SlideShare a Scribd company logo

Prefix Filtering BCP

Bangladesh Network Operators Group
Bangladesh Network Operators Group

Prefix Filtering BCP

Internet
1 of 32
Download to read offline
Prefix Filtering Design Issues and Best Practices Nurul Islam Roman, APNIC bdNOG2, Cox’s Bazar, Bangladesh.
Ingress Prefixes •  There are three scenarios for receiving prefixes from other ASNs –  Customer talking BGP –  Peer talking BGP –  Upstream/Transit talking BGP •  Each has different filtering requirements and need to be considered separately
Source of Prefixes •  Upstream –  Mostly ISP •  Regional Internet Registry (RIR) –  I.e. APNIC, ARIN, ARFINIC, LACNIC, RIPE NCC
Design Consideration •  Ingress prefix from downstream: –  Option 1: Customer single home and non portable prefix •  Customer is not APNIC member prefix received from upstream ISP –  Option 2: Customer single home and portable prefix •  Customer is APNIC member receive allocation as service provider but no AS number yet –  Option 3: Customer multihome and non portable prefix •  Customer is not APNIC member both prefix and ASN received from upstream ISP –  Option 4: Customer multihome and portable prefix •  Customer is APNIC member both prefix and ASN received from APNIC
Design Consideration [Single home] •  Option 1: Single home and non portable prefix Internet can not change upstream ISP1 ISP Prefix 3fff:ffff::/32 Enterprise Prefix 3fff:ffff:dcdc:/48 Customer
Design Consideration [Single home] •  Option 2: Single home and portable prefix Internet Can change upstream ISP1 ISP Prefix 3fff:ffff::/32 Enterprise Prefix 2001:0DB8::/32 Customer
Design Consideration [Multihome] •  Option 3: Multihome and non portable prefix Internet upstream can not change ISP1 ISP Prefix 3fff:ffff::/32 Enterprise Prefix 3fff:ffff:dcdc:/48 ISP2 upstream can change Customer
Design Consideration [Multihome] •  Option 4: Multihome and portable prefix Internet upstream can change ISP1 ISP Prefix 3fff:ffff::/32 Enterprise Prefix 2001:0DB8::/32 ISP2 upstream can change Customer
Route Filtering BCP [Single home] •  Option 1: Customer single home and non portable prefix Internet upstream downstream AS17821 Static 3fff:ffff:dcdc::/48 to customer WAN Interface No LoA Check of Cust prefix ISP Prefix 3fff:ffff::/32 Customer Prefix 3fff:ffff:dcdc::/48 NO BGP Static Default to ISP WAN Interface Filter requirement for ISP Customer interface OSPF passive No BGP peering with downstream customer No route filter required Traffic filter should permit customer prefix only Filter requirement for Customer No dynamic routing protocol with ISP No route filter required Need traffic filter based on company security policy
Route Filtering BCP [Single home] •  Option 2: : Customer single home and portable prefix Internet upstream downstream AS17821 Static 2001:0DB8::/32 to customer WAN Interface BGP network 2001:0DB8::/32 AS17821 i Check LoA of Cust prefix ISP Prefix 3fff:ffff::/32 Customer Prefix 2001:0DB8::/32 NO BGP Static Default to ISP WAN Interface Static 2001:0DB8::/32 null0 Filter requirement for ISP Customer interface OSPF passive No BGP peering with downstream customer No route filter required Traffic filter should permit customer prefix only Filter requirement for Customer No dynamic routing protocol with ISP No route filter required Need traffic filter based on company security policy
Route Filtering [Multihome] •  Option 3: Customer multihome and non portable prefix Internet upstream can not change AS17821 eBGP peering with customer WAN interface No LoA Check of Cust prefix ISP Prefix 3fff:ffff::/32 Customer Prefix 3fff:ffff:dcdc::/48 Filter requirement for ISP Customer interface OSPF passive BGP peering with downstream customer Route filter permit 3fff:ffff:dcdc::/48 only in Route filter permit ::/0, AS17821cust, all /48& /32 out Or route filter permit ::/0 & AS17821 only out AS path filter permit _64500$ in Traffic filter should permit customer prefix in Filter requirement for Customer BGP peering with both upstream ISP Route filter permit 3fff:ffff:dcdc::/48 only out Route filter permit ::/0, AS17821cust, all /48& /32 in Or route filter permit ::/0 & AS17821 only in AS path filter permit ^$ out Need traffic filter based on company security policy AS131107 Check LoA of Cust prefix Manual process e-mail to tech-c Automated process route object or RPKI Nearly same filter requirement as other ISP AS64500 eBGP peering with both ISP WAN Interface BGP network 3fff:ffff:dcdc::/48 AS64500 i or aggregate address from gateway router upstream can change
Route Filtering [Multihome] •  Option 4: Customer multihome and portable prefix Internet upstream can change AS17821 Check LoA of Cust prefix Manual process e-mail to tech-c Automated process route object or RPKI ISP Prefix 3fff:ffff::/32 Customer Prefix 2001:0DB8::/32 Filter requirement for ISP Customer interface OSPF passive BGP peering with downstream customer Route filter permit 2001:0DB8::/32 only in Route filter permit ::/0, AS17821cust, all /48& /32 out Or route filter permit ::/0 & AS17821 only out AS path filter permit _64500$ in Traffic filter should permit customer prefix in Filter requirement for Customer BGP peering with both upstream ISP Route filter permit 2001:0DB8::/32 only out Route filter permit ::/0, AS17821cust, all /48& /32 in Or route filter permit ::/0 & AS17821 only in AS path filter permit ^$ out Need traffic filter based on company security policy AS131107 Check LoA of Cust prefix Manual process e-mail to tech-c Automated process route object or RPKI Nearly same filter requirement as other ISP AS64500 eBGP peering with both ISP WAN Interface BGP network 2001:0DB8::/32 AS64500 i or aggregate address from gateway router upstream can change
