Sink Holes, Dark IP, and HoneyNets
|
|
- Alexander Joseph
- 6 years ago
- Views:
Transcription
1 Sink Holes, Dark IP, and HoneyNets
2 Sink Hole Routers/Networks Sink Holes are a Swiss Army Knife security tool. BGP speaking Router or Workstation that built to suck in attacks. Used to redirect attacks away from the customer working the attack on a router built to withstand the attack. Used to monitor attack noise, scans, and other activity (via the advertisement of default)
3 Why Sinkhole? Sinkhole is used to describe a technique that does more than the individual tools we ve had in the past: Blackhole Routers Technique used to exploit a routers forwarding logic in order to discard data, typically in a distributed manner, triggered by routing advertisements. Tar Pits A section of a honey net or DMZ designed to slow down TCP based attacks to enable analysis and traceback. Often used interchangeably with Sinkhole. Shunts Redirecting traffic to one of the router s connected interfaces, typically to discard traffic. Honey Net A network of one or more systems designed to analyze and capture penetrations and similar malicious activity. Honey Pot - A system designed to analyze and capture penetrations and similar malicious activity.
4 Sinkhole Routers/Networks Sinkholes are the network equivalent of a honey pot, also commonly referred to as a tar pit, sometimes referred to as a blackhole. Router or workstation built to suck in and assist in analyzing attacks. Used to redirect attacks away from the customer working the attack on a router built to withstand the attack. Used to monitor attack noise, scans, data from mis-configuration and other activity (via the advertisement of default or unused IP space) Traffic is typically diverted via BGP route advertisements and policies.
5 Sinkhole Routers/Networks Sinkhole Network Customers Customers Customers Target of Attack /24 target s network host is target
6 Sinkhole Routers/Networks Router advertises /32 Sinkhole Network Customers Customers Customers Target of Attack /24 target s network host is target
7 Sinkhole Routers/Networks Attack is pulled away from customer/aggregation router. Can now apply classification ACLs, Packet Capture, Etc Objective is to minimize the risk to the network while investigating the attack incident. Customers Target of Attack Router advertises /32 Sinkhole Network /24 target s network Customers host is target
8 Infected End Points Sink Hole advertising Bogon and Dark IP Space Sink Hole Network Customer SQL Computer starts scanning the Internet is infected
9 Sinkhole Routers/Networks Advertising default from the Sinkhole will pull down all sorts of garbage traffic: Customer Traffic when circuits flap Network Scans to unallocated address space Code Red/NIMDA/Worms Backscatter Can place tracking tools in the Sinkhole network to monitor the noise. Customers Customers Customers Router advertises default Sinkhole Network Customers
10 Scaling Sinkhole Networks Multiple Sinkholes can be deployed within a network Combination of IGP with BGP Trigger Regional deployment Major PoPs Functional deployment Peering points Data Centers Note: Reporting more complicated, need aggregation and correlation mechanism Customers Sinkhole Network /24 target s network is attacked
11 Why Sinkholes? They work! Providers and researchers use them in their network for data collection and analysis. More uses are being found through experience and individual innovation. Deploying Sinkholes correctly takes preparation.
12 The Basic Sinkhole Sinkhole Server Advertise small slices of Bogon and Dark IP space To ISP Backbone Sinks Holes do not have to be complicated. Some large providers started their Sinkhole with a spare workstation with free unix, Zebra, and TCPdump. Some GNU or MRTG graphing and you have a decent sinkhole.
13 Expanding the Sinkhole To ISP Backbone Static ARP to Target Router Sinkhole Gateway Target Router To ISP Backbone To ISP Backbone Sniffers and Analyzers Expand the Sinkhole with a dedicated router into a variety of tools. Pull the DOS/DDOS attack to the sinkhole and forwards the attack to the target router. Static ARP to the target router keeps the Sinkhole Operational Target Router can crash from the attack and the static ARP will keep the gateway forwarding traffic to the Ethernet switch.
14 What to monitor in a Sinkhole? Scans on Dark IP (allocated & announced but unassigned address space). Who is scoping out the network pre-attack planning. Scans on Bogons (unallocated). Worms, infected machines, and Bot creation Backscatter from Attacks Who is getting attacked Backscatter from Garbage traffic (RFC-1918 leaks) Which customers have misconfiguration or leaking networks.
15 Monitoring Scan Rates To ISP Backbone Sinkhole Gateway Place various /32 Infrastructure addresses here Target Router To ISP Backbone To ISP Backbone Sniffers and Analyzers Select /32 (or larger) address from different block of your address space. Advertise them out the Sinkhole Assign them to a workstation built to monitor and log scans. ( Arbor Network s Dark IP Peakflow module is one turn key commercial tool that can monitor scan rates via data collected from the network.)
16 Worm Detection & Reporting UI Operator instantly notified of Worm infection. System automatically generates a list of infected hosts for quarantine and clean-up.
17 Automate Quarantine of Infected Hosts
18 Monitoring Backscatter Advertise Bogons with To ISP no-export Backbone community Capture Backscatter Traffic Sinkhole Gateway Target Router To ISP Backbone To ISP Backbone Sniffers and Analyzers Advertise bogon blocks with NO_EXPORT community and an explicit safety community (plus prefix-based egress filtering on the edge) Static/set the BGP NEXT_HOP for the bogon to a backscatter collector workstation (as simple as TCPdump). Pulls in backscatter for that range allows monitoring.
19 Monitoring Backscatter Inferring Internet Denial-of-Service Activity
20 Monitoring Spoof Ranges Classification ACL To ISP Backbone with Source Address Sinkhole Gateway Target Router Export ACL Logs to a syslog server To ISP Backbone To ISP Backbone Sniffers and Analyzers Attackers use ranges of valid (allocated blocks) and invalid (bogon, martian, and RFC1918 blocks) spoofed IP addresses. Extremely helpful to know the spoof ranges. Set up a classification filter on source addresses.
