First of all, you need to start fcli configuration toolkit: Please enumerate all your networks in CIDR form:
|
|
- Camilla Allison
- 6 years ago
- Views:
Transcription
1 FastNetMon Advanced quick start In this document we could help you to setup FastNetMon in sflow, netflow / ipfix or mirror mode. At this step you should have installed FastNetMon. First of all, you need to start fcli configuration toolkit: sudo -i fcli You need to finish this steps for all available capture methods (sflow, NetFlow, IPFIX, Mirror). Please enumerate all your networks in CIDR form: fcli> set main networks_list /22 We definitely need this information because we could not extract this information from traffic automatically. Please enable sflow plugin: fcli>set main sflow enable Then please specify port for sflow capture (6343 is default port): fcli> set main sflow_ports 6343 Then specify interface for listening ( is default): fcli>set main sflow_host Apply changes and restart daemon: fcli> commit After this steps you need to configure sflow on sflow agent s side (switch, router, server) to configured port. Please be careful with iptables rules!
2 Please enable netflow plugin: fcli> set main netflow enable Then please specify port for netflow capture (2055 is default port): fcli> set main netflow_ports 2055 Then specify interface for listening ( is default): fcli> set main netflow_host Urgent remark about Netflow sampling. FastNetMon could automatically extract sampling rate from Netflow v5, v9 and IPFIX but in some rare cases you should specify it explicitly: fcli> set main netflow_sampling_ratio 10 Also you should carefully review your active and inactive timeouts from Netflow agent side and set them to smallest possible. Then you need to select maximum value from them and use it for average_calculation_time option in seconds. Without this changes FastNetMon will work incorrectly because correct bandwidth calculation is too important for it. fcli> set main average_calculation_time XXX fcli> set main average_calculation_time_for_subnets XXX Apply changes and restart daemon: fcli> commit After this steps you need to configure Netflow / IPFIX on agent s side (switch, router, server) to configured port. Please be careful with iptables rules! In this mode you need to configure port mirror / SPAN / TAP from your switch or router device. It s worth to mention that FastNetMon has complete support only for popular Intel NIC s (powered by igb, ixgbe drivers) based on X350 and controllers.
3 As first step, please extract all available interfaces for your system: fcli> show interfaces Please prepare separate interface for management connection with FastNetMon because we could not use same port for traffic mirror and management and FastNetMon will refuse such configuration. Enable port mirror plugin: fcli> set main mirror_netmap enable Enable it for specific port: set main interfaces em1 If you are using sample port mirroing please specify sampling rate manually: fcli> set main netmap_sampling_ratio 1 If you are happy customer of boxes with cropped mirror support you could enable their support with (in this more router mirror only first X bytes of each packet): fcli> set main netmap_read_packet_length_from_ip_header enable Then enable port mirroring on router, switch side. First of all you could check traffic counters: fcli> show total_traffic_counters In normal case you should see non zero counters for incoming and outgoing traffic. Other traffic means nor source nor destination is known to be part of our list of networks. Internal traffic is traffic where source and destination both belongs to your list of networks. Also you could check load per subnet: fcli> show network_counters Or for top 10 hosts in your network: fcli> show host_counters bytes outgoing
4 And that s all J Then you could move to next step! You could specify one or multiple s to get notifications about detected DDoS attacks. I recommend you to use local SMTP server in your network but in some cases you also could use Gmail or other public mail services but keep in mind that in case of DDoS you could have reduced connectivity and external mail service may fail to deliver notification. fcli> set main _notifications_enabled enable fcli> set main _notifications_tls enable fcli> set main _notifications_auth enable fcli> set main _notifications_port 587 fcli> set main _notifications_host smtp.gmail.com fcli> set main _notifications_from mynotification @gmail.com fcli> set main _notifications_username fcli> set main _notifications_password please_keep_it_secret fcli> set main _notifications_recipients noc@yourcompany.com fcli> set main _notifications_recipients tech@yourcompany.com Then you could use this command and send test to configured notification s: fcli> set _test Then you could get notifications about all block and automatic unblock actions (if enabled). Also FastNetMon could call notify script which calls when DDoS arrives. You could use it for integration with third-part applications or monitoring systems. Then please install mail tool if not installed:
