
Prefix Filtering BCP
 
Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]
Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]
Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]
 
IRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoIRR Tutorial and RPKI Demo
IRR Tutorial and RPKI Demo
 
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
 
Routing Registry Function Automation using RPKI & RPSL
Routing Registry Function Automation using RPKI & RPSLRouting Registry Function Automation using RPKI & RPSL
Routing Registry Function Automation using RPKI & RPSL
 
Bgp (1)
Bgp (1)Bgp (1)
Bgp (1)
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Bgp
BgpBgp
Bgp
 
bgp.ppt
bgp.pptbgp.ppt
bgp.ppt
 
Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...
 
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
 
10 routing-bgp
10 routing-bgp10 routing-bgp
10 routing-bgp
 
11 bgp-ethernet
11 bgp-ethernet11 bgp-ethernet
11 bgp-ethernet
 
Computer network (14)
Computer network (14)Computer network (14)
Computer network (14)
 
Lec7
Lec7Lec7
Lec7
 
Wrou01
Wrou01Wrou01
Wrou01
 
Apricot2004 bgp00
Apricot2004 bgp00Apricot2004 bgp00
Apricot2004 bgp00
 
SGNOG2 - Using communities for multihoming ISP workshop
SGNOG2 - Using communities for multihoming ISP workshopSGNOG2 - Using communities for multihoming ISP workshop
SGNOG2 - Using communities for multihoming ISP workshop
 
BGP Techniques for Network Operators
BGP Techniques for Network OperatorsBGP Techniques for Network Operators
BGP Techniques for Network Operators
 
E rou01 routing_basics
E rou01 routing_basicsE rou01 routing_basics
E rou01 routing_basics
 

Mehr von MyNOG

Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10MyNOG
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023MyNOG
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksMyNOG
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersMyNOG
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureMyNOG
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network ControllerMyNOG
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformMyNOG
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalidsMyNOG
 
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXMyNOG
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in KubernetesMyNOG
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKIMyNOG
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmMyNOG
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEMyNOG
 
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...MyNOG
 
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveMyNOG
 
Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...MyNOG
 
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...MyNOG
 
MyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyNOG
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...MyNOG
 
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearQuick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearMyNOG
 

Mehr von MyNOG (20)

Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier Networks
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New Frontiers
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native Infrastructure
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network Controller
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalids
 
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIX
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in Kubernetes
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKI
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable Paradigm
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
 
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
 
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
 
Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...
 
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
 
MyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIX
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
 
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearQuick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, Opengear
 

Kürzlich hochgeladen

Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiEscorts Call Girls
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...SUHANI PANDEY
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 

Kürzlich hochgeladen (20)

Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 

Prefix Filtering Design Issues and Best Practise by Nurul Islam

  • 1. Prefix Filtering Design Issues and Best Practices Nurul Islam Roman, APNIC MyNOG4, KL, Malaysia
  • 2. Ingress Prefixes •  There are three scenarios for receiving prefixes from other ASNs –  Customer talking BGP –  Peer talking BGP –  Upstream/Transit talking BGP •  Each has different filtering requirements and need to be considered separately
  • 3. Source of Prefixes •  Upstream –  Mostly ISP •  Regional Internet Registry (RIR) –  I.e. APNIC, ARIN, ARFINIC, LACNIC, RIPE NCC
  • 4. Design Consideration •  Ingress prefix from downstream: –  Option 1: Customer single home and non portable prefix •  Customer is not APNIC member prefix received from upstream ISP –  Option 2: Customer single home and portable prefix •  Customer is APNIC member receive allocation as service provider but no AS number yet –  Option 3: Customer multihome and non portable prefix •  Customer is not APNIC member both prefix and ASN received from upstream ISP –  Option 4: Customer multihome and portable prefix •  Customer is APNIC member both prefix and ASN received from APNIC
  • 5. Design Consideration [Single home] •  Option 1: Single home and non portable prefix Internet can not change upstream ISP1 ISP Prefix 3fff:ffff::/32 Enterprise Prefix 3fff:ffff:dcdc:/48 Customer
  • 6. Design Consideration [Single home] •  Option 2: Single home and portable prefix Internet Can change upstream ISP1 ISP Prefix 3fff:ffff::/32 Enterprise Prefix 2001:0DB8::/32 Customer
  • 7. Design Consideration [Multihome] •  Option 3: Multihome and non portable prefix Internet upstream can not change ISP1 ISP Prefix 3fff:ffff::/32 Enterprise Prefix 3fff:ffff:dcdc:/48 ISP2 upstream can change Customer
  • 8. Design Consideration [Multihome] •  Option 4: Multihome and portable prefix Internet upstream can change ISP1 ISP Prefix 3fff:ffff::/32 Enterprise Prefix 2001:0DB8::/32 ISP2 upstream can change Customer
  • 9. Route Filtering BCP [Single home] •  Option 1: Customer single home and non portable prefix Internet upstream downstream AS17821 Static 3fff:ffff:dcdc::/48 to customer WAN Interface No LoA Check of Cust prefix ISP Prefix 3fff:ffff::/32 Customer Prefix 3fff:ffff:dcdc::/48 NO BGP Static Default to ISP WAN Interface Filter requirement for ISP Customer interface OSPF passive No BGP peering with downstream customer No route filter required Traffic filter should permit customer prefix only Filter requirement for Customer No dynamic routing protocol with ISP No route filter required Need traffic filter based on company security policy
  • 10. Route Filtering BCP [Single home] •  Option 2: : Customer single home and portable prefix Internet upstream downstream AS17821 Static 2001:0DB8::/32 to customer WAN Interface BGP network 2001:0DB8::/32 AS17821 i Check LoA of Cust prefix ISP Prefix 3fff:ffff::/32 Customer Prefix 2001:0DB8::/32 NO BGP Static Default to ISP WAN Interface Static 2001:0DB8::/32 null0 Filter requirement for ISP Customer interface OSPF passive No BGP peering with downstream customer No route filter required Traffic filter should permit customer prefix only Filter requirement for Customer No dynamic routing protocol with ISP No route filter required Need traffic filter based on company security policy
  • 11. Route Filtering [Multihome] •  Option 3: Customer multihome and non portable prefix Internet upstream can not change AS17821 eBGP peering with customer WAN interface No LoA Check of Cust prefix ISP Prefix 3fff:ffff::/32 Customer Prefix 3fff:ffff:dcdc::/48 Filter requirement for ISP Customer interface OSPF passive BGP peering with downstream customer Route filter permit 3fff:ffff:dcdc::/48 only in Route filter permit ::/0, AS17821cust, all /48& /32 out Or route filter permit ::/0 & AS17821 only out AS path filter permit _64500$ in Traffic filter should permit customer prefix in Filter requirement for Customer BGP peering with both upstream ISP Route filter permit 3fff:ffff:dcdc::/48 only out Route filter permit ::/0, AS17821cust, all /48& /32 in Or route filter permit ::/0 & AS17821 only in AS path filter permit ^$ out Need traffic filter based on company security policy AS131107 Check LoA of Cust prefix Manual process e-mail to tech-c Automated process route object or RPKI Nearly same filter requirement as other ISP AS64500 eBGP peering with both ISP WAN Interface BGP network 3fff:ffff:dcdc::/48 AS64500 i or aggregate address from gateway router upstream can change
  • 12. Route Filtering [Multihome] •  Option 4: Customer multihome and portable prefix Internet upstream can change AS17821 Check LoA of Cust prefix Manual process e-mail to tech-c Automated process route object or RPKI ISP Prefix 3fff:ffff::/32 Customer Prefix 2001:0DB8::/32 Filter requirement for ISP Customer interface OSPF passive BGP peering with downstream customer Route filter permit 2001:0DB8::/32 only in Route filter permit ::/0, AS17821cust, all /48& /32 out Or route filter permit ::/0 & AS17821 only out AS path filter permit _64500$ in Traffic filter should permit customer prefix in Filter requirement for Customer BGP peering with both upstream ISP Route filter permit 2001:0DB8::/32 only out Route filter permit ::/0, AS17821cust, all /48& /32 in Or route filter permit ::/0 & AS17821 only in AS path filter permit ^$ out Need traffic filter based on company security policy AS131107 Check LoA of Cust prefix Manual process e-mail to tech-c Automated process route object or RPKI Nearly same filter requirement as other ISP AS64500 eBGP peering with both ISP WAN Interface BGP network 2001:0DB8::/32 AS64500 i or aggregate address from gateway router upstream can change