Design Issue [Ingress Prefix] •  Downstream Customer BGP In process design issue: –  Option 1: ISP default only In •  Customer is accepting ::/0 only from upstream ISP prefix –  Option 2: ISP default + local In •  Customer is accepting ::/0 and upstream ISP prefix and their other customer portable prefixes (Non portable prefixes should not) –  Option 3: ISP default + local + all In •  Customer is accepting ::/0, upstream ISP aggregated prefix and their other customer portable prefixes (Non portable prefixes should not) and all other from Internet
Route Filtering •  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 AS131107 default originated AS17821 default originated
•  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 AS131107 default originated AS17821 default originated Route Filtering
•  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 AS131107 default originated AS17821 default originated Route Filtering
•  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering –  Can not re-route traffic if remote transit is down Internet Net 2001:0DB8::/32 upstream AS17821 default originated AS131107 default originated AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 Route Filtering
•  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering –  Can not re-route traffic if remote transit is down –  I.e. Network 2001:0DB8::/32 is withdrawn in AS200 but default path in AS64500 is still sending traffic via AS 17821) Internet Net 2001:0DB8::/32 upstream AS17821 default originated AS131107 default originated AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 Route Filtering
•  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering –  Can not re-route traffic if remote transit is down –  Prefixes originated in AS131107 can be routed via AS17821 (Sub- optimal path) Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 AS131107 default originated Net 3fff:ffff::/32 i AS17821 default originated Route Filtering
•  Option 2: ISP default + local In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering to the remote –  Can not re-route traffic if remote transit is down –  AS131107 is sending its portable local route to AS64500 Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 >3fff:ffff::/32 i from As131107 upstream AS100 AS200 AS131107 default originated net 3fff:ffff::/32 i AS17821 default originated Route Filtering
•  Option 2: ISP default + local In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering to the remote –  Can not re-route traffic if remote transit is down –  AS131107 is sending its portable local route to AS64500 –  Prefixes originated in AS131107 can now be routed via AS131107 (Optimal Path) Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from As131107 upstream AS100 AS200 AS131107 default originated Net 3fff:ffff::/32 i AS17821 default originated Route Filtering
•  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:0db8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
•  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) –  Need skilled people to manage large routing table Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:0db8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
•  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) –  Need skilled people to manage large routing table –  Support destination specific traffic engineering to the remote Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:0db8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
•  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) –  Need skilled people to manage large routing table –  Support destination specific traffic engineering to the remote –  Can now re-route traffic if remote transit is down Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:0db8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
•  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) –  Need skilled people to manage large routing table –  Support destination specific traffic engineering to the remote –  Can now re-route traffic if remote transit is down Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 > 2001:0db8 via AS 131107 2001:0db8 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
•  Option 3: ISP default + local + all In –  Need high configuration router (CPU/DRAM) –  Need skilled people to manage large routing table –  Support destination specific traffic engineering to the remote –  Can now re-route traffic if remote transit is down –  Prefixes originated in AS131107 or AS17821 can now be routed via AS131107 or AS17821 respectively Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:odb8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
Route Filtering BCP •  Prefixes: From Upstream/Transit Provider •  If necessary to receive prefixes from any provider, care is required. –  Don’t accept default (unless you need it) –  Don’t accept your own prefixes •  For IPv4: –  Don’t accept private (RFC1918) and certain special use prefixes: http://www.rfc-editor.org/rfc/rfc5735.txt –  Don’t accept prefixes longer than /24 (?) •  For IPv6: –  Don’t accept certain special use prefixes: http://www.rfc-editor.org/rfc/rfc5156.txt –  Don’t accept prefixes longer than /48 (?)
Route Filtering BCP IXP •  Same set of routes should be announced over both transit path and Peering •  Announcing more specific route over transit may win best path then peering •  Avoid static/default •  Apply prefix filter on route server •  Per neighbor filtering for more granularity 29
Route Filtering BCP •  Prefixes: From Upstream/Transit Provider •  Check Team Cymru’s list of “bogons” www.team-cymru.org/Services/Bogons/http.html •  For IPv4 also consult: datatracker.ietf.org/doc/draft-vegoda-no-more-unallocated-slash8s •  For IPv6 also consult: www.space.net/~gert/RIPE/ipv6-filters.html •  Bogon Route Server: www.team-cymru.org/Services/Bogons/routeserver.html –  Supplies a BGP feed (IPv4 and/or IPv6) of address blocks which should not appear in the BGP table
Questions?
Thank you