21 Monitoring Spoof Ranges Example: Jeff Null s [jnull@truerouting.com] Test Extended IP access list 120 (Compiled) permit tcp any any established ( matches) deny ip any ( matches) deny ip any ( matches) deny ip any ( matches) deny ip any ( matches) deny ip any ( matches) deny ip any ( matches) deny ip any ( matches) deny ip any ( matches) deny ip any ( matches).. permit ip any any ( matches)
22 Monitoring Spoof Ranges To ISP Backbone Sinkhole Gateway Place various /32 Infrastructure addresses here Target Router To ISP Backbone To ISP Backbone Sniffers and Analyzers Select /32 address from different block of your address space. Advertise them out the Sinkhole Assign them to a workstation built to monitor and log scans. Home grown and commercial tools available to monitor scan rates ( Arbor Network s Dark IP Application is one turn key commercial tool that can monitor scan rates.)
23 Safety Precautions Do not allow bogons to leak: BGP NO_EXPORT community Explicit Egress Prefix Policies (community, prefix, etc.) Do not allow traffic to escape the sinkhole: Backscatter from a Sinkhole defeats the function of a Sinkhole (egress ACL on the Sinkhole router)
24 Simple Sinkholes Internet Facing BCP is to advertise the whole allocated CIDR block out to the Internet. Left over unallocated Dark IP space gets pulled into the advertising router. The advertising router becomes a Sinkhole for garbage packets. Internet Backscatter Scanners Worms Pee r Border Aggregation CPE Pulls in garbage packets. Large CIDR Block Out Customer s Allocated Block CPE Router /w Default
25 ASIC Drops at Line Rate? Forwarding/Feature ASICs will drop packets with no performance impact. Line Rate dropping will not solve the problem of garbage packets saturating the link. Internet Backscatter Scanners Worms Pee r Border Aggregation Garbage Saturates Link! Large CIDR Block Out Customer s Allocated Block CPE CPE Router /w Default
26 Backbone Router Injecting Aggregates Backscatter Scanners Worms Some ISPs use the Backbone/core routers to inject their aggregates. Multiple Backbone injection points alleviate issues of link saturation, but exposes the loopback addresses (at least the way it is done today). In a world of multiple Gig-Bots and Turbo worms, do you really want you backbone routers playing the role of garbage collectors? Internet Peer border Aggregation CPE Garbage packets are forwarded to backbone router Backbone Large CIDR Block Out Customer s Allocated Block CPE Router /w Default
27 Simple Sinkholes Customer Facing Defaults on CPE devices pull in everything. Default is the ultimate packet vacuum cleaner Danger to links during times of security duress. Internet Peer border Aggregation Pulls in garbage packets. Large CIDR Block Out Customer s Allocated Block Worms Backscatter Scanners CPE CPE Router /w Default
28 Simple Sinkholes Impact Today In the past, this issue of pulling down garbage packets has not been a big deal. GigBots and Turbo Worms change everything Even ASIC-based forwarding platforms get impacted from the RFC 1812 overhead. Backscatter Scanners Worms Internet Peer Border Aggregation Pulls in garbage packets. Large CIDR Block Out Customer s Allocated Block CPE CPE Router /w Default
29 Sinkholes Advertising Dark IP To ISP Backbone Blocks with Static To ISP Backbone Advertise CIDR Lock-ups pointing to the target router Target Router Target router receives the garbage To ISP Backbone Sinkhole Gateway Sniffers and Analyzers Move the CIDR Block Advertisements (or at least more-specifics of those advertisements) to Sinkholes. Does not impact BGP routing route origination can happen anywhere in the ibgp mesh (careful about MEDs and aggregates). Control where you drop the packet. Turns networks inherent behaviors into a security tool!
30 Anycast Sinkholes to Scale POPs Anycast allows garbage packet load management and distribution. POPs Regional Node Regional Node POPs Core Backbone POPs Regional Node Regional Node POPs POPs Regional Node Regional Node ISPs ISPs ISPs
31 Anycast Sinkholes Sinkhole IXP-W Sinkhole Peer A Peer B Sinkhole IXP-E Sinkhole Upstream A Upstream A Upstream B Sinkhole Upstream B Sinkhole /24 Customer POP Sinkhole Services Network Sinkhole employs same Anycast mechanism. Primary DNS Servers
32 Protecting the Core With Sink Holes
33 Protecting the Backbone Point to Point Addresses Do you really need to reach the Backbone router s Point to Point Address from any router other than a directly connected neighbor? BK-02-A BK-02-B
34 Protecting the Backbone Point to Point Addresses What could break? Routing protocols are either loopback (BGP or NTP) or adjacent (OSPF, IS-IS, EIGRP). NOC can Ping the Loopback. Traceroutes reply with the address in the reply. Reachability of the source is not required. BGP, NTP BGP, NTP BK-02-A BK-02-B OSPF, ISIS, EIGRP OSPF, ISIS, EIGRP
35 Protecting the Backbone Point to Point Addresses What have people done in the past: ACLs Long term ACL management problems. RFC 1918 Works against the theme of the RFC Traceroute still replies with RFC 1918 source address. Does not protect against a reflection attack. BK-02-A BK-02-B
36 Protecting the Backbone Point to Point Addresses Move the Point to Point Addresses blocks to IGP based Sink Holes. All packets to these addresses will be pulled into the Sink Hole. People who could find targets with traceroute cannot now hit the router with an attack based on that intelligence. Protects against internal and reflection based attacks. Packet P-t-P infrastructure address. Packet P-t-P infrastructure address. BK-02-A BK-02-B Sink Hole Module
37 Sinkholes - Addendum
38 Sinkhole Router Monitoring Link and Interface Sinkhole Router Analysis Segment Sniffer/Analyser Flow of Mgmt Data Target of Attack Neflow/Syslog Collector 38
39 Guidelines No IGP on Sinkhole ibgp Peering sessions via Management Interface Sinkhole is a RR client Monitoring Interface to data-plane only Routes injected into IGP by router servicing the Monitoring Link 39
40 Sample TEST-NET Allocation Address Block Purpose /32 All ibgp routers for Drop to NULL /32 All Peering Edge routers drop /32 All Customer Edge routers drop /30 Monitor Link addresses NOTE: provision these addresses in all Sinkholes ANYCAST Sinkhole Address > balance Sinkhole Diversion Addresses 40
41 Sinkhole Router - Routing Statics /32 -> /32 -> NOTE: /30 is reused at each Sinkhole Static & ibgp /32 -> NULL /32 ->NULL /32 -> <AnalysisIntf> Advertise IGP LSAs / /32 d.e.f.1/ / /30 d.e.f.3/29 d.e.f.2/29 d.e.f.4/29 Not Addressed No Routing Sniffer/Network Analyzer Advertise IGP LSA d.e.f.0/28 ibgp d.e.f.2 RRc of d.e.f.1 d.e.f.1 NH=self 41 NetFlow Collector/ Arbor System
42 BGP Triggers for Sinkholes - Addendum Configuration
43 Trigger Router s Config router bgp 100. redistribute static route-map static-to-bgp.! route-map static-to-bgp permit 10 description Std Redirect For Edge Drop description - Use Static Route with Tag of 66 match tag 66 set origin igp set next-hop set community NO-EXPORT!