5 sudo apt-get install -y bsd-mailx Then open example notify script with favorite editor /etc/fastnetmon/scripts/notify_about_attack.sh and specify your in field: _notify. Then try to run it manually for ban action: echo ban_details /etc/fastnetmon/scripts/notify_about_attack.sh incoming ban And try to run it manually for unban (we do not have details in this case): /etc/fastnetmon/scripts/notify_about_attack.sh incoming unban Enable this action in FastNetMon: fcli> set main notify_script_path /etc/fastnetmon/scripts/notify_about_attack.sh fcli> set main notify_script_enabled enable As example we will block hosts which are exceeding 100 mbps bandwidth consumption. fcli> set hostgroup global threshold_mbps 100 fcli> set hostgroup global ban_for_bandwidth enable Enable ban actions for global host group: fcli> set hostgroup global enable_ban enable Enable ban actions globally: fcli> set main enable_ban enable Also I recommend to enable pcap dump collection for attacks: fcli> set main collect_attack_pcap_dumps enable And finally commit changes:
6 fcli> commit Then you could check blocks for hosts which exceeds this threshold: fcli> show blackhole That s all ;) FastNetMon has bundled support for BGP announces and it could announce attacked host with BGP and use BGP flow spec for dine grained DDoS filtering. In this part we could describe configuration for BGP unicast. For this manual you need to configure BGP peering connection from your router side and you need to know all following data: Peering IP for FastNetMon ASN for FastNetMon Router s IP Router s ASN Community number used for Blackhole at router side As first step please enable BGP support: fcli> set main gobgp enable Enable announces of host: fcli> set main gobgp_announce_host enable Then specify blackhole community used in your network (I personally encourage you to use recommended by RFC 7999 number, 666). Please use only 16 bit ASN numbers (< 65535) for communities here: fcli> set main gobgp_community_host 65001:666 Then we need to create new BGP peering session: fcli> set bgp connection_to_my_router And configure it (if you are using different from management IP for peering you need to configure it manually for your Ubuntu instance):
7 fcli> set bgp connection_to_my_router local_asn fcli> set bgp connection_to_my_router remote_asn fcli> set bgp connection_to_my_router local_address fcli> set bgp connection_to_my_router remote_address Then enable support for IPv4 unicast for this device explicitly: fcli> set bgp connection_to_my_router ipv4_unicast enable Finally, enable this peering connection: fcli> set bgp connection_to_my_router active enable And then we need to commit changes to FastNetMon and BGP daemon configuration: fcli> commit After this it s nice to check that we could announce IP s correctly. We could ban some test IP for it: fcli> set blackhole And check BGP daemon active announces list: /opt/fastnetmon/libraries/gobgp_1_4_0_git/gobgp global rib Network Next Hop AS_PATH Age Attrs *> / :00:47 [{Origin:?} {Communities: 65001:666}] Also you could check neighbors status this way: /opt/fastnetmon/libraries/gobgp_1_4_0_git/gobgp neighbor For this step you need to have working BGP unicast configuration. Please enable flow spec AFI on router s side and then we could start! Enable flow spec for your peering connection:
8 fcli> set bgp connection_to_my_router ipv4_flowspec enable Enable flow spec globally: fcli> set main gobgp_flow_spec_announces enable Also we could specify action type for FastNetMon s announces (accept, discard or rate-limit): fcli> set main gobgp_flow_spec_default_action discard For rate-limit you could specify actual rate (meaning of rate is depends on used vendor): fcli> set main gobgp_flow_spec_rate_limit_value 1000 Commit changes: fcli> commit Then we could prepare custom announce: fcli> set flowspec '{ "source_prefix": " /24", "destination_prefix": " /24", "destination_ports": [ 80 ], "source_ports": [ 53, 5353 ], "packet_lengths": [ 777, 1122 ], "protocols": [ "tcp" ], "fragmentation_flags": [ "is-fragment", "dont-fragment" ], "tcp_flags": [ "syn" ], "action_type": "ratelimit", "action": { "rate": 1024 } }' And check BGP daemon output: /opt/fastnetmon/libraries/gobgp_1_4_0_git/gobgp global rib -a ipv4-flow Network Next Hop AS_PATH Age Attrs *> [destination: /24][source: /24][protocol: tcp][destinationport: =80][source-port: =53 =5353][tcp-flags: syn][packet-length: =777 =1122][fragment: is-fragment dont-fragment]fictitious 00:01:36 [{Origin:?} {Extcomms: [discard]}]
GARR customer triggered blackholing
GARR customer triggered blackholing Silvia d Ambrosio, Nino Ciurleo Introduction From discussions with the GARR working group on "contrast to DDoS", we understood the importance of a collaboration between
More informationInstallation Guide Software version: 2.0
DDoS Protection System Installation Guide Software version: 2.0 Table of contents Page Introduction...2 Section 1 - Installation Guide...2 Part 1. System requirements...2 Part 2. Prerequisite for Installation...2
More informationII. Principles of Computer Communications Network and Transport Layer
II. Principles of Computer Communications Network and Transport Layer A. Internet Protocol (IP) IPv4 Header An IP datagram consists of a header part and a text part. The header has a 20-byte fixed part
More informationProtecting an EBGP peer when memory usage reaches level 2 threshold 66 Configuring a large-scale BGP network 67 Configuring BGP community 67
