The Loopback Interface

Similar documents
The Loopback Interface

Symbols I N D E X. (vertical bar), string searches, 19 20

Migrating from OSPF to IS-IS

ISP and IXP Design. Point of Presence Topologies. ISP Network Design. PoP Topologies. Modular PoP Design. PoP Design INET 2000 NTW

Introduction to BGP ISP/IXP Workshops

Module 11 Advanced Router Configuration

Border Gateway Protocol - BGP

Introduction to BGP. ISP/IXP Workshops

IPv6 Module 11 Advanced Router Configuration

Configuring VRF-lite CHAPTER

COM-208: Computer Networks - Homework 6

Module 10 An IPv6 Internet Exchange Point

Using the Management Ethernet Interface

Module 4 BGP-LS Configuration Lab

Module 7 BGP Route Reflector Lab

2016/09/07 08:37 1/5 Internal BGP Lab. Set up Internal BGP (ibgp) within the each Group autonomous system to carry routing information within the AS.

Remote Access MPLS-VPNs

BGP Commands. Network Protocols Command Reference, Part 1 P1R-355

Using the Management Ethernet Interface

Cisco CISCO Configuring BGP on Cisco Routers Exam. Practice Test. Version

IPv6 Module 6x ibgp and Basic ebgp

Lab 2 BGP route filtering and advanced features

Ravi Chandra cisco Systems Cisco Systems Confidential

BGP Scaling (RR & Peer Group)

Module 19 Internet Exchange Points

BGP Scaling Techniques

IPv6 Module 6 ibgp and Basic ebgp

Using the Management Interfaces

Routers / external connectivity (HSRP) Web farm, mail servers

PREREQUISITES TARGET AUDIENCE. Length Days: 5

Introduction to IS-IS

Module 6 More ibgp, and Basic ebgp Configuration

Back to basics J. Addressing is the key! Application (HTTP, DNS, FTP) Application (HTTP, DNS, FTP) Transport. Transport (TCP/UDP) Internet (IPv4/IPv6)

BGP Scaling Techniques

IPv6 Module 1c ibgp. Prerequisites: IPv6 Module 1a (OSPF) or IPv6 Module 1b (ISIS).

MPLS VPN Multipath Support for Inter-AS VPNs

Cisco Cookbook. Kevin Dooley and IanJ. Brown. O'REILLY 4 Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo

2015/07/23 23:31 1/7 ibgp

DE-CIX Academy: BGP Introduction. Notice of Liability. BGP Configuration Examples. Network Diagram for all examples. Links and Examples

Internet Routing Basics

Migrating from OSPF to IS-IS

Module 6 ibgp and Basic ebgp

CCNP (Routing & Switching and T.SHOOT)

Advanced Multihoming. BGP Traffic Engineering

Module 1 Device and Infrastructure Security Lab

Obtain the hostname or IP address of Cisco UCS Central. Obtain the shared secret that was configured when Cisco UCS Central was deployed.

CS 43: Computer Networks. 24: Internet Routing November 19, 2018

Introduction to OSPF

About Chassis Manager

BGP in the Internet Best Current Practices

Cisco CCNP ROUTE: Implementing Cisco IP Routing (ROUTE) 2.0. Upcoming Dates. Course Description. Course Outline

InterAS Option B. Information About InterAS. InterAS and ASBR

Registering Cisco UCS Domains with Cisco UCS Central

CS 43: Computer Networks Internet Routing. Kevin Webb Swarthmore College November 16, 2017

Implementing Cisco IP Routing

Introduction to BGP. ISP Workshops. Last updated 30 October 2013

Advanced Computer Networks

Module 16 An Internet Exchange Point

Service Provider Multihoming

CCIE Routing & Switching

Border Gateway Protocol

BGP and the Internet

Module 18 Transit. Objective: To investigate methods for providing transit services. Prerequisites: Modules 12 and 13, and the Transit Presentation

Configuring Layer 3 Virtualization

IPv6 Address Planning

Module 11 Advanced Router Configuration

BGP Attributes and Policy Control

Network security session 9-2 Router Security. Network II

Configure the IPv6 BGP Local Preference Feature

BGP Attributes and Policy Control

Cisco Implementing Cisco IP Routing v2.0 (ROUTE)

Configuring BGP. Cisco s BGP Implementation

Introduction. Keith Barker, CCIE #6783. YouTube - Keith6783.