Recommended

Community tools to fight against DDoS
Community tools to fight against DDoSCommunity tools to fight against DDoS
Community tools to fight against DDoSFakrul Alam
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshFakrul Alam
 
Route Hijaking and the role of RPKI
Route Hijaking and the role of RPKIRoute Hijaking and the role of RPKI
Route Hijaking and the role of RPKIAPNIC
 
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed Rawi
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed RawiManaging Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed Rawi
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed RawiMyNOG
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshBangladesh Network Operators Group
 
BGP filtering best practice
BGP filtering best practiceBGP filtering best practice
BGP filtering best practiceJimmy Lim
 
Routing Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaRouting Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaBangladesh Network Operators Group
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesMyNOG
 

Recommended

Community tools to fight against DDoS
Community tools to fight against DDoSCommunity tools to fight against DDoS
Community tools to fight against DDoSFakrul Alam
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshFakrul Alam
 
Route Hijaking and the role of RPKI
Route Hijaking and the role of RPKIRoute Hijaking and the role of RPKI
Route Hijaking and the role of RPKIAPNIC
 
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed Rawi
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed RawiManaging Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed Rawi
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed RawiMyNOG
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshBangladesh Network Operators Group
 
BGP filtering best practice
BGP filtering best practiceBGP filtering best practice
BGP filtering best practiceJimmy Lim
 
Routing Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaRouting Security - its importance and status in South Asia
Routing Security - its importance and status in South AsiaBangladesh Network Operators Group
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesMyNOG
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Cisco Canada
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry developmentAPNIC
 
RPKI: An Operator’s Implementation
RPKI: An Operator’s ImplementationRPKI: An Operator’s Implementation
RPKI: An Operator’s ImplementationMyNOG
 
MyIX Updates
MyIX UpdatesMyIX Updates
MyIX UpdatesMyNOG
 
TechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the DatacenterTechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the DatacenterRobb Boyd
 
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingBSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingAPNIC
 
A week with analysing RPKI status
A week with analysing RPKI statusA week with analysing RPKI status
A week with analysing RPKI statusAPNIC
 
EVPN Introduction
EVPN IntroductionEVPN Introduction
EVPN IntroductionBangladesh Network Operators Group
 
Innovation is back in the transport and network layers
Innovation is back in the transport and network layersInnovation is back in the transport and network layers
Innovation is back in the transport and network layersOlivier Bonaventure
 
Rpki -manrs_(7_september)
Rpki -manrs_(7_september)Rpki -manrs_(7_september)
Rpki -manrs_(7_september)NaveenLakshman
 
MENOG-Segment Routing Introduction
MENOG-Segment Routing IntroductionMENOG-Segment Routing Introduction
MENOG-Segment Routing IntroductionRasoul Mesghali, CCIE RS
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTAPNIC
 
Apricot2004 bgp00
Apricot2004 bgp00Apricot2004 bgp00
Apricot2004 bgp00La Htoi Layang
 
Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Bangladesh Network Operators Group
 
Introduction to Segment Routing
Introduction to Segment RoutingIntroduction to Segment Routing
Introduction to Segment RoutingMyNOG
 
Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)Juniper Networks
 
PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesAPNIC
 
A comparison of Segment Routing Data-Plane encodings
A comparison of Segment Routing Data-Plane encodingsA comparison of Segment Routing Data-Plane encodings
A comparison of Segment Routing Data-Plane encodingsGunter Van de Velde
 
Stateful PCE and Segment Routing
Stateful PCE and Segment RoutingStateful PCE and Segment Routing
Stateful PCE and Segment RoutingAPNIC
 
NZNOG 2020: APNIC update
NZNOG 2020: APNIC updateNZNOG 2020: APNIC update
NZNOG 2020: APNIC updateAPNIC
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh RPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh Bangladesh Network Operators Group
 
IPv6 Deployment Status in Bangladesh
IPv6 Deployment Status in Bangladesh IPv6 Deployment Status in Bangladesh
IPv6 Deployment Status in Bangladesh Bangladesh Network Operators Group
 

More Related Content

What's hot

Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Cisco Canada
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry developmentAPNIC
 
RPKI: An Operator’s Implementation
RPKI: An Operator’s ImplementationRPKI: An Operator’s Implementation
RPKI: An Operator’s ImplementationMyNOG
 
MyIX Updates
MyIX UpdatesMyIX Updates
MyIX UpdatesMyNOG
 
TechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the DatacenterTechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the DatacenterRobb Boyd
 
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingBSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingAPNIC
 
A week with analysing RPKI status
A week with analysing RPKI statusA week with analysing RPKI status
A week with analysing RPKI statusAPNIC
 
Innovation is back in the transport and network layers
Innovation is back in the transport and network layersInnovation is back in the transport and network layers
Innovation is back in the transport and network layersOlivier Bonaventure
 
Rpki -manrs_(7_september)
Rpki -manrs_(7_september)Rpki -manrs_(7_september)
Rpki -manrs_(7_september)NaveenLakshman
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTAPNIC
 
Introduction to Segment Routing
Introduction to Segment RoutingIntroduction to Segment Routing
Introduction to Segment RoutingMyNOG
 
Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)Juniper Networks
 
PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesAPNIC
 
A comparison of Segment Routing Data-Plane encodings
A comparison of Segment Routing Data-Plane encodingsA comparison of Segment Routing Data-Plane encodings
A comparison of Segment Routing Data-Plane encodingsGunter Van de Velde
 
Stateful PCE and Segment Routing
Stateful PCE and Segment RoutingStateful PCE and Segment Routing
Stateful PCE and Segment RoutingAPNIC
 
NZNOG 2020: APNIC update
NZNOG 2020: APNIC updateNZNOG 2020: APNIC update
NZNOG 2020: APNIC updateAPNIC
 

What's hot (20)

Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
 
RPKI: An Operator’s Implementation
RPKI: An Operator’s ImplementationRPKI: An Operator’s Implementation
RPKI: An Operator’s Implementation
 
MyIX Updates
MyIX UpdatesMyIX Updates
MyIX Updates
 
TechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the DatacenterTechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the Datacenter
 
BSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet RoutingBSides: BGP Hijacking and Secure Internet Routing
BSides: BGP Hijacking and Secure Internet Routing
 
A week with analysing RPKI status
A week with analysing RPKI statusA week with analysing RPKI status
A week with analysing RPKI status
 
EVPN Introduction
EVPN IntroductionEVPN Introduction
EVPN Introduction
 
Innovation is back in the transport and network layers
Innovation is back in the transport and network layersInnovation is back in the transport and network layers
Innovation is back in the transport and network layers
 
Rpki -manrs_(7_september)
Rpki -manrs_(7_september)Rpki -manrs_(7_september)
Rpki -manrs_(7_september)
 
MENOG-Segment Routing Introduction
MENOG-Segment Routing IntroductionMENOG-Segment Routing Introduction
MENOG-Segment Routing Introduction
 
PhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRTPhNOG 2020: Securing your resources with RPKI and IRT
PhNOG 2020: Securing your resources with RPKI and IRT
 
Apricot2004 bgp00
Apricot2004 bgp00Apricot2004 bgp00
Apricot2004 bgp00
 
Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI)
 
Introduction to Segment Routing
Introduction to Segment RoutingIntroduction to Segment Routing
Introduction to Segment Routing
 
Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)
 
PhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the PhilippinesPhNOG 2020: ROA and RPKI in the Philippines
PhNOG 2020: ROA and RPKI in the Philippines
 
A comparison of Segment Routing Data-Plane encodings
A comparison of Segment Routing Data-Plane encodingsA comparison of Segment Routing Data-Plane encodings
A comparison of Segment Routing Data-Plane encodings
 
Stateful PCE and Segment Routing
Stateful PCE and Segment RoutingStateful PCE and Segment Routing
Stateful PCE and Segment Routing
 
NZNOG 2020: APNIC update
NZNOG 2020: APNIC updateNZNOG 2020: APNIC update
NZNOG 2020: APNIC update
 

Viewers also liked

Viewers also liked (20)

RPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh RPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
IPv6 Deployment Status in Bangladesh
IPv6 Deployment Status in Bangladesh IPv6 Deployment Status in Bangladesh
IPv6 Deployment Status in Bangladesh
 
The Future of SIP in WebRTC
The Future of SIP in WebRTCThe Future of SIP in WebRTC
The Future of SIP in WebRTC
 
Onboard Automation with EEM
Onboard Automation with EEM Onboard Automation with EEM
Onboard Automation with EEM
 
Community Tools to Fight Against DDoS
Community Tools to Fight Against DDoS Community Tools to Fight Against DDoS
Community Tools to Fight Against DDoS
 
APNIC Services Update
APNIC Services Update APNIC Services Update
APNIC Services Update
 
Securing Asterisk: A practical approach
Securing Asterisk: A practical approachSecuring Asterisk: A practical approach
Securing Asterisk: A practical approach
 
APNIC Policy Update
APNIC Policy Update APNIC Policy Update
APNIC Policy Update
 
Traffic Engineering for CDNs
Traffic Engineering for CDNs Traffic Engineering for CDNs
Traffic Engineering for CDNs
 
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
 
RPKI with rpki.net Tools
RPKI with rpki.net ToolsRPKI with rpki.net Tools
RPKI with rpki.net Tools
 
Practical Implementation of BGP Community with Geotags
Practical Implementation of BGP Community with GeotagsPractical Implementation of BGP Community with Geotags
Practical Implementation of BGP Community with Geotags
 
Internet Governance: Why does it matter to Bangladesh?
Internet Governance: Why does it matter to Bangladesh?Internet Governance: Why does it matter to Bangladesh?
Internet Governance: Why does it matter to Bangladesh?
 
Shikkhok.com, An ISIF awarded project
Shikkhok.com, An ISIF awarded project Shikkhok.com, An ISIF awarded project
Shikkhok.com, An ISIF awarded project
 
Monetizing 4G LTE : How we make money out of LTE
Monetizing 4G LTE : How we make money out of LTEMonetizing 4G LTE : How we make money out of LTE
Monetizing 4G LTE : How we make money out of LTE
 
IPv6 Greenfield
IPv6 Greenfield IPv6 Greenfield
IPv6 Greenfield
 
How Internet is Empowering Women in Bangladesh
How Internet is Empowering Women in Bangladesh How Internet is Empowering Women in Bangladesh
How Internet is Empowering Women in Bangladesh
 
Good Peering Practices
Good Peering Practices Good Peering Practices
Good Peering Practices
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh
 
Discovering and Participating at ICANN
Discovering and Participating at ICANNDiscovering and Participating at ICANN
Discovering and Participating at ICANN
 

Similar to Prefix Filtering BCP

Prefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul IslamPrefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul IslamMyNOG
 
Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]
Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]
Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]APNIC
 
IRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoIRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoAPNIC
 
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]APNIC
 
Routing Registry Function Automation using RPKI & RPSL
Routing Registry Function Automation using RPKI & RPSLRouting Registry Function Automation using RPKI & RPSL
Routing Registry Function Automation using RPKI & RPSLAPNIC
 
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...APNIC
 
Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...Muhammad Moinur Rahman
 
Computer network (14)
Computer network (14)Computer network (14)
Computer network (14)NYversity
 
SGNOG2 - Using communities for multihoming ISP workshop
SGNOG2 - Using communities for multihoming ISP workshopSGNOG2 - Using communities for multihoming ISP workshop
SGNOG2 - Using communities for multihoming ISP workshopAPNIC
 
BGP Techniques for Network Operators
BGP Techniques for Network OperatorsBGP Techniques for Network Operators
BGP Techniques for Network OperatorsAPNIC
 
Implementing Internet and MPLS BGP
Implementing Internet and MPLS BGPImplementing Internet and MPLS BGP
Implementing Internet and MPLS BGPPrivate
 