Contents Configuring BGP 1 Overview 1 BGP speaker and BGP peer 1 BGP message types 1 BGP path attributes 2 BGP route selection 6 BGP route advertisement rules 6 BGP load balancing 6 Settlements for problems
More informationIntroduction to Netflow
Introduction to Netflow Campus Network Design & Operations Workshop These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationConfiguring BGP community 43 Configuring a BGP route reflector 44 Configuring a BGP confederation 44 Configuring BGP GR 45 Enabling Guard route
Contents Configuring BGP 1 Overview 1 BGP speaker and BGP peer 1 BGP message types 1 BGP path attributes 2 BGP route selection 6 BGP route advertisement rules 6 BGP load balancing 6 Settlements for problems
More informationNetwork Management and Monitoring
Network Management and Monitoring Introduction to Netflow These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationipv6 mobile home-agent (global configuration)
ipv6 mobile home-agent (global configuration) ipv6 mobile home-agent (global configuration) To enter home agent configuration mode, use the ipv6 mobile home-agent command in global configuration mode.
More informationOperation Manual IPv4 Routing H3C S3610&S5510 Series Ethernet Switches. Table of Contents
Table of Contents Table of Contents Chapter 1 Static Routing Configuration... 1-1 1.1 Introduction... 1-1 1.1.1 Static Route... 1-1 1.1.2 Default Route... 1-1 1.1.3 Application Environment of Static Routing...
More informationNetwork Element Configuration
The following describes how to configure Flexible NetFlow and NTP servers on your ISR. Configuring a Network Element, page 1 NTP Configuration, page 1 NetFlow Configuration, page 2 Configuring a Network
More informationConfiguring NetFlow. Feature History for Configuring NetFlow. Release This feature was introduced.
Configuring NetFlow A NetFlow flow is a unidirectional sequence of packets that arrive on a single interface (or subinterface), and have the same values for key fields. NetFlow is useful for the following:
More informationChapter 21 RIP Configuration Guidelines
Chapter 21 RIP Configuration Guidelines To configure the Routing Information Protocol (RIP), you include the following statements: protocols { rip { any-sender; authentication-key password; authentication-type
More informationIP Multicast Technology Overview
IP multicast is a bandwidth-conserving technology that reduces traffic by delivering a single stream of information simultaneously to potentially thousands of businesses and homes. Applications that take
More informationTCP /IP Fundamentals Mr. Cantu
TCP /IP Fundamentals Mr. Cantu OSI Model and TCP/IP Model Comparison TCP / IP Protocols (Application Layer) The TCP/IP subprotocols listed in this layer are services that support a number of network functions:
More informationConfiguring Advanced BGP
CHAPTER 6 This chapter describes how to configure advanced features of the Border Gateway Protocol (BGP) on the Cisco NX-OS switch. This chapter includes the following sections: Information About Advanced
More informationDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP Infrastructures Tim Dijkhuizen Lennart van Gijtenbeek Supervisor: Stavros Konstantaras (AMS-IX) SNE: Research Project II 03-07-2018 Introduction Distributed Denial of Service
More informationBGP Route Reflector Commands
This chapter provides details of the commands used for configuring Border Gateway Protocol (BGP) Route Reflector (RR). address-family (BGP), on page 2 keychain, on page 5 neighbor (BGP), on page 7 remote-as
More informationContents. Configuring MSDP 1
Contents Configuring MSDP 1 Overview 1 How MSDP works 1 MSDP support for VPNs 6 Protocols and standards 6 MSDP configuration task list 7 Configuring basic MSDP features 7 Configuration prerequisites 7
More informationEnhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER
Enhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER Overview DDoS Evolution Typical Reactive/Proactive Mitigation Challenges and Obstacles BGP Flowspec Automated Flowspec Mitigation 2 DDoS Evolution
More informationBGP Routing and BGP Policy. BGP Routing. Agenda. BGP Routing Information Base. L47 - BGP Routing. L47 - BGP Routing
BGP Routing and BGP Policy BGP Routing The BGP Routing Principles and Route Decisions based on AS-Path in a simple topology of AS s routing policy is reduced to a minimal function demonstrated in example
More informationConfiguration prerequisites 45 Configuring BGP community 45 Configuring a BGP route reflector 46 Configuring a BGP confederation 46 Configuring BGP
Contents Configuring BGP 1 Overview 1 BGP speaker and BGP peer 1 BGP message types 1 BGP path attributes 2 BGP route selection 6 BGP route advertisement rules 6 BGP load balancing 6 Settlements for problems
More informationHistory Page. Barracuda NextGen Firewall F
The Firewall > History page is very useful for troubleshooting. It provides information for all traffic that has passed through the Barracuda NG Firewall. It also provides messages that state why traffic
More informationCommand Manual IPv4 Routing H3C S3610&S5510 Series Ethernet Switches. Table of Contents
Table of Contents Table of Contents Chapter 1 Static Routing Configuration Commands... 1-1 1.1 Static Routing Configuration Commands... 1-1 1.1.1 delete static-routes all... 1-1 1.1.2 ip route-static...