44 Trigger Router s Config! route-map static-to-bgp permit 20 description Redirect For Sinkhole NULL0 Drop description - Use Static Route with Tag of 67 match tag 67 set origin igp set next-hop set community NO-EXPORT 67:67!!
45 Trigger Router s Config! route-map static-to-bgp permit 30 description Redirect For Sinkhole Analysis description - Use Static Route with Tag of 68 match tag 68 set origin igp set next-hop set community NO-EXPORT 68:68!!
46 Trigger Router s Config! route-map static-to-bgp permit 40 description Redirect For ANYCAST Sinkhole description - Use Static Route with Tag of 69 match tag 69 set origin igp set next-hop set community NO-EXPORT 69:69!!
47 Trigger Router s Config! route-map static-to-bgp permit 50 description Redirect For ANYCAST Sinkhole Analysis description - Use Static Route with Tag of 70 match tag 70 set origin igp set next-hop set community NO-EXPORT 70:70! route-map static-to-bgp permit 100
48 Sinkhole Triggers! Drop all traffic at edge of network ip route null0 tag 66!! Redirect victim traffic to Sinkhole ip route null0 tag 67!! Redirect victim traffic to Sinkhole for Analysis ip route null0 tag 68
49 ANYCAST Triggers! Redirect victim traffic to ANYCAST Sinkhole ip route null0 tag 69!! Redirect victim traffic to ANYCAST Sinkhole! for Analysis ip route null0 tag 70
50 Sinkhole Router Config router bgp 100. Neighbor peer-group INTERNAL neighbor INTERNAL route-map Redirect-to-Sinkhole in neighbor INTERNAL remote-as 100 neighbor d.e.f.1 peer-group INTERNAL! route-map Redirect-to-sinkhole permit 10 description - Send to Router's NULL0 Interface match community 67:67 set ip next-hop !
51 Sinkhole Router Config route-map Redirect-to-sinkhole permit 20 description - Send to Router's Analyzer Interface match community 68:68 set ip next-hop !
52 Sinkhole Router Config route-map Redirect-to-sinkhole permit 30 description ANYCAST drop match community 69:69 set ip next-hop !
53 Sinkhole Router Config route-map Redirect-to-sinkhole permit 40 description Anycast Analysis match community 70:70 set ip next-hop ! Route-map Redirect-to-sinkhole permit
54 Sinkhole Router Routing! For Std drop ip route null0!! For Analysis ip route interface FA0/0!! Bogus ARP for to stop ARP request ip arp c arpa!! For ANYCAST Sinkhole Services ip route <interface> 54
55 Sinkhole Router Routing No Default static route in Sinkhole. Sinkhole must not loop traffic back out Management Interface. Telnet access via router servicing the Sinkhole s Management Segment. 55
56 Sinkhole Router Sinkhole Router Redirected Traffic Analysis Segment Sniffer/Analyser Flow of Mgmt Data Neflow/Syslog Collector 56
57 Sinkhole Analysis Services Local Netflow Collector and Analyser Local Syslog Server Analyser remotely controlled I.e. VNC or Telnet 57
58 Results / Benefits Traffic pulled from Victim Control collateral damage ibgp Triggered Allows attack flow analysis 58
59 BackScatter Traceback Technique
60 Backscatter Traceback Technique Pioneered by Chris Morrow and Brian UUNET as a means of finding the entry point of a spoofed DOS/DDOS. Combines the Sink Hole router, Backscatter Effects of Spoofed DOS/DDOS attacks, and remote triggered Black Hole Filtering to create a traceback system that provides a result within ~10 minutes. 60
61 Backscatter Traceback Technique What is backscatter? ICMP Unreachable to SRC Packets Arrive SRC = DST = FIB = Null Null0 ICMP Process Packets whose destination is unreachable (even Null0) will have a ICMP Unreachable sent back. This unreachable noise is backscatter. 61
62 Backscatter Traceback Preparation 1. Sink Hole Router/Network connected to the network and ready to classify the traffic. Like before, BGP Route Reflector Client, device to analyze logs, etc. Can use one router to do both the route advertisement and logging OR break them into two separation routers one for route advertisement and the other to accept/log traffic Can be used for other Sink Hole functions while not using the traceback technique. Sink Hole Router can be a ibgp Route Reflector into the network. 62
63 Backscatter Traceback Preparation IXP-W Peer A Sink Hole Router Ready to advertise routes and accept traffic. Peer B IXP-E Upstream A Sink Hole Network Upstream A Upstream B Upstream B /24 Target POP G NOC
64 Backscatter Traceback Activation! router bgp 31337!! set the static redistribution to include a route-map so we can filter! the routes somewhat... or at least manipulate them! redistribute static route-map static-to-bgp!! add a stanza to the route-map to set our special next hop! route-map static-to-bgp permit 5 match tag 666 set ip next-hop set local-preference 50 set origin igp 64
65 Backscatter Traceback Activation # Setup the bgp protocol to export our special policy, like redistributing, NOTE: "XXX" # is the IBGP bgp group... we don't want to send this to customers do we? # set protocols bgp group XXX export BlackHoleRoutes # # Now, setup the policy option for BlackHoleRoutes, like a route-map if static route # with right tag, set local-pref low, internal, no-export can't leak these or Tony Bates # will have a fit, and set the nexthop to the magical next-hop. # set policy-statement BlackHoleRoutes term match-tag666 from protocol static tag 666 set policy-statement BlackHoleRoutes term match-tag666 then local-preference 50 set policy-statement BlackHoleRoutes term match-tag666 then origin igp set policy-statement BlackHoleRoutes term match-tag666 then community add no-export set policy-statement BlackHoleRoutes term match-tag666 then nexthop set policy-statement BlackHoleRoutes term match-tag666 then accept 65
66 Backscatter Traceback Preparation 2. All edge devices (routers, NAS, IXP Routers, etc) with a static route to Null0. The Test-Net is a safe address to use ( /24) since no one is using it. Cisco: Juniper: ip route Null0 set routing-options static route /32 reject install Routers also need to have ICMP Unreachables working. If you have ICMP Unreachables turned off (i.e. no ip unreachables on a Cisco), then make sure they are on. If ICMP Unreachable Overloads are a concern, use a ICMP Unreachable Rate Limit (i.e. ip icmp rate-limit unreachable command on a Cisco). 66