Similar to Prefix Filtering BCP (20)

Prefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul IslamPrefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul Islam
 
Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]
Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]
Internet Routing Registry and RPKI Tutorial, by Nurul Islam Roman [APNIC 38]
 
IRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoIRR Tutorial and RPKI Demo
IRR Tutorial and RPKI Demo
 
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
 
Routing Registry Function Automation using RPKI & RPSL
Routing Registry Function Automation using RPKI & RPSLRouting Registry Function Automation using RPKI & RPSL
Routing Registry Function Automation using RPKI & RPSL
 
Bgp (1)
Bgp (1)Bgp (1)
Bgp (1)
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
BGP Monitoring Protocol
BGP Monitoring ProtocolBGP Monitoring Protocol
BGP Monitoring Protocol
 
Bgp
BgpBgp
Bgp
 
10 routing-bgp
10 routing-bgp10 routing-bgp
10 routing-bgp
 
bgp.ppt
bgp.pptbgp.ppt
bgp.ppt
 
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
 
Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...
 
11 bgp-ethernet
11 bgp-ethernet11 bgp-ethernet
11 bgp-ethernet
 
Lec7
Lec7Lec7
Lec7
 
Computer network (14)
Computer network (14)Computer network (14)
Computer network (14)
 
Wrou01
Wrou01Wrou01
Wrou01
 
SGNOG2 - Using communities for multihoming ISP workshop
SGNOG2 - Using communities for multihoming ISP workshopSGNOG2 - Using communities for multihoming ISP workshop
SGNOG2 - Using communities for multihoming ISP workshop
 
BGP Techniques for Network Operators
BGP Techniques for Network OperatorsBGP Techniques for Network Operators
BGP Techniques for Network Operators
 
Implementing Internet and MPLS BGP
Implementing Internet and MPLS BGPImplementing Internet and MPLS BGP
Implementing Internet and MPLS BGP
 

More from Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephBangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceBangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaBangladesh Network Operators Group
 

More from Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 
Measuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create ValueMeasuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create Value
 

Recently uploaded

Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...akbard9823
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfThe Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfMilind Agarwal
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 

Recently uploaded (20)

Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfThe Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 