More informationR&E ROUTING SECURITY BEST PRACTICES. Grover Browning Karl Newell
R&E ROUTING SECURITY BEST PRACTICES Grover Browning Karl Newell RFC 7454 BGP Operations & Security Feb, 2015 https://tools.ietf.org/html/rfc7454 [ 2 ] Agenda Background / Community Development Overview
More informationBGP can also be used for carrying routing information for IPv6 prefix over IPv6 networks.
This chapter describes how to configure the Cisco ASA to route data, perform authentication, and redistribute routing information using the Border Gateway Protocol (). About, page 1 Guidelines for, page
More informationICS 451: Today's plan
ICS 451: Today's plan ICMP ping traceroute ARP DHCP summary of IP processing ICMP Internet Control Message Protocol, 2 functions: error reporting (never sent in response to ICMP error packets) network
More informationRef: A. Leon Garcia and I. Widjaja, Communication Networks, 2 nd Ed. McGraw Hill, 2006 Latest update of this lecture was on
IP Version 4 (IPv4) Header (Continued) Identification (16 bits): One of the parameters of any network is the maximum transmission unit (MTU) parameter. This parameter specifies the maximum size of the
More informationCSCI Networking Name:
CSCI 3335- Networking Name: Final Exam Problem 1: Error Checking and TCP (15 Points) (a) True or false: [2.5 points for circling correct answers, -1 points for each wrong answer] i. CRC can both correct
More informationUniversity of Toronto Faculty of Applied Science and Engineering. Final Exam, December ECE 461: Internetworking Examiner: J.
University of Toronto Faculty of Applied Science and Engineering Final Exam, December 2009 ECE 461: Internetworking Examiner: J. Liebeherr Exam Type: A Calculator: Type 2 There are a total of 10 problems.
More informationComputer Networks. Routing
Computer Networks Routing Topics Link State Routing (Continued) Hierarchical Routing Broadcast Routing Sending distinct packets Flooding Multi-destination routing Using spanning tree Reverse path forwarding
More informationOperation Manual BGP. Table of Contents
Table of Contents Table of Contents... 1-1 1.1 BGP/MBGP Overview... 1-1 1.1.1 Introduction to BGP... 1-1 1.1.2 BGP Message Types... 1-2 1.1.3 BGP Routing Mechanism... 1-2 1.1.4 MBGP... 1-3 1.1.5 BGP Peer
More informationRemember Extension Headers?