67 Backscatter Traceback Preparation Edge Router with Test-Net to Null0 IXP-W Peer A Edge Router with Test-Net to Null0 Peer B IXP-E Upstream A Sink Hole Network Upstream A Upstream B Upstream B /24 Target POP Edge Router with Test- Net to Null0 G NOC 67
68 Backscatter Traceback Preparation 3. Sink Hole Router advertising a large block of unallocated address space with the BGP no-export community and BGP Egress route filters to keep the block inside /3 is an example. Check with IANA for unallocated blocks: BGP Egress filter should keep this advertisement inside your network. Use BGP no-export community to insure it stays inside your network. 68
69 Backscatter Traceback Preparation IXP-W Peer A Sink Hole Router advertising /3 Peer B IXP-E Upstream A Sink Hole Network Upstream A Upstream B Upstream B /24 Target POP G NOC
70 Backscatter Traceback Activation Activation happens when an attack has been identified. Basic Classification should be done to see if the backscatter traceback will work: May need to adjust the advertised block. Statistically, most attacks have been spoofed using the entire Internet block. 70
71 Backscatter Traceback Activation 1.Sink Hole Router Advertises the /32 under attack into ibgp with. Advertised with a static route with the 666 tag: ip route victimip Null0 tag 666 or set routing-options static route victimip/32 discard tag 666 The static triggers the routers to advertise the customer s prefix 71
72 Backscatter Traceback Activation Edge Routers start dropping packets to the/32 IXP-W Peer A Sink Hole router advertises the /32 under attack with nexthop equal to the Test- Net Peer B Edge Routers start dropping packets to the/32 IXP-E Upstream A Sink Hole Network Upstream A Upstream B Upstream B /24 Target POP G NOC
73 Backscatter Traceback Activation 2. Black Hole Filtering is triggered by BGP through out the network. Packets to the target get dropped. ICMP Unreachable Backscatter starts heading for /3. Access list is used on the router to find which routers are dropping packets. access-list 101 permit icmp any any unreachables log access-list 101 permit ip any any 73
74 Backscatter Traceback Activation ICMP Unreachable backscatter will start sending packets to 96/3 IXP-W Peer A Sink Hole Router receive the backscatter to 96/3 with entry points of the attack Peer B ICMP Unreachable backscatter will start sending packets to 96/3 IXP-E Upstream A Sink Hole Network Upstream A Upstream B Upstream B /24 Target POP G NOC
75 Backscatter Traceback Activation SLOT 5:3w1d: %SEC-6-IPACCESSLOGDP: list 150 permitted icmp > (3/1), 1 packet SLOT 5:3w1d: %SEC-6-IPACCESSLOGDP: list 150 permitted icmp > (3/1), 1 packet SLOT 5:3w1d: %SEC-6-IPACCESSLOGDP: list 150 permitted icmp > (3/1), 1 packet SLOT 5:3w1d: %SEC-6-IPACCESSLOGDP: list 150 permitted icmp > (3/1), 1 packet SLOT 5:3w1d: %SEC-6-IPACCESSLOGDP: list 150 permitted icmp > (3/1), 1 packet SLOT 5:3w1d: %SEC-6-IPACCESSLOGDP: list 150 permitted icmp > (3/1), 1 packet SLOT 5:3w1d: %SEC-6-IPACCESSLOGDP: list 150 permitted icmp > (3/1), 1 packet SLOT 5:3w1d: %SEC-6-IPACCESSLOGDP: list 150 permitted icmp > (3/1), 1 packet 75
Black Hole Routers Damir Rajnovic Incident manager, Cisco PSIRT
Black Hole Routers Damir Rajnovic Incident manager, Cisco PSIRT 2002, Cisco Systems, Inc. All rights reserved. 1 What will be covered Why? What? How? 2002, Cisco Systems, Inc. All rights
More informationPhase 4 Traceback the Attack. 2002, Cisco Systems, Inc. All rights reserved.
Phase 4 Traceback the Attack 1 Six Phases to ISP Security Incident Response Preparation Identification Classification Traceback Reaction Post Mortem 2 Traceback Attacks to their Source Valid IPv4 Source
More informationBackscatter A viable tool for threat of the past and today. Barry Raveendran Greene March 04, 2009
Backscatter A viable tool for threat of the past and today Barry Raveendran Greene March 04, 2009 bgreene@senki.org Agenda Backscatter: What is it? VzB s use with the Backscatter Traceback Technique. Using
More informationNetwork Defense Applications Using Stationary and Event-Driven IP Sinkholes
Network Defense Applications Using Stationary and Event-Driven IP Sinkholes Defeating Denial of Service, Decreasing False Positives, and Enriching Network Intelligence using IP Sinkholes What this presentation
More informationSymbols I N D E X. (vertical bar), string searches, 19 20
I N D E X Symbols A (vertical bar), string searches, 19 20 AAA (Authorization, Authentication, and Accounting) command auditing, 156 158 controlling router access, 154 155 access, out-of-band management
More informationIntroduction to BGP ISP/IXP Workshops
Introduction to BGP ISP/IXP Workshops 1 Border Gateway Protocol Routing Protocol used to exchange routing information between networks exterior gateway protocol RFC1771 work in progress to update draft-ietf-idr-bgp4-18.txt
More informationUnicast Reverse Path Forwarding Loose Mode
The feature creates a new option for Unicast Reverse Path Forwarding (Unicast RPF), providing a scalable anti-spoofing mechanism suitable for use in multihome network scenarios. This mechanism is especially
More informationIPv6 Module 16 An IPv6 Internet Exchange Point
IPv6 Module 16 An IPv6 Internet Exchange Point Objective: To investigate methods for connecting to an Internet Exchange Point. Prerequisites: Modules 12, 14 and 15, and the Exchange Points Presentation
More informationModule 16 An Internet Exchange Point
ISP Workshop Lab Module 16 An Internet Exchange Point Objective: To investigate methods for connecting to an Internet Exchange Point. Prerequisites: Modules 12 and 13, and the Exchange Points Presentation
More informationIntroduction to BGP. ISP Workshops. Last updated 30 October 2013
Introduction to BGP ISP Workshops Last updated 30 October 2013 1 Border Gateway Protocol p A Routing Protocol used to exchange routing information between different networks n Exterior gateway protocol
More informationOperation Manual IPv4 Routing H3C S3610&S5510 Series Ethernet Switches. Table of Contents
Table of Contents Table of Contents Chapter 1 Static Routing Configuration... 1-1 1.1 Introduction... 1-1 1.1.1 Static Route... 1-1 1.1.2 Default Route... 1-1 1.1.3 Application Environment of Static Routing...