OER uses the following default value if this command is not configured or if the no form of this command is entered: timer: 300

Module 1 Basic Topology, OSPF and ibgp

Module 6 ibgp and Basic ebgp

Network Configuration Example

Applied Networks & Security

Routing Basics. SANOG July, 2017 Gurgaon, INDIA

prefix filtering netkit-lab-bgp-1

Module 6 IPv6 ibgp and Basic ebgp

BGP Techniques for ISP. Terutaka Komorizono

BGP and the Internet. Enterprise Multihoming. Enterprise Multihoming. Medium/Large ISP Multihoming. Enterprise Multihoming. Enterprise Multihoming

Configuring BGP on Cisco Routers Volume 1

DE-CIX Academy: BGP - Multihoming

Introduction to BGP. BGP Basics BGP. Border Gateway Protocol. Path Vector Protocol. Path Vector Protocol INET 2000 NTW

BGP Attributes and Path Selection

The Contemporary Internet p. 3 Evolution of the Internet p. 5 Origins and Recent History of the Internet p. 5 From ARPANET to NSFNET p.

Juniper JN0-647 Exam. Volume: 65 Questions. Question: 1 Which protocol is a multicast routing protocol? A. OSPF B. BGP C. PIM D. IS-IS.

2016/01/17 04:05 1/19 Basic BGP Lab

BGP101. Howard C. Berkowitz. (703)

Implementing Cisco IP Routing (ROUTE)

How BGP Routers Use the Multi Exit Discriminator for Best Path Selection

BGP Multihoming ISP/IXP Workshops

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

BGP Commands. Network Protocols Command Reference, Part 1 P1R-355

Some Foundational Problems in Interdomain Routing

Juniper JN0-101 Questions & Answers

Configuring Scalable Hub-and-Spoke MPLS VPNs

MPLS L3VPN. The MPLS L3VPN model consists of three kinds of devices: PE CE Site 2. Figure 1 Network diagram for MPLS L3VPN model

Transcription:

1 Overview The Loopback Interface Requires IOS 11.1CC, 12.0S or 12.0T ISP software trains ISP/IXP Workshops Covers router access, security, information gathering, configuration and scalability. ISP/IXP Workshops 1999, Cisco Systems, Inc. 2 Motivation Motivation Most ISPs make use of loopback IP address configured is a host address Loopback interfaces on ISP backbone usually numbered: out of one contiguous block, or interface loopback 0 description Loopback Interface of CORE-GW3 ip address 215.18.3.34 255.255.255.255 using a geographical scheme, or using a per PoP scheme Aim is to aid recognition and improve security 3 4 Motivation With routers using a loopback address as the source for all IP packets originating from, it becomes very easy to construct appropriate filters to protect management systems in the ISP s network operation centres Router Access 5 6

7 Accessing the Router Remote access using Telnet Put mapping of loopback address to router name into forward and reverse DNS. Telnet to router using loopback address, not interface address. ISP routers usually have multiple external paths and many interfaces. DNS Configuration example: Remote access from using familiar telnet Configure telnet so that the loopback core-gw3 A 215.17.1.8 ; Loopback of router gw3 ip telnet source-interface Loopback0 8 Remote access using RCMD Remote access from router using Unix style rcmd Configure RCMD so that the loopback Security ip rcmd source-interface Loopback0 9 10 Management User Authentication Management User Authentication TACACS+ distributed authentication system for management access to routers Configure TACACS+ so that the loopback ip tacacs source-interface Loopback0 tacacs-server host 215.17.1.1 TACACS+ servers can be protected by filters which only allow TACACS+ port to be accessed from loopback address block Motivation - Easy to read/process logs: TACACS+ log records have the loopback address recorded as source address, not the egress 11 12