IPv6 Security 1 Remember Extension Headers? IPv6 allows an optional Extension Header in between the IPv6 header and upper layer header Allows adding new features to IPv6 protocol without major re-engineering
More informationConfiguring sflow. Information About sflow. sflow Agent. This chapter contains the following sections:
This chapter contains the following sections: Information About sflow, page 1 Licensing Requirements, page 2 Prerequisites, page 2 Guidelines and Limitations for sflow, page 2 Default Settings for sflow,
More informationContents. Configuring GRE 1
Contents Configuring GRE 1 Overview 1 GRE encapsulation format 1 GRE tunnel operating principle 1 GRE security mechanisms 2 GRE application scenarios 2 Protocols and standards 4 Configuring a GRE/IPv4
More informationUser Datagram Protocol
Topics Transport Layer TCP s three-way handshake TCP s connection termination sequence TCP s TIME_WAIT state TCP and UDP buffering by the socket layer 2 Introduction UDP is a simple, unreliable datagram
More informationHow the Internet sees you
IBM Research Zurich How the Internet sees you Demonstrating what activities most ISPs see you doing on the Internet Jeroen Massar 2010 IBM Corporation Network of networks You 2 CCC
More informationNetworking: Network layer
control Networking: Network layer Comp Sci 3600 Security Outline control 1 2 control 3 4 5 Network layer control Outline control 1 2 control 3 4 5 Network layer purpose: control Role of the network layer
More informationBGP. BGP Overview. Formats of BGP Messages. I. Header
Overview Three early versions of are -1 (RFC1105), -2 (RFC1163) and -3 (RFC1267). The current version in use is -4 (RFC1771). -4 is rapidly becoming the defacto Internet exterior routing protocol standard
More informationOnce the VM is started, the VirtualBox OS Manager window can be closed. But our Ubuntu VM is still running.
How to use iptables on Ubuntu Revised: 16-August-2016 by David Walling This "How To" document describes using the iptables program to define firewall rules for our Ubuntu server. We will also explore using
More informationConfiguring Port-Based Traffic Control
CHAPTER 18 This chapter describes how to configure port-based traffic control features on the Catalyst 3750 Metro switch. For complete syntax and usage information for the commands used in this chapter,
More informationRouter Lab Reference
KTHNOC Router Lab Reference Juniper version Table of Contents 1 Introduction...3 2 Reference: Workstation...3 2.1 Configuring network access...3 2.2 Connecting to your router...4 3 Reference: Basic commands...4
More informationConfiguration Commands. Generic Commands. shutdown BGP XRS Routing Protocols Guide Page 731. Syntax [no] shutdown
BGP Configuration Commands Generic Commands shutdown Syntax [no] shutdown Description This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration
More informationChapter 1. Getting Started
Versatile Routing and Services with BGP: Understanding and Implementing BGP in SR-OS PREV Introduction NEXT Chapter 2: BGP/MPLS IP-VPN Chapter 1 Getting Started Although this book does not discuss the
More informationVendor: Alcatel-Lucent. Exam Code: 4A Exam Name: Alcatel-Lucent Border Gateway Protocol. Version: Demo
Vendor: Alcatel-Lucent Exam Code: 4A0-102 Exam Name: Alcatel-Lucent Border Gateway Protocol Version: Demo QUESTION 1 Upon the successful establishment of a TCP session between peers, what type of BGP message
More informationIPv6 Configuration Commands
IPv6 Configuration Commands Table of Contents Table of Contents Chapter 1 IPv6 Configuration Commands...1 1.1 IPv6 Configuration Commands...1 1.1.1 ipv6 address...1 1.1.2 ipv6 address anycast...2 1.1.3
More informationBGP Configuration. BGP Overview. Introduction to BGP. Formats of BGP Messages. Header
Table of Contents BGP Configuration 1 BGP Overview 1 Introduction to BGP 1 Formats of BGP Messages 1 BGP Path Attributes 4 BGP Route Selection 8 Configuring BGP 8 Configuration Prerequisites 8 Configuration
More informationCS4450. Computer Networks: Architecture and Protocols. Lecture 15 BGP. Spring 2018 Rachit Agarwal
CS4450 Computer Networks: Architecture and Protocols Lecture 15 BGP Spring 2018 Rachit Agarwal Autonomous System (AS) or Domain Region of a network under a single administrative entity Border Routers Interior
More informationDa t e: August 2 0 th a t 9: :00 SOLUTIONS
Interne t working, Examina tion 2G1 3 0 5 Da t e: August 2 0 th 2 0 0 3 a t 9: 0 0 1 3:00 SOLUTIONS 1. General (5p) a) Place each of the following protocols in the correct TCP/IP layer (Application, Transport,
More informationRIP Configuration. RIP Overview. Operation of RIP. Introduction. RIP routing table. RIP timers
Table of Contents RIP Configuration 1 RIP Overview 1 Operation of RIP 1 Operation of RIP 2 RIP Version 2 RIP Message Format 3 Protocols and Standards 4 Configuring RIP Basic Functions 5 Configuration Prerequisites
More informationFirewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.