More informationConfiguring BGP. Cisco s BGP Implementation
Configuring BGP This chapter describes how to configure Border Gateway Protocol (BGP). For a complete description of the BGP commands in this chapter, refer to the BGP s chapter of the Network Protocols
More informationBGP Multihoming ISP/IXP Workshops
BGP Multihoming ISP/IXP 1 Why Multihome? Redundancy One connection to internet means the network is dependent on: Local router (configuration, software, hardware) WAN media (physical failure, carrier failure)
More informationIntroduction to BGP. ISP/IXP Workshops
Introduction to BGP ISP/IXP Workshops 1 Border Gateway Protocol A Routing Protocol used to exchange routing information between different networks Exterior gateway protocol Described in RFC4271 RFC4276
More informationBGP Commands. Network Protocols Command Reference, Part 1 P1R-355
BGP Commands Use the commands in this chapter to configure and monitor Border Gateway Protocol (BGP). For BGP configuration information and examples, refer to the Configuring BGP chapter of the Network
More informationThe Loopback Interface
1 Overview The Loopback Interface ISP/IXP Workshops Requires IOS 11.1CC or 12.0 trains ISP software trains Covers router access, security, information gathering, configuration and scalability. 2 Motivation
More informationModule 1b IS-IS. Prerequisites: The setup section of Module 1. The following will be the common topology used for the first series of labs.
Module 1b IS-IS Objective: Create a basic physical lab interconnection with one IS-IS Area. Ensure that all routers, interfaces, cables and connections are working properly. Prerequisites: The setup section
More informationNetwork Policy Enforcement
CHAPTER 6 Baseline network policy enforcement is primarily concerned with ensuring that traffic entering a network conforms to the network policy, including the IP address range and traffic types. Anomalous
More informationNetwork Infrastructure Filtering at the border. stole slides from Fakrul Alam
Network Infrastructure Filtering at the border maz@iij.ad.jp stole slides from Fakrul Alam fakrul@bdhbu.com Acknowledgement Original slides prepared by Merike Kaeo What we have in network? Router Switch
More informationBGP and the Internet. Why Multihome? Why Multihome? Why Multihome? Why Multihome? Why Multihome? Redundancy. Reliability
Why Multihome? BGP and the Internet Multihoming Redundancy One connection to internet means the network is dependent on: Local router (configuration, software, hardware) WN media (physical failure, carrier
More informationinternet technologies and standards
Institute of Telecommunications Warsaw University of Technology internet technologies and standards Piotr Gajowniczek BGP (Border Gateway Protocol) structure of the Internet Tier 1 ISP Tier 1 ISP Google
More informationMultihoming with BGP and NAT
Eliminating ISP as a single point of failure www.noction.com Table of Contents Introduction 1. R-NAT Configuration 1.1 NAT Configuration 5. ISPs Routers Configuration 3 15 7 7 5.1 ISP-A Configuration 5.2
More informationBGP Commands. Network Protocols Command Reference, Part 1 P1R-355
BGP Commands Use the commands in this chapter to configure and monitor Border Gateway Protocol (BGP). For BGP configuration information and examples, refer to the Configuring BGP chapter of the Network
More informationSecurity in inter-domain routing
DD2491 p2 2011 Security in inter-domain routing Olof Hagsand KTH CSC 1 Literature Practical BGP pages Chapter 9 See reading instructions Beware of BGP Attacks (Nordström, Dovrolis) Examples of attacks
More informationBGP Multihoming. ISP/IXP Workshops
BGP Multihoming ISP/IXP Workshops 1 Why Multihome? Redundancy One connection to internet means the network is dependent on: Local router (configuration, software, hardware) WAN media (physical failure,
More informationData Plane Protection. The googles they do nothing.
Data Plane Protection The googles they do nothing. Types of DoS Single Source. Multiple Sources. Reflection attacks, DoS and DDoS. Spoofed addressing. Can be, ICMP (smurf, POD), SYN, Application attacks.
More informationBGP for Internet Service Providers
BGP for Internet Service Providers Philip Smith Seoul KIOW 2002 1 BGP current status RFC1771 is quite old, and no longer reflects current operational practice nor vendor implementations
More informationBGP Protocol & Configuration. Scalable Infrastructure Workshop AfNOG2008
BGP Protocol & Configuration Scalable Infrastructure Workshop AfNOG2008 Border Gateway Protocol (BGP4) Case Study 1, Exercise 1: Single upstream Part 6: BGP Protocol Basics Part 7: BGP Protocol - more
More informationMPLS VPN C H A P T E R S U P P L E M E N T. BGP Advertising IPv4 Prefixes with a Label
7 C H A P T E R S U P P L E M E N T This online supplement of Chapter 7 focuses on two important developments. The first one is Inter-Autonomous. Inter-Autonomous is a concept whereby two service provider
More informationCS 43: Computer Networks. 24: Internet Routing November 19, 2018
CS 43: Computer Networks 24: Internet Routing November 19, 2018 Last Class Link State + Fast convergence (reacts to events quickly) + Small window of inconsistency Distance Vector + + Distributed (small
More informationBorder Gateway Protocol - BGP
BGP Fundamentals Border Gateway Protocol - BGP Runs over TCP (port 179) TCP connection required before BGP session Need to be reachable! Path vector routing protocol Best path selection based on path attributes
More informationThe Loopback Interface
1 Overview The Loopback Interface Requires IOS 11.1CC, 12.0S or 12.0T ISP software trains ISP/IXP Workshops Covers router access, security, information gathering, configuration and scalability. ISP/IXP
More informationBGP101. Howard C. Berkowitz. (703)
BGP101 Howard C. Berkowitz hcb@clark.net (703)998-5819 What is the Problem to be Solved? Just configuring the protocol? Participating in the Internet and/or running Virtual Private Networks A Life Cycle
More informationChapter 17 BGP4 Commands
Chapter 17 BGP4 Commands NOTE: This chapter describes commands in the BGP configuration level, which is present on HP devices that support IPv4 only. For information about BGP commands and configuration
More informationLARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF
LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF MODULE 05 MULTIPROTOCOL LABEL SWITCHING (MPLS) AND LABEL DISTRIBUTION PROTOCOL (LDP) 1 by Xantaro IP Routing In IP networks, each router makes an independent
More informationLecture 4: Intradomain Routing. CS 598: Advanced Internetworking Matthew Caesar February 1, 2011
Lecture 4: Intradomain Routing CS 598: Advanced Internetworking Matthew Caesar February 1, 011 1 Robert. How can routers find paths? Robert s local DNS server 10.1.8.7 A 10.1.0.0/16 10.1.0.1 Routing Table
More informationSecurity Configuration Guide: Unicast Reverse Path Forwarding, Cisco IOS XE Everest (Cisco ASR 920)
Security Configuration Guide: Unicast Reverse Path Forwarding, Cisco IOS XE Everest 16.5.1 (Cisco ASR 920) First Published: 2017-05-06 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San
More informationVendor: Alcatel-Lucent. Exam Code: 4A Exam Name: Alcatel-Lucent Border Gateway Protocol. Version: Demo
Vendor: Alcatel-Lucent Exam Code: 4A0-102 Exam Name: Alcatel-Lucent Border Gateway Protocol Version: Demo QUESTION 1 Upon the successful establishment of a TCP session between peers, what type of BGP message
More informationDynamics of Hot-Potato Routing in IP Networks
Dynamics of Hot-Potato Routing in IP Networks Jennifer Rexford AT&T Labs Research http://www.research.att.com/~jrex Joint work with Renata Teixeira (UCSD), Aman Shaikh (AT&T), and Timothy Griffin (Intel)
More informationBGP Multihoming Techniques
BGP Multihoming Techniques Philip Smith SANOG 2, Sri Lanka July 2003 1 Presentation Slides Available on ftp://ftp-eng.cisco.com/pfs/seminars/sanog2-multihoming.pdf 2 Preliminaries Presentation
More informationBGP Multihoming Techniques
BGP Multihoming Techniques Philip Smith 15-22 January 2004 Bangalore, India 1 Presentation Slides Available on ftp://ftp-eng.cisco.com/pfs/seminars/sanog3-multihoming.pdf 2 Preliminaries
More informationCS 43: Computer Networks Internet Routing. Kevin Webb Swarthmore College November 16, 2017
CS 43: Computer Networks Internet Routing Kevin Webb Swarthmore College November 16, 2017 1 Hierarchical routing Our routing study thus far - idealization all routers identical network flat not true in
More informationRavi Chandra cisco Systems Cisco Systems Confidential
BGP4 1 Ravi Chandra cisco Systems 0799_04F7_c2 Cisco Systems Confidential 2 Border Gateway Protocol (BGP) Introduction to BGP BGP Peer Relationship BGP Attributes Applying Policy with BGP Putting it all
More informationInterdomain routing CSCI 466: Networks Keith Vertanen Fall 2011
Interdomain routing CSCI 466: Networks Keith Vertanen Fall 2011 Overview Business relationships between ASes Interdomain routing using BGP Advertisements Routing policy Integration with intradomain routing
More informationAn Operational Perspective on BGP Security. Geoff Huston February 2005
An Operational Perspective on BGP Security Geoff Huston February 2005 Disclaimer This is not a description of the approach taken by any particular service provider in securing their network. It is intended
More informationTechniques, Tools and Processes to Help Service Providers Clean Malware from Subscriber Systems
Techniques, Tools and Processes to Help Service Providers Clean Malware from Subscriber Systems Barry Raveendran Greene, bgreene@senki.org October 22, 2012, Baltimore, Maryland, USA M3AAWG 26th General
More informationModule 6 Implementing BGP
Module 6 Implementing BGP Lesson 1 Explaining BGP Concepts and Terminology BGP Border Gateway Protocol Using BGP to Connect to the Internet If only one ISP, do not need BGP. If multiple ISPs, use BGP,
More informationDE-CIX Academy: BGP 05. Notice of Liability. Links visited during the webinar. The Big Picture
Notice of Liability Despite careful checking of content, we accept no liability for the content of external links. Content on linked sites is exclusively the responsibility of the respective website operator.
More informationISP and IXP Design. Point of Presence Topologies. ISP Network Design. PoP Topologies. Modular PoP Design. PoP Design INET 2000 NTW
ISP Network Design PoP Topologies and Design ISP and IXP Design Backbone Design Addressing INET 2000 NTW Routing Protocols Security Out of Band Management IXP/IXP Workshops 1999, Cisco Systems, Inc. 1
More informationThis appendix contains supplementary Border Gateway Protocol (BGP) information and covers the following topics:
Appendix C BGP Supplement This appendix contains supplementary Border Gateway Protocol (BGP) information and covers the following topics: BGP Route Summarization Redistribution with IGPs Communities Route
More informationConfiguring Unicast Reverse Path Forwarding
Configuring Unicast Reverse Path Forwarding This chapter describes the Unicast Reverse Path Forwarding (Unicast RPF) feature. The Unicast RPF feature helps to mitigate problems that are caused by malformed
More informationRouting Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security
Routing Security DDoS and Route Hijacks Merike Kaeo CEO, Double Shot Security merike@doubleshotsecurity.com DISCUSSION POINTS Understanding The Growing Complexity DDoS Attack Trends Packet Filters and
More informationMulti Topology Routing Truman Boyes
Multi Topology Routing Truman Boyes truman@juniper.net Copyright 2008 Juniper Networks, Inc. 1 Traffic Engineering Choices Today: IGP Metric Costing RSVP TE end to end Policy based routing EROs, Offline
More informationIPv6 Module 11 Advanced Router Configuration
ISP Workshop Lab IPv6 Module 11 Advanced Router Configuration Objective: Create a basic physical lab interconnection with two autonomous systems. Each AS should use ISIS, ibgp and ebgp appropriately to
More informationExample: Conditionally Generating Static Routes
1 of 5 9/30/2012 5:46 PM Example: Conditionally Generating Static Routes Understanding Conditionally Generated Routes Example: Configuring a Conditional Default Route Policy Understanding Conditionally
More informationMigrating from OSPF to IS-IS
Migrating from OSPF to IS-IS ISP Workshops Last updated 25 th August 2015 1 Introduction p With the advent of IPv6 and dual stack networks, more ISPs expressing interest to migrate to IS-IS n Migration
More informationConfiguring Advanced BGP
CHAPTER 6 This chapter describes how to configure advanced features of the Border Gateway Protocol (BGP) on the Cisco NX-OS switch. This chapter includes the following sections: Information About Advanced
More informationRouting Implementation
L3Out Subnets, page 1 L3Out Subnets About Defining L3Out Subnets L3Outs are the Cisco Application Centric Infrastructure (ACI) objects used to provide external connectivity in external Layer 3 networks.