13 RADIUS User Authentication RADIUS User Authentication RADIUS distributed authentication system for dial user access to routers Configure RADIUS so that the loopback RADIUS servers and proxies can be protected by filters which only allow RADIUS ports to be accessed from loopback address block Motivation - Easy to read/process logs: ip radius source-interface Loopback0 radius-server host 215.17.1.1 RADIUS log records have the loopback address auth-port 1645 acct-port 1646 14 Exporting NetFlow records Recording Information Exporting Cisco NetFlow statistics to a NetFlow Collector system Configure NetFlow export so that the loopback address is used in packets originating from ip flow-export source Loopback0 15 16 Exporting NetFlow records Logging Information NetFlow collector can be protected by filters which only allow the specified flow port to be accessed from loopback address block Send logging information to a Unix or Windows SYSLOG server. Log packets leave router with loopback interface address as source logging source-interface loopback0 17 18

19 Logging Information Network Time Protocol SYSLOG servers and proxies can be protected by filters which only allow the syslog port to be accessed from the loopback address block Network Time Protocol (NTP) used to synchronize the time on all the devices. NTP packets leave router with loopback address as source Motivation - Easy to read/process logs: SYSLOG records have the loopback address ntp source loopback0 ntp server 169.223.1.1 source loopback 1 20 Network Time Protocol SNMP Motivation - NTP Security: NTP systems can be protected by filters which only allow the NTP port to be accessed from the loopback address block Motivation - Easy to understand NTP peerings: NTP associations have the loopback address If SNMP is used, send traps from router using loopback address as source. snmp-server trap-source Loopback0 snmp-server host 169.223.1.1 community 21 22 SNMP Core Dumps Motivation - SNMP Server Security: SNMP management systems can be protected by filters which only allow the SNMP port to be accessed from the loopback address block Motivation - Easy to read/process trap information: SNMP traps have the loopback address Core dump feature allows routers to transfer an image of memory to a specified FTP server in case of a crash. Configure core dumps to use the loopback interface address as source. ip ftp source-interface loopback 0 exception protocol ftp exception dump 169.223.32.1 23 24

25 Core Dumps Motivation - Core Dump FTP Server Security: FTP server used for core dumps can be protected by filters which only allow the FTP port to be accessed from the loopback address block Configuration and Scalability This FTP server should NOT be visible to the public 26 Configuration using TFTP Configuration using TFTP Configuring using TFTP from tftp server Saving router configuration to a tftp server Configure TFTP so that the loopback Motivation - TFTP Server Security: TFTP server used to store configurations and IOS images can be protected by filters which only allow the TFTP port to be accessed from the loopback address block This TFTP server should NOT be visible to the public ip tftp source-interface Loopback0 27 28 Interface Configuration Router ID ip unnumbered no need for an IP address on point-to-point links keeps IGP small If the loopback interface exists and has an IP address, that is used as ID in routing protocols - stability! interface loopback 0 ip address 215.17.3.1 255.255.255.255! interface Serial 5/0 ip unnumbered loopback 0! ip route 215.34.10.0 255.255.252.0 Serial 5/0 If the loopback interface does not exist, or has no IP address, ID is the highest IP address configured - danger! 29 30

31 Stable ibgp configuration Multiple parallel ebgp Sessions Use loopback interface it never goes away ISP routers usually have multiple external paths interface loopback 0 ip address 215.17.1.34 255.255.255.255 router bgp 200 neighbor 215.17.1.35 remote-as 200 neighbor update-source loopback 0 ebgp to loopback addresses ebgp prefixes learned with loopback address as next hop parallel paths to loopback address allows load-sharing AS200 AS 201 32 Summary Loopback interface is not redundant or superfluous Multitude of uses to ease security, access, management, information and scalability of router and network Thank You! Any Questions? Protects the ISP s Management Systems Use the loopback! 33 34

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback