How Internet Works

2,382 views
2,244 views

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,382
On SlideShare
0
From Embeds
0
Number of Embeds
24
Actions
Shares
0
Downloads
227
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • How Internet Works

    1. 1. How the Internet works Kae Hsu Communication Network Dept. [email_address]
    2. 2. Agenda <ul><li>Internet topology </li></ul><ul><li>Internet elements </li></ul><ul><ul><li>IP address & Autonomous system number </li></ul></ul><ul><ul><ul><li>IPv4, IPv6, ASN attributes </li></ul></ul></ul><ul><ul><li>Router & switch </li></ul></ul><ul><ul><li>Routing protocols </li></ul></ul><ul><ul><ul><li>IGP, EGP </li></ul></ul></ul><ul><li>Internet security </li></ul><ul><li>Multiprotocol Label Switching (MPLS) </li></ul>
    3. 3. About the speaker <ul><li>Join seednet on 2000/12 </li></ul><ul><ul><li>Maintain network management platform from 2001/1 </li></ul></ul><ul><ul><li>Maintain frame-relay backbone from 2001/4 </li></ul></ul><ul><ul><li>Maintain domestic backbone from 2001/7 </li></ul></ul><ul><ul><li>Maintain domestic peering/transit circuit from 2002/8 </li></ul></ul><ul><ul><li>Maintain oversea peering/transit circuit from 2004/3 </li></ul></ul><ul><ul><li>Promotion on 2005/1 </li></ul></ul><ul><li>Certification </li></ul><ul><ul><li>SCSA, SCNA (Solaris 8) </li></ul></ul><ul><ul><li>CCIE#12740 (Routing & switching) </li></ul></ul><ul><ul><li>JNCIP#266 </li></ul></ul>
    4. 4. Internet topology Autonomous System Autonomous System Autonomous System Autonomous System Autonomous System Autonomous System Autonomous System Autonomous System
    5. 5. Internet elements <ul><li>IP address </li></ul><ul><ul><li>IPv4: 32bits address space </li></ul></ul><ul><ul><li>IPv6: 128bits address space </li></ul></ul><ul><li>Who will allocate IP address? </li></ul><ul><ul><li>Local Internet Registry (LIR) </li></ul></ul><ul><ul><ul><li>ISPs </li></ul></ul></ul><ul><ul><li>National Internet Registry (NIR) </li></ul></ul><ul><ul><ul><li>TWNIC in Taiwan, JPNIC in Japan </li></ul></ul></ul><ul><ul><li>Regional Internet Registry (RIR) </li></ul></ul><ul><ul><ul><li>APNIC in Asia/Pacific, ARIN in North America </li></ul></ul></ul><ul><ul><li>Internet Assigned Numbers Authority (IANA) </li></ul></ul><ul><ul><ul><li>Top level of IP & AS number assigned </li></ul></ul></ul>
    6. 6. Internet elements <ul><li>IPv4 address attributes </li></ul><ul><ul><li>Class A, B, C, D, E </li></ul></ul><ul><ul><li>Public/Private/Specialized IPv4 address </li></ul></ul><ul><ul><ul><li>Public IP address: Routable address on Internet </li></ul></ul></ul><ul><ul><ul><li>Private IP address (RFC1918): </li></ul></ul></ul><ul><ul><ul><ul><li>10/8 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>172.16/12 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>192.168/16 </li></ul></ul></ul></ul><ul><ul><ul><li>Specialized IPv4 address (RFC3330): </li></ul></ul></ul><ul><ul><ul><ul><li>Assigned by IANA directly </li></ul></ul></ul></ul>