More informationSecurity Configuration Guide: Unicast Reverse Path Forwarding, Cisco IOS XE Fuji 16.7.x (NCS 4200 Series)
Security Configuration Guide: Unicast Reverse Path Forwarding, Cisco IOS XE Fuji 16.7.x (NCS 4200 Series) First Published: 2017-12-24 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San
More informationSimple Multihoming. ISP Workshops. Last updated 9 th December 2015
Simple Multihoming ISP Workshops Last updated 9 th December 2015 1 Agenda p Why Multihome? p The Multihoming Toolset p How to Multihome Options p Multihoming to the same AS p Multihoming to different ASes
More informationTELE 301 Network Management
TELE 301 Network Management Lecture 24: Exterior Routing and BGP Haibo Zhang Computer Science, University of Otago TELE301 Lecture 16: Remote Terminal Services 1 Today s Focus How routing between different
More informationSimple Multihoming. ISP Workshops. Last updated 25 September 2013
Simple Multihoming ISP Workshops Last updated 25 September 2013 1 Why Multihome? p Redundancy n One connection to internet means the network is dependent on: p Local router (configuration, software, hardware)
More informationBGP in the Internet Best Current Practices
BGP in the Internet Best Current Practices 1 Recommended IOS Releases Which IOS?? 2 Which IOS? IOS is a feature rich and highly complex router control system ISPs should choose the IOS variant which is
More informationLARGE SCALE IP ROUTING
Building ISP Networks Xantaro Page 1 / 18 TABLE OF CONTENTS 1. LAB ACCESS 4 1.1 Accessing the Jumphost... 4 1.2 Access to your routers... 4 1.3 Local Network Topology... 5 1.4 Global Network Topology...
More informationUnit 3: Dynamic Routing
Unit 3: Dynamic Routing Basic Routing The term routing refers to taking a packet from one device and sending it through the network to another device on a different network. Routers don t really care about
More informationExamination. ANSWERS IP routning på Internet och andra sammansatta nät, DD2491 IP routing in the Internet and other complex networks, DD2491
Examination ANSWERS IP routning på Internet och andra sammansatta nät, DD2491 IP routing in the Internet and other complex networks, DD2491 Date: October 21st 2008 10:00 13:00 a) No help material is allowed
More informationInternet inter-as routing: BGP
Internet inter-as routing: BGP BGP (Border Gateway Protocol): the de facto standard BGP provides each AS a means to: 1. Obtain subnet reachability information from neighboring ASs. 2. Propagate the reachability
More informationChapter 5: Maintaining and Troubleshooting Routing Solutions
Chapter 5: Maintaining and Troubleshooting Routing Solutions CCNP TSHOOT: Maintaining and Troubleshooting IP Networks Course v6 1 Troubleshooting Network Layer Connectivity 2 Routing and Routing Data Structures
More informationIPv6 Module 6x ibgp and Basic ebgp
IPv6 Module 6x ibgp and Basic ebgp Objective: Using IPv6, simulate four different interconnected ISP backbones using a combination of IS-IS, internal BGP, and external BGP. Topology : Figure 1 BGP AS Numbers
More informationInternetwork Expert s CCNA Security Bootcamp. Common Security Threats
Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet
More informationQuestion: 3 Which LSA type describes the router ID of ASBR routers located in remote areas?
Volume: 65 Questions Question: 1 Which two statements describe aggregate routes? (Choose two.) A. Invalid routing prefixes are not advertised to external peers. B. Internal routing instabilities can be
More informationDoS Mitigation Strategies
DoS Mitigation Strategies Chris Morrow - Google NSF Workshop on Unwanted Traffic July 18, 2008, George Mason University (Fairfax, VA) DoS Attack Definition Too many bytes bandwidth exhaustion Too many
More informationSecurity Issues of BGP in Complex Peering and Transit Networks
Technical Report IDE-0904 Security Issues of BGP in Complex Peering and Transit Networks Presented By: Supervised By: Muhammad Adnan Khalid Qamar Nazir Olga Torstensson Master of Computer network engineering
More informationRoute Filtering. Types of prefixes in IP core network: Internal Prefixes External prefixes. Downstream customers Internet prefixes
Types of prefixes in IP core network: Internal Prefixes External prefixes Downstream customers Internet prefixes Internal prefixes originated in IP core network Loopback Transport Connect inter-regional
More informationR&E ROUTING SECURITY BEST PRACTICES. Grover Browning Karl Newell
R&E ROUTING SECURITY BEST PRACTICES Grover Browning Karl Newell RFC 7454 BGP Operations & Security Feb, 2015 https://tools.ietf.org/html/rfc7454 [ 2 ] Agenda Background / Community Development Overview
More informationUsing BGP Communities
Using BGP Communities ISP Workshops These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/) Last updated
More informationBorder Gateway Protocol
39 CHAPTER Chapter Goals Understand the purpose of the. Explain BGP attributes and their use in route selection. Examine the BGP route selection process. Introduction The (BGP) is an interautonomous system
More informationCS118 Discussion Week 7. Taqi
CS118 Discussion Week 7 Taqi Outline Hints for project 2 Lecture review: routing About Course Project 2 Please implement byte-stream reliable data transfer Cwnd is in unit of bytes, not packets How to
More informationCommand Manual IPv4 Routing H3C S3610&S5510 Series Ethernet Switches. Table of Contents
Table of Contents Table of Contents Chapter 1 Static Routing Configuration Commands... 1-1 1.1 Static Routing Configuration Commands... 1-1 1.1.1 delete static-routes all... 1-1 1.1.2 ip route-static...