Prefix Filtering BCP

  • 1. Prefix Filtering Design Issues and Best Practices Nurul Islam Roman, APNIC bdNOG2, Cox’s Bazar, Bangladesh.
  • 2. Ingress Prefixes •  There are three scenarios for receiving prefixes from other ASNs –  Customer talking BGP –  Peer talking BGP –  Upstream/Transit talking BGP •  Each has different filtering requirements and need to be considered separately
  • 3. Source of Prefixes •  Upstream –  Mostly ISP •  Regional Internet Registry (RIR) –  I.e. APNIC, ARIN, ARFINIC, LACNIC, RIPE NCC
  • 4. Design Consideration •  Ingress prefix from downstream: –  Option 1: Customer single home and non portable prefix •  Customer is not APNIC member prefix received from upstream ISP –  Option 2: Customer single home and portable prefix •  Customer is APNIC member receive allocation as service provider but no AS number yet –  Option 3: Customer multihome and non portable prefix •  Customer is not APNIC member both prefix and ASN received from upstream ISP –  Option 4: Customer multihome and portable prefix •  Customer is APNIC member both prefix and ASN received from APNIC
  • 5. Design Consideration [Single home] •  Option 1: Single home and non portable prefix Internet can not change upstream ISP1 ISP Prefix 3fff:ffff::/32 Enterprise Prefix 3fff:ffff:dcdc:/48 Customer
  • 6. Design Consideration [Single home] •  Option 2: Single home and portable prefix Internet Can change upstream ISP1 ISP Prefix 3fff:ffff::/32 Enterprise Prefix 2001:0DB8::/32 Customer
  • 7. Design Consideration [Multihome] •  Option 3: Multihome and non portable prefix Internet upstream can not change ISP1 ISP Prefix 3fff:ffff::/32 Enterprise Prefix 3fff:ffff:dcdc:/48 ISP2 upstream can change Customer
  • 8. Design Consideration [Multihome] •  Option 4: Multihome and portable prefix Internet upstream can change ISP1 ISP Prefix 3fff:ffff::/32 Enterprise Prefix 2001:0DB8::/32 ISP2 upstream can change Customer
  • 9. Route Filtering BCP [Single home] •  Option 1: Customer single home and non portable prefix Internet upstream downstream AS17821 Static 3fff:ffff:dcdc::/48 to customer WAN Interface No LoA Check of Cust prefix ISP Prefix 3fff:ffff::/32 Customer Prefix 3fff:ffff:dcdc::/48 NO BGP Static Default to ISP WAN Interface Filter requirement for ISP Customer interface OSPF passive No BGP peering with downstream customer No route filter required Traffic filter should permit customer prefix only Filter requirement for Customer No dynamic routing protocol with ISP No route filter required Need traffic filter based on company security policy
  • 10. Route Filtering BCP [Single home] •  Option 2: : Customer single home and portable prefix Internet upstream downstream AS17821 Static 2001:0DB8::/32 to customer WAN Interface BGP network 2001:0DB8::/32 AS17821 i Check LoA of Cust prefix ISP Prefix 3fff:ffff::/32 Customer Prefix 2001:0DB8::/32 NO BGP Static Default to ISP WAN Interface Static 2001:0DB8::/32 null0 Filter requirement for ISP Customer interface OSPF passive No BGP peering with downstream customer No route filter required Traffic filter should permit customer prefix only Filter requirement for Customer No dynamic routing protocol with ISP No route filter required Need traffic filter based on company security policy
  • 11. Route Filtering [Multihome] •  Option 3: Customer multihome and non portable prefix Internet upstream can not change AS17821 eBGP peering with customer WAN interface No LoA Check of Cust prefix ISP Prefix 3fff:ffff::/32 Customer Prefix 3fff:ffff:dcdc::/48 Filter requirement for ISP Customer interface OSPF passive BGP peering with downstream customer Route filter permit 3fff:ffff:dcdc::/48 only in Route filter permit ::/0, AS17821cust, all /48& /32 out Or route filter permit ::/0 & AS17821 only out AS path filter permit _64500$ in Traffic filter should permit customer prefix in Filter requirement for Customer BGP peering with both upstream ISP Route filter permit 3fff:ffff:dcdc::/48 only out Route filter permit ::/0, AS17821cust, all /48& /32 in Or route filter permit ::/0 & AS17821 only in AS path filter permit ^$ out Need traffic filter based on company security policy AS131107 Check LoA of Cust prefix Manual process e-mail to tech-c Automated process route object or RPKI Nearly same filter requirement as other ISP AS64500 eBGP peering with both ISP WAN Interface BGP network 3fff:ffff:dcdc::/48 AS64500 i or aggregate address from gateway router upstream can change
  • 12. Route Filtering [Multihome] •  Option 4: Customer multihome and portable prefix Internet upstream can change AS17821 Check LoA of Cust prefix Manual process e-mail to tech-c Automated process route object or RPKI ISP Prefix 3fff:ffff::/32 Customer Prefix 2001:0DB8::/32 Filter requirement for ISP Customer interface OSPF passive BGP peering with downstream customer Route filter permit 2001:0DB8::/32 only in Route filter permit ::/0, AS17821cust, all /48& /32 out Or route filter permit ::/0 & AS17821 only out AS path filter permit _64500$ in Traffic filter should permit customer prefix in Filter requirement for Customer BGP peering with both upstream ISP Route filter permit 2001:0DB8::/32 only out Route filter permit ::/0, AS17821cust, all /48& /32 in Or route filter permit ::/0 & AS17821 only in AS path filter permit ^$ out Need traffic filter based on company security policy AS131107 Check LoA of Cust prefix Manual process e-mail to tech-c Automated process route object or RPKI Nearly same filter requirement as other ISP AS64500 eBGP peering with both ISP WAN Interface BGP network 2001:0DB8::/32 AS64500 i or aggregate address from gateway router upstream can change
  • 13. Design Issue [Ingress Prefix] •  Downstream Customer BGP In process design issue: –  Option 1: ISP default only In •  Customer is accepting ::/0 only from upstream ISP prefix –  Option 2: ISP default + local In •  Customer is accepting ::/0 and upstream ISP prefix and their other customer portable prefixes (Non portable prefixes should not) –  Option 3: ISP default + local + all In •  Customer is accepting ::/0, upstream ISP aggregated prefix and their other customer portable prefixes (Non portable prefixes should not) and all other from Internet
  • 14. Route Filtering •  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 AS131107 default originated AS17821 default originated
  • 15. •  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 AS131107 default originated AS17821 default originated Route Filtering
  • 16. •  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 AS131107 default originated AS17821 default originated Route Filtering
  • 17. •  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering –  Can not re-route traffic if remote transit is down Internet Net 2001:0DB8::/32 upstream AS17821 default originated AS131107 default originated AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 Route Filtering
  • 18. •  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering –  Can not re-route traffic if remote transit is down –  I.e. Network 2001:0DB8::/32 is withdrawn in AS200 but default path in AS64500 is still sending traffic via AS 17821) Internet Net 2001:0DB8::/32 upstream AS17821 default originated AS131107 default originated AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 Route Filtering
  • 19. •  Option 1: ISP default only In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering –  Can not re-route traffic if remote transit is down –  Prefixes originated in AS131107 can be routed via AS17821 (Sub- optimal path) Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 upstream AS100 AS200 AS131107 default originated Net 3fff:ffff::/32 i AS17821 default originated Route Filtering
  • 20. •  Option 2: ISP default + local In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering to the remote –  Can not re-route traffic if remote transit is down –  AS131107 is sending its portable local route to AS64500 Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 >3fff:ffff::/32 i from As131107 upstream AS100 AS200 AS131107 default originated net 3fff:ffff::/32 i AS17821 default originated Route Filtering
  • 21. •  Option 2: ISP default + local In –  Can use a low configuration router (CPU/DRAM) –  Easy to manage small routing table –  Do not support destination specific traffic engineering to the remote –  Can not re-route traffic if remote transit is down –  AS131107 is sending its portable local route to AS64500 –  Prefixes originated in AS131107 can now be routed via AS131107 (Optimal Path) Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from As131107 upstream AS100 AS200 AS131107 default originated Net 3fff:ffff::/32 i AS17821 default originated Route Filtering
  • 22. •  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:0db8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
  • 23. •  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) –  Need skilled people to manage large routing table Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:0db8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
  • 24. •  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) –  Need skilled people to manage large routing table –  Support destination specific traffic engineering to the remote Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:0db8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
  • 25. •  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) –  Need skilled people to manage large routing table –  Support destination specific traffic engineering to the remote –  Can now re-route traffic if remote transit is down Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:0db8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
  • 26. •  Option 3: ISP default + local + all In –  Need high configuration router (CPU/ DRAM) –  Need skilled people to manage large routing table –  Support destination specific traffic engineering to the remote –  Can now re-route traffic if remote transit is down Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 > 2001:0db8 via AS 131107 2001:0db8 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
  • 27. •  Option 3: ISP default + local + all In –  Need high configuration router (CPU/DRAM) –  Need skilled people to manage large routing table –  Support destination specific traffic engineering to the remote –  Can now re-route traffic if remote transit is down –  Prefixes originated in AS131107 or AS17821 can now be routed via AS131107 or AS17821 respectively Internet Net 2001:0DB8::/32 upstream AS64500 ::/0 from AS131107 > ::/0 from AS17821 > 3fff:ffff::/32 from AS131107 3fff:ffff::/32 via AS17821 2001:0db8::/32 via AS 131107 > 2001:odb8::/32 via AS 17821 etc etc etc……… upstream AS100 AS200 AS131107 default originated net originated in AS131107 and its portable customer net AS17821 default originated net originated in AS131107 and its portable customer net Route Filtering
  • 28. Route Filtering BCP •  Prefixes: From Upstream/Transit Provider •  If necessary to receive prefixes from any provider, care is required. –  Don’t accept default (unless you need it) –  Don’t accept your own prefixes •  For IPv4: –  Don’t accept private (RFC1918) and certain special use prefixes: http://www.rfc-editor.org/rfc/rfc5735.txt –  Don’t accept prefixes longer than /24 (?) •  For IPv6: –  Don’t accept certain special use prefixes: http://www.rfc-editor.org/rfc/rfc5156.txt –  Don’t accept prefixes longer than /48 (?)
  • 29. Route Filtering BCP IXP •  Same set of routes should be announced over both transit path and Peering •  Announcing more specific route over transit may win best path then peering •  Avoid static/default •  Apply prefix filter on route server •  Per neighbor filtering for more granularity 29
  • 30. Route Filtering BCP •  Prefixes: From Upstream/Transit Provider •  Check Team Cymru’s list of “bogons” www.team-cymru.org/Services/Bogons/http.html •  For IPv4 also consult: datatracker.ietf.org/doc/draft-vegoda-no-more-unallocated-slash8s •  For IPv6 also consult: www.space.net/~gert/RIPE/ipv6-filters.html •  Bogon Route Server: www.team-cymru.org/Services/Bogons/routeserver.html –  Supplies a BGP feed (IPv4 and/or IPv6) of address blocks which should not appear in the BGP table