Firews and NAT 1 Firews By conventional definition, a firew is a partition made of fireproof material designed to prevent the spread of fire from one part of a building to another. firew isolates organization
More informationAPNIC elearning: BGP Basics. 30 September :00 PM AEST Brisbane (UTC+10) Revision: 2.0
APNIC elearning: BGP Basics 30 September 2015 1:00 PM AEST Brisbane (UTC+10) Issue Date: 07 July 2015 Revision: 2.0 Presenter Nurul Islam (Roman) Senior Training Specialist, APNIC Nurul maintains the APNIC
More informationMultiprotocol BGP (MBGP)
Multiprotocol BGP (MBGP) Module 5 2000, Cisco Systems, Inc. 1 Copyright 1998-2000, Cisco Systems, Inc. Module5.ppt 1 Module Objectives Understand that MBGP is NOT a replacement for PIM Understand the basic
More informationDDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (www.trenka.ch)
DDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (www.trenka.ch) Pavel Minarik, Chief Technology Officer SwiNOG meeting, 9 th Nov 2017 Backbone DDoS protection Backbone protection
More informationFlexible NetFlow IPv6 Unicast Flows
The feature enables Flexible NetFlow to monitor IPv6 traffic. Finding Feature Information, page 1 Information About Flexible NetFlow IPv6 Unicast Flows, page 1 How to Configure Flexible NetFlow IPv6 Unicast
More informationFlexible NetFlow IPv6 Unicast Flows
The feature enables Flexible NetFlow to monitor IPv6 traffic. Finding Feature Information, page 1 Information About Flexible NetFlow IPv6 Unicast Flows, page 1 How to Configure Flexible NetFlow IPv6 Unicast
More informationHP FlexFabric 5700 Switch Series
HP FlexFabric 5700 Switch Series Layer 3 - IP Routing Configuration Guide Part number: 5998-6688 Software version: Release 2416 Document version: 6W100-20150130 Legal and notice information Copyright 2015
More informationGeneral Firewall Configuration
To adjust resources used by your firewall service you can change the sizing parameters in the General Firewall Configuration (CONFIGURATION > Configuration Tree > Box > Infrastructure Services) of the
More informationProf. Shervin Shirmohammadi SITE, University of Ottawa. Internet Protocol (IP) Lecture 2: Prof. Shervin Shirmohammadi CEG
Lecture 2: Internet Protocol (IP) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 2-1 Network Layer Provides the upper layers with independence from the data
More informationEach ICMP message contains three fields that define its purpose and provide a checksum. They are TYPE, CODE, and CHECKSUM fields.
IP address ICMP Each ICMP message contains three fields that define its purpose and provide a checksum. They are TYPE, CODE, and CHECKSUM fields. The TYPE field identifies the ICMP message, the CODE field
More informationIntroduction to Internetworking
Introduction to Internetworking Introductory terms Communications Network Facility that provides data transfer services An internet Collection of communications networks interconnected by bridges and/or
More informationRouting and router security in an operator environment
DD2495 p4 2011 Routing and router security in an operator environment Olof Hagsand KTH CSC 1 Router lab objectives A network operator (eg ISP) needs to secure itself, its customers and its neighbors from
More informationPower of Slicing in Internet Flow Measurement. Ramana Rao Kompella Cristian Estan
Power of Slicing in Internet Flow Measurement Ramana Rao Kompella Cristian Estan 1 IP Network Management Network Operator What is happening in my network? How much traffic flows towards a given destination?
More informationThe information in this document is based on Cisco IOS Software Release 15.4 version.
Contents Introduction Prerequisites Requirements Components Used Background Information Configure Network Diagram Relevant Configuration Verify Test case 1 Test case 2 Test case 3 Troubleshoot Introduction
More informationLecture 8. Network Layer (cont d) Network Layer 1-1
Lecture 8 Network Layer (cont d) Network Layer 1-1 Agenda The Network Layer (cont d) What is inside a router Internet Protocol (IP) IPv4 fragmentation and addressing IP Address Classes and Subnets Network
More informationConfiguring sflow. About sflow. sflow Agent
About sflow This chapter describes how to configure sflow on Cisco NX-OS devices. This chapter includes the following sections: About sflow, on page 1 Licensing Requirements for sflow, on page 2 Prerequisites
More informationSite-1. Site-2. L3VPN Route-target and route-distinguisher Part I:
L3VPN Route-target and route-distinguisher Part I: When configuring an L3VPN, you need to include both a route-distinguisher and a route-target. Due to the similar format of these two values, it is hard
More informationCS 421: COMPUTER NETWORKS SPRING FINAL May 24, minutes. Name: Student No: TOT
CS 421: COMPUTER NETWORKS SPRING 2012 FINAL May 24, 2012 150 minutes Name: Student No: Show all your work very clearly. Partial credits will only be given if you carefully state your answer with a reasonable
More informationBIG-IP TMOS : Routing Administration. Version 13.1
BIG-IP TMOS : Routing Administration Version 13.1 Table of Contents Table of Contents Overview of TMOS Routing...9 Overview of routing administration in TMOS...9 About BIG-IP system routing tables...