  • 13. Design Issue [Ingress Prefix] •  Downstream Customer BGP In process design issue: –  Option 1: ISP default only In •  Customer is accepting ::/0 only from upstream ISP prefix –  Option 2: ISP default + local In •  Customer is accepting ::/0 and upstream ISP prefix and their other customer portable prefixes (Non portable prefixes should not) –  Option 3: ISP default + local + all In •  Customer is accepting ::/0, upstream ISP aggregated prefix and their other customer portable prefixes (Non portable prefixes should not) and all other from Internet
  • 14. Route Filtering •  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 AS131107 default originated AS17821 default originated
  • 15. •  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 AS131107 default originated AS17821 default originated Route Filtering
  • 16. •  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 AS131107 default originated AS17821 default originated Route Filtering
  • 17. •  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering –  Can not re-route traffic if remote transit is down Internet Net 2001:0DB8::/32 upstream AS17821 default originated AS131107 default originated AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 Route Filtering
  • 18. •  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering –  Can not re-route traffic if remote transit is down –  I.e. Network 2001:0DB8::/32 is withdrawn in AS200 but default path in AS64500 is still sending traffic via AS 17821) Internet Net 2001:0DB8::/32 upstream AS17821 default originated AS131107 default originated AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 Route Filtering
  • 19. •  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering –  Can not re-route traffic if remote transit is down –  Prefixes originated in AS131107 can be routed via AS17821 (Sub- optimal path) Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 AS131107 default originated Net 3fff:ffff::/32 i AS17821 default originated Route Filtering
  • 20. •  Option 2: ISP default + local In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering to the remote –  Can not re-route traffic if remote transit is down –  AS131107 is sending its portable local route to AS64500 Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 >3fff:ffff::/32 i from As131107 upstream AS100 AS200 AS131107 default originated net 3fff:ffff::/32 i AS17821 default originated Route Filtering
  • 21. •  Option 2: ISP default + local In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering to the remote –  Can not re-route traffic if remote transit is down –  AS131107 is sending its portable local route to AS64500 –  Prefixes originated in AS131107 can now be routed via AS131107 (Optimal Path) Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from As131107 upstream AS100 AS200 AS131107 default originated Net 3fff:ffff::/32 i AS17821 default originated Route Filtering
  • 22. •  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:0db8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
  • 23. •  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) –  Need skilled people to manage large routing table Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:0db8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
  • 24. •  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) –  Need skilled people to manage large routing table –  Support destination specific traffic engineering to the remote Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:0db8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
  • 25. •  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) –  Need skilled people to manage large routing table –  Support destination specific traffic engineering to the remote –  Can now re-route traffic if remote transit is down Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:0db8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
  • 26. •  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) –  Need skilled people to manage large routing table –  Support destination specific traffic engineering to the remote –  Can now re-route traffic if remote transit is down Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 > 2001:0db8 via AS 131107 2001:0db8 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
  • 27. •  Option 3: ISP default + local + all In –  Need high configuration router (CPU/DRAM) –  Need skilled people to manage large routing table –  Support destination specific traffic engineering to the remote –  Can now re-route traffic if remote transit is down –  Prefixes originated in AS131107 or AS17821 can now be routed via AS131107 or AS17821 respectively Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:odb8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
  • 28. Route Filtering BCP •  Prefixes: From Upstream/Transit Provider •  If necessary to receive prefixes from any provider, care is required. –  Don’t accept default (unless you need it) –  Don’t accept your own prefixes •  For IPv4: –  Don’t accept private (RFC1918) and certain special use prefixes: http://www.rfc-editor.org/rfc/rfc5735.txt –  Don’t accept prefixes longer than /24 (?) •  For IPv6: –  Don’t accept certain special use prefixes: http://www.rfc-editor.org/rfc/rfc5156.txt –  Don’t accept prefixes longer than /48 (?)
  • 29. Route Filtering BCP •  Prefixes: From Upstream/Transit Provider •  Check Team Cymru’s list of “bogons” www.team-cymru.org/Services/Bogons/http.html •  For IPv4 also consult: datatracker.ietf.org/doc/draft-vegoda-no-more-unallocated-slash8s •  For IPv6 also consult: www.space.net/~gert/RIPE/ipv6-filters.html •  Bogon Route Server: www.team-cymru.org/Services/Bogons/routeserver.html –  Supplies a BGP feed (IPv4 and/or IPv6) of address blocks which should not appear in the BGP table