More informationOperation Manual Routing Protocol. Table of Contents
Table of Contents Table of Contents Chapter 1 IP Routing Protocol Overview... 1-1 1.1 Introduction to IP Route and Routing Table... 1-1 1.1.1 IP Route... 1-1 1.1.2 Routing Table... 1-1 1.2 Routing Management
More informationConfiguring basic MBGP
Contents Configuring MBGP 1 MBGP overview 1 Protocols and standards 1 MBGP configuration task list 1 Configuring basic MBGP 2 Controlling route advertisement and reception 2 Configuration prerequisites
More informationBGP Multihoming Techniques. Philip Smith SANOG 10/APNIC 24 29th August - 7th September 2007 New Delhi, India
BGP Multihoming Techniques Philip Smith SANOG 10/APNIC 24 29th August - 7th September 2007 New Delhi, India 1 Presentation Slides Available on ftp://ftp-eng.cisco.com /pfs/seminars/sanog10-multihoming.pdf
More informationCS519: Computer Networks. Lecture 4, Part 5: Mar 1, 2004 Internet Routing:
: Computer Networks Lecture 4, Part 5: Mar 1, 2004 Internet Routing: AS s, igp, and BGP As we said earlier, the Internet is composed of Autonomous Systems (ASs) Where each AS is a set of routers, links,
More informationBGP Attributes and Policy Control
BGP Attributes and Policy Control ISP/IXP Workshops 1 Agenda BGP Attributes BGP Path Selection Applying Policy 2 BGP Attributes The tools available for the job 3 What Is an Attribute?... Next Hop......
More informationModule 6 More ibgp, and Basic ebgp Configuration
ISP Workshop Lab Module 6 More ibgp, and Basic ebgp Configuration Objective: Simulate four different interconnected ISP backbones using a combination of ISIS, internal BGP, and external BGP. Prerequisites:
More informationImplementing Cisco IP Routing
ROUTE Implementing Cisco IP Routing Volume 3 Version 1.0 Student Guide Text Part Number: 97-2816-02 DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED AS IS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES
More informationIPv6 Module 1a OSPF. Prerequisites: IPv4 Lab Module 1, knowledge of Cisco router CLI, and previous hands on experience.
ISP Workshop Lab IPv6 Module 1a OSPF Objective: Create a basic physical lab interconnection using IPv6 with one OSPF Area running on top of an existing IPv4 infrastructure. Prerequisites: IPv4 Lab Module
More informationCCIE R&S v5.0. Troubleshooting Lab. Q1. PC 110 cannot access R7/R8, fix the problem so that PC 110 can ping R7
Troubleshooting Lab Q1. PC 110 cannot access R7/R8, fix the problem so that PC 110 can ping R7 Q2. R17 should have one default route which points to R12 via PPP as shown below R17# sh ip route S* 0.0.0.0/0
More informationAdvanced Multihoming. BGP Traffic Engineering
Advanced Multihoming BGP Traffic Engineering 1 Service Provider Multihoming Previous examples dealt with loadsharing inbound traffic Of primary concern at Internet edge What about outbound traffic? Transit
More informationset active-probe (PfR)
set active-probe (PfR) set active-probe (PfR) To configure a Performance Routing (PfR) active probe with a forced target assignment within a PfR map, use the set active-probe command in PfR map configuration
More informationIPv6 Switching: Provider Edge Router over MPLS
Multiprotocol Label Switching (MPLS) is deployed by many service providers in their IPv4 networks. Service providers want to introduce IPv6 services to their customers, but changes to their existing IPv4
More informationRouting & Protocols 1
Routing & Protocols 1 Paul Traina cisco Engineering 2 Today's Talk Terminology Routing Static Routes Interior Gateway Protocols Exterior Gateway Protocols Building an ISP network 3 Terminology network
More informationConnecting to a Service Provider Using External BGP
Connecting to a Service Provider Using External BGP First Published: May 2, 2005 Last Updated: August 21, 2007 This module describes configuration tasks that will enable your Border Gateway Protocol (BGP)
More informationCS 268: Computer Networking
CS 268: Computer Networking L-3 BGP Outline BGP ASes, Policies BGP Attributes BGP Path Selection ibgp 2 1 Autonomous Systems (ASes) Autonomous Routing Domain Glued together by a common administration,
More informationSecurity by BGP 101 Building distributed, BGP-based security system
Security by BGP 101 Building distributed, BGP-based security system Łukasz Bromirski lukasz@bromirski.net May 2017, CERT EE meeting Roadmap for the session BGP as security mechanism BGP blackholing project
More informationIPv6. Copyright 2017 NTT corp. All Rights Reserved. 1
IPv6 IPv6 NTT IPv6 Copyright 2017 NTT corp. All Rights Reserved. 1 IPv6 IPv4 IPv6 Copyright 2017 NTT corp. All Rights Reserved. 2 IPv4 http://www.potaroo.net/tools/ipv4/ 2018.3.5 Copyright 2017 NTT corp.
More informationRouters / external connectivity (HSRP) Web farm, mail servers
Routers / external connectivity (HSRP) hubs/switches Office network!#"%$'&)(+*-,/.10#23*-&4$5!6$5!7&)(6879:(;&
More informationMultihoming Case Study
Multihoming Case Study ISP Workshops Last updated 10 October 2007 Multihoming Case Study p Set of slides based on work assisting an ISP with their multihoming needs between 2000 and 2002 n Should be taken
More informationNetwork Working Group Request for Comments: 2519 Category: Informational Juniper February A Framework for Inter-Domain Route Aggregation
Network Working Group Request for Comments: 2519 Category: Informational E. Chen Cisco J. Stewart Juniper February 1999 Status of this Memo A Framework for Inter-Domain Route Aggregation This memo provides
More informationIntroduction. Keith Barker, CCIE #6783. YouTube - Keith6783.
Understanding, Implementing and troubleshooting BGP 01 Introduction http:// Instructor Introduction Keith Barker, CCIE #6783 CCIE Routing and Switching 2001 CCIE Security 2003 kbarker@ine.com YouTube -
More information