More informationIPv6 PIM. Based on the forwarding mechanism, IPv6 PIM falls into two modes:
Overview Protocol Independent Multicast for IPv6 () provides IPv6 multicast forwarding by leveraging static routes or IPv6 unicast routing tables generated by any IPv6 unicast routing protocol, such as
More informationMPLS VPN Multipath Support for Inter-AS VPNs
The feature supports Virtual Private Network (VPN)v4 multipath for Autonomous System Boundary Routers (ASBRs) in the interautonomous system (Inter-AS) Multiprotocol Label Switching (MPLS) VPN environment.
More informationipv6 hello-interval eigrp
ipv6 hello-interval eigrp ipv6 hello-interval eigrp To configure the hello interval for the Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6 routing process designated by an autonomous system
More informationConfiguring NetFlow and NetFlow Data Export
This module contains information about and instructions for configuring NetFlow to capture and export network traffic data. NetFlow capture and export are performed independently on each internetworking
More informationConfiguring NetFlow Statistics Collection
38 CHAPTER This chapter describes how to configure NetFlow statistics on the Catalyst 4500 series switches. It also provides guidelines, procedures, and configuration examples. This feature is only available
More informationIP Routing Volume Organization
IP Routing Volume Organization Manual Version 20091105-C-1.03 Product Version Release 6300 series Organization The IP Routing Volume is organized as follows: Features IP Routing Overview Static Routing
More informationtcp6 v1.2 manual pages
tcp6 v1.2 manual pages Description This tool allows the assessment of IPv6 implementations with respect to a variety of attack vectors based on TCP/IPv6 segments. This tool is part of the IPv6 Toolkit
More informationBorder Gateway Protocol - BGP
BGP Fundamentals Border Gateway Protocol - BGP Runs over TCP (port 179) TCP connection required before BGP session Need to be reachable! Path vector routing protocol Best path selection based on path attributes
More informationBGP Security. Kevin s Attic for Security Research
Kevin s Attic for Security Research kevinkoo001@gmail.com Table 1. BGP Operation (1): Concept & Topology 2. BGP Operation (2): Message Exchange, Format and Path Decision Algorithm 3. Potential Attacks
More informationContents. BGP commands 1
Contents BGP commands 1 address-family ipv4 1 address-family ipv6 2 address-family link-state 3 advertise-rib-active 4 aggregate 5 balance 7 balance as-path-neglect 9 bestroute as-path-neglect 10 bestroute
More information4-Byte AS Numbers. The view from the Old BGP world. Geoff Huston February 2007 APNIC
4-Byte AS Numbers The view from the Old BGP world Geoff Huston February 2007 APNIC AS Number Consumption AS Number Consumption IANA Pool You are here Projections Total AS Count Advertised AS Count Unadvertised
More informationIBGP internals. BGP Advanced Topics. Agenda. BGP Continuity 1. L49 - BGP Advanced Topics. L49 - BGP Advanced Topics
IBGP internals BGP Advanced Topics main IBGP aspects inside an AS continuity all packets entering the AS that were not blocked by some policies should reach the proper exit BGP router all transit routers
More informationBGP Nonstop Routing was made a default feature.
Border Gateway Protocol (BGP) is an Exterior Gateway Protocol (EGP) that allows you to create loop-free interdomain routing between autonomous systems. An autonomous system is a set of routers under a
More informationHP 5120 SI Switch Series
HP 5120 SI Switch Series Layer 2 - LAN Switching Configuration Guide Part number: 5998-1807 Software version: Release 1513 Document version: 6W100-20130830 Legal and notice information Copyright 2013 Hewlett-Packard
More informationHost Identity Sources
The following topics provide information on host identity sources: Overview: Host Data Collection, on page 1 Determining Which Host Operating Systems the System Can Detect, on page 2 Identifying Host Operating
More informationMLD. MLDv1 (defined in RFC 2710), which is derived from IGMPv2. MLDv2 (defined in RFC 3810), which is derived from IGMPv3.