    7. 7. Internet elements <ul><li>IPv6 address attributes </li></ul><ul><ul><li>http://www.iana.org/assignments/ipv6-address-space </li></ul></ul><ul><ul><ul><li>Last update on 2006/2/27 </li></ul></ul></ul><ul><ul><ul><li>IPv6 Prefix Allocation Reference </li></ul></ul></ul><ul><ul><ul><li>----------- ------------------------ ------------ </li></ul></ul></ul><ul><ul><ul><li>0000::/8 Reserved by IETF [RFC3513] </li></ul></ul></ul><ul><ul><ul><li>0100::/8 Reserved by IETF [RFC3513] </li></ul></ul></ul><ul><ul><ul><li>0200::/7 Reserved by IETF [RFC4048] </li></ul></ul></ul><ul><ul><ul><li>0400::/6 Reserved by IETF [RFC3513] </li></ul></ul></ul><ul><ul><ul><li>0800::/5 Reserved by IETF [RFC3513] </li></ul></ul></ul><ul><ul><ul><li>1000::/4 Reserved by IETF [RFC3513] </li></ul></ul></ul><ul><ul><ul><li>2000::/3 Global Unicast [RFC3513] </li></ul></ul></ul><ul><ul><ul><li>4000::/3 Reserved by IETF [RFC3513] </li></ul></ul></ul><ul><ul><ul><li>6000::/3 Reserved by IETF [RFC3513] </li></ul></ul></ul><ul><ul><ul><li>8000::/3 Reserved by IETF [RFC3513] </li></ul></ul></ul><ul><ul><ul><li>A000::/3 Reserved by IETF [RFC3513] </li></ul></ul></ul><ul><ul><ul><li>C000::/3 Reserved by IETF [RFC3513] </li></ul></ul></ul><ul><ul><ul><li>E000::/4 Reserved by IETF [RFC3513] </li></ul></ul></ul><ul><ul><ul><li>F000::/5 Reserved by IETF [RFC3513] </li></ul></ul></ul><ul><ul><ul><li>F800::/6 Reserved by IETF [RFC3513] </li></ul></ul></ul><ul><ul><ul><li>FC00::/7 Unique Local Unicast [RFC4193] </li></ul></ul></ul><ul><ul><ul><li>FE00::/9 Reserved by IETF [RFC3513] </li></ul></ul></ul><ul><ul><ul><li>FE80::/10 Link Local Unicast [RFC3513] </li></ul></ul></ul><ul><ul><ul><li>FEC0::/10 Reserved by IETF [RFC3879] </li></ul></ul></ul><ul><ul><ul><li>FF00::/8 Multicast [RFC3513] </li></ul></ul></ul>
    8. 8. Internet elements <ul><li>Autonomous system </li></ul><ul><ul><li>On the Internet, an autonomous system is a collection of IP networks under the control of a single entity that presents a common routing policy to the Internet . </li></ul></ul><ul><ul><li>See RFC1930 for detail </li></ul></ul><ul><li>Autonomous system number (ASN) </li></ul><ul><ul><li>A public AS has a globally unique number, an Autonomous System number (ASN), associated with it; this number is used in both the exchange of exterior routing information (between neighboring Autonomous Systems), and as an identifier of the AS itself. </li></ul></ul>
    9. 9. Internet elements <ul><li>ASN address space </li></ul><ul><ul><li>2-byte ASN </li></ul></ul><ul><ul><li>4-byte ASN (In IETF draft) </li></ul></ul><ul><li>ASN attribute </li></ul><ul><ul><li>Public ASN: 1~64511 </li></ul></ul><ul><ul><ul><li>0000000000000001~1111101111111111 </li></ul></ul></ul><ul><ul><li>Private ASN: 64512~65535 </li></ul></ul><ul><ul><ul><li>1111110000000000~1111111111111111 </li></ul></ul></ul><ul><ul><li>Private ASN is not routable on Internet </li></ul></ul>
    10. 10. Internet elements <ul><li>Build ISP POPs (Point of presences) </li></ul>Autonomous System ISP POP ISP POP ISP POP ISP POP ISP POP ISP POP
    11. 11. Internet elements <ul><li>Network topology in ISP POP </li></ul><ul><ul><li>Three layers architecture </li></ul></ul><ul><ul><ul><li>Core layer </li></ul></ul></ul><ul><ul><ul><li>Distribution layer </li></ul></ul></ul><ul><ul><ul><li>Access layer </li></ul></ul></ul>ISP POP Distribution layer Core layer Access layer
    12. 12. Internet elements <ul><li>Core layer </li></ul><ul><ul><li>Use high end router in this layer </li></ul></ul><ul><ul><ul><li>Cisco System (CSCO) </li></ul></ul></ul><ul><ul><ul><ul><li>XR 12000 & 12000 series router </li></ul></ul></ul></ul><ul><ul><ul><ul><li>CRS-1 Carrier Routing System </li></ul></ul></ul></ul><ul><ul><ul><li>Juniper Networks (JNPR) </li></ul></ul></ul><ul><ul><ul><ul><li>M series router </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>M7i, M10i, M40e, M120, M320 </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>T series router </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>T320, T640, TX Matrix </li></ul></ul></ul></ul></ul>
    13. 13. Internet elements <ul><li>Core router: CSCO XR 12000 series router </li></ul>
    14. 14. Internet elements <ul><li>Core router: CSCO CRS-1 Carrier Routing System </li></ul>
    15. 15. Internet elements <ul><li>Core router: JNPR M-series router </li></ul>
    16. 16. Internet elements <ul><li>Core router – JNPR T-series router </li></ul>
    17. 17. Internet elements <ul><li>Distribution layer </li></ul><ul><ul><li>Keep local traffic in local </li></ul></ul><ul><ul><li>Higher port density than core router </li></ul></ul><ul><ul><ul><li>Much cheaper than core router (per port) </li></ul></ul></ul><ul><ul><li>Use router or L3 switch </li></ul></ul><ul><ul><ul><li>Router </li></ul></ul></ul><ul><ul><ul><ul><li>CSCO 7600 series router </li></ul></ul></ul></ul><ul><ul><ul><ul><li>JNPR MX960 </li></ul></ul></ul></ul><ul><ul><ul><li>L3 switch </li></ul></ul></ul><ul><ul><ul><ul><li>CSCO 6500 series switch </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Foundry </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Extreme </li></ul></ul></ul></ul>
    18. 18. Internet elements <ul><li>Distribution layer router: CSCO 7600 </li></ul>
    19. 19. Internet elements <ul><li>Distribution layer router: JNPR MX960 </li></ul>
    20. 20. Internet elements <ul><li>Distribution layer router: CSCO 6500 </li></ul>
    21. 21. Internet elements <ul><li>Access layer </li></ul><ul><ul><li>Face to customers </li></ul></ul><ul><ul><li>Aggregate many low-speed circuit to one or two high-speed circuit </li></ul></ul><ul><ul><ul><li>Face to customer: T1, E1, ADSL </li></ul></ul></ul><ul><ul><ul><li>Connect to distribution layer: FE, GE </li></ul></ul></ul><ul><ul><li>Use access router or Broadband Remote Access Server (BRAS) </li></ul></ul><ul><ul><ul><li>Router </li></ul></ul></ul><ul><ul><ul><ul><li>CSCO 3700, 7200, 7300 series router </li></ul></ul></ul></ul><ul><ul><ul><ul><li>JNPR M-series router </li></ul></ul></ul></ul><ul><ul><ul><li>BRAS </li></ul></ul></ul><ul><ul><ul><ul><li>Redback SmartEdge </li></ul></ul></ul></ul><ul><ul><ul><ul><li>JNPR E-series BRAS routing platform (ERX) </li></ul></ul></ul></ul>
    22. 22. Internet elements <ul><li>Access layer: CSCO 7200 series router </li></ul>
    23. 23. Internet elements <ul><li>Access layer: Redback SmartEdge </li></ul>
    24. 24. Internet elements <ul><li>Access layer: JNPR E-series routing platform </li></ul>
    25. 25. Internet elements <ul><li>How to connect each equipments in POP? </li></ul><ul><ul><li>Ethernet family </li></ul></ul><ul><ul><ul><li>Ten Gigabit Ethernet (10000Mbps) </li></ul></ul></ul><ul><ul><ul><li>Gigabit Ethernet (1000Mbps) </li></ul></ul></ul><ul><ul><ul><li>Fast Ethernet (100Mbps) </li></ul></ul></ul><ul><li>How to connect each POPs? </li></ul><ul><ul><li>Kinds of circuits </li></ul></ul><ul><ul><ul><li>SONET/SDH based circuit </li></ul></ul></ul><ul><ul><ul><li>ATM or Frame-relay based circuit </li></ul></ul></ul><ul><ul><ul><li>Ethernet based circuit </li></ul></ul></ul><ul><ul><ul><li>DWDM based circuit </li></ul></ul></ul><ul><ul><ul><li>Dark fiber </li></ul></ul></ul>
    26. 26. Internet elements <ul><li>SONET/SDH based circuit </li></ul><ul><ul><li>SONET: ANSI/Telcordia standard </li></ul></ul><ul><ul><li>SDH: ITU-T standard </li></ul></ul><ul><ul><li>Major different in framing structure </li></ul></ul><ul><ul><ul><li>Basic SONET framing unit: STS-1, 51.84Mbps </li></ul></ul></ul><ul><ul><ul><ul><li>STS-1 frame size: 6480bits </li></ul></ul></ul></ul><ul><ul><ul><li>Basic SDH framing unit: STM-1, 155.52Mbps </li></ul></ul></ul><ul><ul><ul><ul><li>STM-1 frame size: 19440bits </li></ul></ul></ul></ul><ul><ul><li>Frame rate of SONET/SDH is 8000 frame/sec </li></ul></ul><ul><ul><ul><li>Use mux/demux to package low-speed circuit (T1/E1/E3/T3/ATM/Ethernet) into SONET/SDH frame </li></ul></ul></ul><ul><ul><li>Advantage: low overhead </li></ul></ul><ul><ul><ul><li>SONET/SDH overhead: 3.33% </li></ul></ul></ul><ul><ul><ul><li>ATM overhead: 9.43% </li></ul></ul></ul>
    27. 27. Internet elements <ul><li>ATM and Frame-relay based circuit </li></ul><ul><ul><li>Basic in ATM circuit: cell </li></ul></ul><ul><ul><ul><li>fix length: 53bytes, use 5 bytes for header </li></ul></ul></ul><ul><ul><ul><li>speed: from 155Mbps to 622Mbps </li></ul></ul></ul><ul><ul><li>Basic in Frame-relay circuit: Frame </li></ul></ul><ul><ul><ul><li>speed: from 64Kbps to 45Mbps </li></ul></ul></ul><ul><li>Ethernet based circuit </li></ul><ul><ul><li>Metro Ethernet </li></ul></ul><ul><li>DWDM based circuit </li></ul><ul><ul><li>Use different lambda ( λ ) to carry different traffic </li></ul></ul><ul><ul><li>Physical layer equipment </li></ul></ul><ul><li>Dark fiber </li></ul>
    28. 28. Internet elements <ul><li>Routing protocol used by ISP </li></ul><ul><ul><li>Interior Gateway Protocol (IGP) </li></ul></ul><ul><ul><ul><li>A set of routing protocols that are used within an autonomous system </li></ul></ul></ul><ul><ul><ul><li>Opposites: Exterior Gateway Protocol (EGP) </li></ul></ul></ul><ul><li>Routing protocol used among ISP POPs </li></ul><ul><ul><li>100% control by ISP </li></ul></ul><ul><ul><li>OSPF or IS-IS </li></ul></ul><ul><li>Routing protocol used between ISP and customer </li></ul><ul><ul><li>static route for only one circuit </li></ul></ul><ul><ul><li>Use RIP for multiple circuit </li></ul></ul>
    29. 29. Internet elements <ul><li>Distance Vector routing protocol </li></ul><ul><ul><li>Routing Information Protocol (RIP) </li></ul></ul><ul><ul><ul><li>RIPv1 (classful), RIPv2 (classless), RIPng (IPv6) </li></ul></ul></ul><ul><ul><li>Interior Gateway Routing Protocol (IGRP) </li></ul></ul><ul><ul><ul><li>Cisco system property </li></ul></ul></ul><ul><ul><ul><li>Add other factors for routing selection </li></ul></ul></ul>
    30. 30. Internet elements <ul><li>Link State routing protocol </li></ul><ul><ul><li>Open Shortest Path First (OSPF) </li></ul></ul><ul><ul><ul><li>Based on Dijkstra Shortest Path First algorithm </li></ul></ul></ul><ul><ul><ul><li>Draft/standardized by Internet Engineering Task Force (IETF) </li></ul></ul></ul><ul><ul><ul><li>OSPFv2, OSPFv3 (IPv6) </li></ul></ul></ul><ul><ul><li>Intermediate system to intermediate system (IS-IS) </li></ul></ul><ul><ul><ul><li>Based on Dijkstra Shortest Path First algorithm </li></ul></ul></ul><ul><ul><ul><li>Draft/standardized by International Standards Organization (ISO) </li></ul></ul></ul><ul><ul><li>Enhanced IGRP </li></ul></ul><ul><ul><ul><li>Cisco system property </li></ul></ul></ul><ul><ul><ul><li>Integrated link state and distance vector routing protocol </li></ul></ul></ul>
    31. 31. Internet elements <ul><li>Routing information exchange </li></ul><ul><ul><li>Access layer propagate customer routes to distribution layer </li></ul></ul><ul><ul><li>Distribution layer propagate/aggregate customer routes to core layer </li></ul></ul><ul><ul><li>Core layer exchange POPs routing information </li></ul></ul><ul><ul><li>Scalability problem? </li></ul></ul>
    32. 32. Seednet domestic backbone OC3/STM-1 STM-4 GE STM-16/Fiber Router(s) of POP Shiji Taoyuan Hsinchu Yilan Miaoli Taichung Changhwa Yungling Hualian Taitong Pingtong Kaohsiung Tainan NeiHu Nantou Chiayi Icon remark
    33. 33. Internet elements <ul><li>How to connect to other ASN? </li></ul><ul><ul><li>Use lots of circuit to connect to other ASN </li></ul></ul><ul><ul><ul><li>Localloop </li></ul></ul></ul><ul><ul><ul><li>IPLC </li></ul></ul></ul><ul><ul><li>Core router colocation in Internet eXchange (IX), use in-house wire to peering with other ASN </li></ul></ul><ul><ul><li>Use public peering service of IX </li></ul></ul><ul><li>NOT all of the ASN in the world would peering with you in free </li></ul><ul><ul><li>Mostly, free peering happened between two ISPs with similar scale </li></ul></ul><ul><ul><ul><li>Inbound/Outbound traffic is not the key </li></ul></ul></ul>
    34. 34. Internet elements <ul><li>It is hard to peer with all ASN in the world </li></ul><ul><ul><li>Cost </li></ul></ul><ul><ul><li>Cost </li></ul></ul><ul><ul><li>Cost </li></ul></ul><ul><li>Transit service </li></ul><ul><ul><li>Upstream ISP bring Internet traffic to downstream ISP </li></ul></ul><ul><ul><ul><li>ISPs didn’t need anyone to transit traffic for them: Tier-1 ISP </li></ul></ul></ul><ul><ul><ul><li>There are 9 Tier-1 ISP defined by wiki </li></ul></ul></ul>
    35. 35. Seednet exterior status Icon remark Router(s) of POP US Hinet China T3 100M FE TWIX GSN 155M STM-1 Gigamedia GigabitEthernet Asia/HK/JP STM-4 STM-16 JP(NTT) APTG FLAG Taoyuan MOECC(TANet) NCU(600M) NCTU NCHU(600M) NCKU NSYSU(600M) CCU(600M) Taipei ASCC Hsinchu Taichung Chiayi Tainan Kaohsiung
    36. 36. Internet elements <ul><li>Routing exchange between ISPs </li></ul><ul><ul><li>Exterior Gateway Protocol </li></ul></ul><ul><ul><ul><li>EGP </li></ul></ul></ul><ul><ul><ul><li>Border Gateway Protocol (BGP) </li></ul></ul></ul><ul><ul><li>BGP </li></ul></ul><ul><ul><ul><li>Currently: BGP version 4 </li></ul></ul></ul><ul><ul><ul><li>Lots of attribute for routing control </li></ul></ul></ul><ul><ul><ul><li>Distance Vector routing protocol </li></ul></ul></ul><ul><ul><ul><li>Use AS path to prevent routing loop </li></ul></ul></ul><ul><ul><ul><li>Use AS path length to select best route </li></ul></ul></ul><ul><ul><ul><li>Flexible on routing tag, attribute re-write, filtering </li></ul></ul></ul><ul><ul><ul><li>Flexible and capable in attribute extention. </li></ul></ul></ul>
    37. 37. Internet elements <ul><li>Routing/traffic control by BGP </li></ul>expensive cheap AS100 AS200+AS100 AS100 AS300+AS100 AS400+AS300+AS100 AS100, 192.168/16 AS300 AS200 AS400 AS500
    38. 38. Internet elements <ul><li>Routing/traffic control by BGP – AS path length </li></ul><ul><ul><li>AS prepend </li></ul></ul>expensive cheap AS100+AS100+AS100 AS200+AS100+AS100+AS100 AS100 AS300+AS100 AS400+AS300+AS100 AS100, 192.168/16 AS300 AS200 AS400 AS500
    39. 39. Internet elements <ul><li>Routing/traffic control by BGP – longest match </li></ul><ul><ul><li>IP blocks slice </li></ul></ul>expensive cheap 192.168/16 192.168/16 192.168/17, 192.168.128/17 192.168/17, 192.168.128/17 192.168/17, 192.168.128/17 AS100, 192.168/16 AS300 AS200 AS400 AS500
    40. 40. Internet elements <ul><li>Risk in IP blocks slice </li></ul><ul><ul><li>Normal situation </li></ul></ul>STM-16 FE 192.168/16 192.168/17, 192.168.128/17 192.168/16 AS100, 192.168/16 AS200, transit AS600, peering Internet
    41. 41. Internet elements <ul><li>Risks in IP blocks slice </li></ul><ul><ul><li>OOPS situation </li></ul></ul>STM-16 FE 192.168/16 192.168/17, 192.168.128/17 192.168/16 192.168/17, 192.168.128/17 congestion!!! error AS100, 192.168/16 AS200, transit AS600, peering Internet
    42. 42. Internet elements <ul><li>Use BGP to scale IGP </li></ul><ul><ul><li>BGP used in the ASN called Interior BGP (iBGP) </li></ul></ul><ul><ul><li>BGP used between ASN is called Exterior BGP (eBGP) </li></ul></ul><ul><ul><li>Tiny characteristic difference between iBGP and eBGP </li></ul></ul><ul><li>Use iBGP to carry customer routes in ASN </li></ul><ul><ul><li>Add suitable attribute in customer BGP routes </li></ul></ul><ul><ul><li>Store routes:next-hop information </li></ul></ul><ul><li>Use IGP to carry next-hop information for iBGP </li></ul><ul><ul><li>Router will use “recursive lookup” for routing search </li></ul></ul><ul><ul><ul><li>Check routes:next-hop from iBGP </li></ul></ul></ul><ul><ul><ul><li>Check next-hop from IGP </li></ul></ul></ul><ul><ul><ul><li>Forwarding packets to next-hop </li></ul></ul></ul>
    43. 43. Internet elements <ul><li>Information resource </li></ul><ul><ul><li>RFC </li></ul></ul><ul><ul><li>Internet group </li></ul></ul><ul><ul><ul><li>IANA, RIR </li></ul></ul></ul><ul><ul><ul><li>NANOG (North American Network Operators' Group) </li></ul></ul></ul><ul><ul><ul><li>Internet society </li></ul></ul></ul><ul><ul><ul><li>IETF </li></ul></ul></ul><ul><ul><li>Internet forum & newsgroup </li></ul></ul><ul><ul><ul><li>http://www.groupstudy.com/ </li></ul></ul></ul><ul><ul><ul><li>puck.nether.net Mailing Lists </li></ul></ul></ul><ul><ul><ul><li>Internet group newsgroup </li></ul></ul></ul>
    44. 44. Internet security <ul><li>Security issue on BGP </li></ul><ul><ul><li>Authenticated BGP neighbor? </li></ul></ul><ul><ul><ul><li>Use MD5 password to protect BGP session </li></ul></ul></ul><ul><ul><li>Authenticated BGP routes? </li></ul></ul><ul><ul><ul><li>Routing Assets Database (RADB) </li></ul></ul></ul><ul><ul><ul><li>IP address & ASes certification </li></ul></ul></ul><ul><ul><ul><ul><li>APNIC project </li></ul></ul></ul></ul>
    45. 45. Internet security <ul><li>Discard BGP routes from </li></ul><ul><ul><li>BGP routes belong private IP addresses </li></ul></ul><ul><ul><ul><li>RFC1918 </li></ul></ul></ul><ul><ul><li>Some BGP routes belong specialized IP addresses </li></ul></ul><ul><ul><ul><li>RFC3330 </li></ul></ul></ul><ul><ul><li>BGP routes belong private ASN </li></ul></ul><ul><ul><ul><li>RFC1930 </li></ul></ul></ul><ul><ul><li>BGP routes belong “Bogon IP blocks” </li></ul></ul><ul><ul><ul><li>Bogon IP blocks: IP blocks assigned by IANA but not assigned by RIR </li></ul></ul></ul><ul><li>Discard packets that source IP address belong BGP routes above is safe </li></ul>
    46. 46. Internet security <ul><li>Prevent IP spoofing </li></ul><ul><ul><li>Prevent IP spoofing outside your network </li></ul></ul><ul><ul><ul><li>Check source IP address of packets from your BGP neighbor </li></ul></ul></ul><ul><ul><ul><li>For packet with source IP address belong your ASN, just discard it </li></ul></ul></ul><ul><ul><li>Prevent IP spoofing in your network </li></ul></ul><ul><ul><ul><li>Check source IP address of packets from your customer </li></ul></ul></ul><ul><ul><ul><li>For packet with source IP address doesn’t belong your customer, just discard it </li></ul></ul></ul>
    47. 47. Internet security <ul><li>Internet attack </li></ul><ul><ul><li>TCP sync flooding </li></ul></ul><ul><ul><li>Smurf attack </li></ul></ul><ul><ul><li>Distributed Denied of Service </li></ul></ul>
    48. 48. Internet security <ul><li>Common ways to block DDoS attack </li></ul><ul><ul><li>Black hole </li></ul></ul><ul><ul><li>Sink hole </li></ul></ul>
    49. 49. MPLS <ul><li>Traditional packet forwarding </li></ul><ul><ul><li>Routing lookup </li></ul></ul><ul><li>MPLS packet forwarding </li></ul><ul><ul><li>Each MPLS router will build a database to map routes to special label </li></ul></ul><ul><ul><li>Use label to forward packet </li></ul></ul><ul><li>MPLS application </li></ul><ul><ul><li>MPLS VPN </li></ul></ul><ul><ul><li>MPLS Traffic Engineering (MPLS TE) </li></ul></ul><ul><ul><li>MPLS QoS </li></ul></ul>
    50. 50. MPLS <ul><li>Virtual Private Network (VPN) </li></ul><ul><ul><li>Traditional VPN </li></ul></ul><ul><ul><ul><li>Based on ATM and Frame-relay </li></ul></ul></ul><ul><ul><li>IPsec VPN </li></ul></ul><ul><ul><li>MPLS VPN </li></ul></ul><ul><ul><ul><li>Use label stack to differentiate different VPN </li></ul></ul></ul><ul><ul><ul><li>Provision for L2 or L3 network </li></ul></ul></ul><ul><li>MPLS TE </li></ul><ul><ul><li>Use MPLS to pre-build some MPLS TE tunnels </li></ul></ul><ul><ul><li>Router forward traffic via MPLS TE tunnel path, instead of IGP path. </li></ul></ul><ul><ul><li>Provide more flexibility than IGP </li></ul></ul><ul><li>MPLS QoS </li></ul>

    ×