Introduction to Multicast listener discovery protocol () is used by an IPv6 router to discover the presence of multicast listeners on directly-attached subnets. Multicast listeners are nodes wishing to
More informationIPv6 Commands: ipv6 h to ipv6 mi
IPv6 Commands: ipv6 h to ipv6 mi ipv6 hello-interval eigrp, page 3 ipv6 hold-time eigrp, page 5 ipv6 hop-limit, page 7 ipv6 host, page 8 ipv6 icmp error-interval, page 10 ipv6 inspect, page 12 ipv6 inspect
More informationCisco IOS XR Netflow Configuration Guide for the Cisco CRS Router, Release 5.1.x
Cisco IOS XR Netflow Configuration Guide for the Cisco CRS Router, Release 5.1.x First Published: 2013-09-01 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA
More informationFlexible Netflow Configuration Guide, Cisco IOS Release 15S
Flexible Netflow Configuration Guide, Cisco IOS Release 15S Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS
More informationImplementing Static Routes on Cisco IOS XR Software
Implementing Static Routes on Cisco IOS XR Software This module describes how to implement static routes. Static routes are user-defined routes that cause packets moving between a source and a destination
More informationContents. Configuring GRE 1
Contents Configuring GRE 1 Overview 1 GRE encapsulation format 1 GRE tunnel operating principle 1 GRE application scenarios 2 Protocols and standards 4 Configuring a GRE/IPv4 tunnel 4 Configuration guidelines
More informationTable of Contents 1 MSDP Configuration 1-1
Table of Contents 1 MSDP Configuration 1-1 MSDP Overview 1-1 Introduction to MSDP 1-1 How MSDP Works 1-2 Protocols and Standards 1-7 MSDP Configuration Task List 1-7 Configuring Basic Functions of MSDP
More informationThis chapter describes how to configure the NetFlow feature on Cisco NX-OS devices.
This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices. Finding Feature Information, page 1 NetFlow, page 2 Licensing Requirements for NetFlow, page 6 Prerequisites for NetFlow,
More informationThe Network Layer and Routers
The Network Layer and Routers Daniel Zappala CS 460 Computer Networking Brigham Young University 2/18 Network Layer deliver packets from sending host to receiving host must be on every host, router in
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationIPv6 Sampled NetFlow feature was introduced. Destination-based Netflow Accounting feature was introduced.
A NetFlow flow is a unidirectional sequence of packets that arrive on a single interface (or subinterface), and have the same values for key fields. NetFlow is useful for the following: Accounting/Billing
More informationEP2120 Internetworking/Internetteknik IK2218 Internets Protokoll och Principer
EP2120 Internetworking/Internetteknik IK2218 Internets Protokoll och Principer Homework Assignment 1 (Solutions due 20:00, Mon., 10 Sept. 2018) (Review due 20:00, Wed., 12 Sept. 2018) 1. IPv4 Addressing
More informationTable of Contents 1 BGP Configuration 1-1
Table of Contents 1 BGP Configuration 1-1 BGP Overview 1-1 Formats of BGP Messages 1-2 BGP Path Attributes 1-4 BGP Route Selection 1-8 ibgp and IGP Synchronization 1-11 Settlements for Problems in Large
More informationThe Interconnection Structure of. The Internet. EECC694 - Shaaban
The Internet Evolved from the ARPANET (the Advanced Research Projects Agency Network), a project funded by The U.S. Department of Defense (DOD) in 1969. ARPANET's purpose was to provide the U.S. Defense
More informationEC441 Midterm Two Fall 2017
EC441 Midterm Two Fall 2017 This is an open-book, open-computer, open-notes exam. You may work with a partner, but you must submit one joint answer for each problem. You may not complete any exam with
More informationLAB EXERCISES (TP) 6 INTER-DOMAIN ROUTING: BGP-4 With Solutions
Name 1: Name 2: COMPUTER NETWORKING LAB EXERCISES (TP) 6 INTER-DOMAIN ROUTING: BGP-4 With Solutions Abstract This lab covers BGP-4, which is the Inter-Domain Routing Protocol of the Internet. You will
More informationEEC-484/584 Computer Networks
EEC-484/584 Computer Networks Lecture 13 wenbing@ieee.org (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of lecture 12 Routing Congestion
More information