SlideShare a Scribd company logo

08 (IDNOG01) ARP Guard in IXP by Eric Choy

Indonesia Network Operators Group
Indonesia Network Operators Group
EducationSpiritualTechnology
1 of 27
Download to read offline
Reduce IXP Outage From 40 mins to 0 min
 - ARP Guard in IXP Eric Choi Senior Product Manager, Product Management Service Provider Group, APJ
The Problem Statement – Quick Recap Information from the presentation “The Danger of Proxy ARP in IX environment by Maksym Tulyuk @ AMSIX http://ripe63.ripe.net/presentations/130-Proxy_ARP_RIPE_Nov2011.pdf
The Problem Statement – Quick Recap Information from the presentation provided by Maksym Tulyuk @ AMSIX http://ripe63.ripe.net/presentations/130-Proxy_ARP_RIPE_Nov2011.pdf
Computing Sciences Area 4 The Problem Statement – Quick Recap
Computing Sciences Area 5 The Problem Statement – Quick Recap
Computing Sciences Area 6 The Problem Statement – Quick Recap
The Problem Statement – Quick Recap Information from the presentation provided by Maksym Tulyuk @ AMSIX http://ripe63.ripe.net/presentations/130-Proxy_ARP_RIPE_Nov2011.pdf Start End
The Problem Statement – Quick Recap Information from the presentation provided by Maksym Tulyuk @ AMSIX http://ripe63.ripe.net/presentations/130-Proxy_ARP_RIPE_Nov2011.pdf Start End
Computing Sciences Area 9 Can we do better ?
Computing Sciences Area How about …. 10
Can we avoid the outage when the problem happens Information from the presentation provided by Maksym Tulyuk @ AMSIX http://ripe63.ripe.net/presentations/130-Proxy_ARP_RIPE_Nov2011.pdfStop here
©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA 12 Introducing ARP Guard Use Case 1
©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA 13 Introducing ARP Guard Use Case 2
© 2012 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only How to implement? Can it be done using existing mechanism? ▪ ACL? ▪Secure ARP? Solution ▪Checking all the ARP requests/replies entering the L2 interface against access list. 6/24/2014 14
©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA Configuration • Syntax: [no] arp-guard-group <arp-guard-access-group|id> • Syntax: [no] permit [src_ip_addr] [src_mac_addr] • Syntax: [no] permit vlan [id] [src_ip_addr] any • Syntax: [no] permit vlan [id] [src_ip_addr] [src_mac_addr] • Description of parameters: • arp-guard-group – Command in the global config mode to give ACL-like commands. • arp-guard-access-group – name of the ARP Guard access-group, which contains the list of rules. • permit – This command is used to specify the required set of rules for the associated ARP Guard group Part I 15
©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA Configuration arp-guard-group AS201 permit 20.0.0.2 0001:0002:0003:0004 arp-guard-group AS202 permit vlan 100 20.0.0.32 any permit vlan 200 20.0.0.31 0001:0003:0003:0003 16
©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA Configuration Syntax: [no] arp-guard <arp-guard-access-group> [log]  Description of parameters: arp-guard – Command to enable ARP GUARD in the interface config mode. arp-guard-access-group – name of the ARP Guard access-group, which contains the list of rules. log – option to log the information about the dropped packet. Part 2 17
©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA Show command MLX(config-if-e1000-1/1)#show arp-guard counters port <port-id> [vlan <vlan-id>] MLX(config-if-e1000-1/1)#show arp-guard counters all MLX(config-if-e1000-1/1)#clear arp-guard counters port <port-id> [vlan <vlan-id>] MLX(config-if-e1000-1/1)#clear arp-guard counters all 18
© 2012 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only Show command Example 6/24/2014 19   MLX#show arp-guard statistics ethernet 1/1 Port Vlan-id Arp_pkts_captured Arp_pkts_forwarded Arp_pkts_dropped 1/1 (Def/Untag) 0 0 0 1/1 3 10000 9000 100 1/1 2 10000 9000 100
©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA Syslog • If a “log” option is used on the arp-guard command, then a syslog message is generated to log the error ARP packet. Syslog message would contain the following: - • Port name/id, • arp-guard-group name • vlan-id (if-any), • MAC address and the IP address 20
© 2012 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only Syslog Example 6/24/2014 21 SYSLOG: <14>Mar 14 1905 22:37:21 MLX-Dist1 ARP_GUARD DROP LOG:Violation occured at time Mar 14 22:37:20: on Trunk port=4/1 having Access_Grp=AS201, for the incoming packet with MAC_ADDR=0000.5822.bf78 IP_ADDR=1.1.1.2 VLAN: 1 
©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA Example MLX(config)#arp-guard-group AS303 MLX(config-arp-guard-group)#permit 30.0.0.31 0000:0003:0003:0004 MLX(config-arp-guard-group)#permit 30.0.0.32 any MLX(config-arp-guard-group)#exit MLX(config)#interface ethe 1/1 MLX(config-if)#arp-guard AS303 log Port Based Deployment 22
©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA Example MLX(config)#arp-guard-group AS202 MLX(config-arp-guard-group)#permit vlan 100 20.0.0.31 0000:0003:0003:0003 MLX(config-arp-guard-group)#permit vlan 101 20.0.0.32 any MLX(config-arp-guard-group)#exit MLX(config)#interface ethe 1/1 MLX(config-if)#arp-guard AS202 log IXP WholeSale Using IX 23
© 2012 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only LTE Backhaul Use Case 6/24/2014 24 eNB PDN-GW HSS AAA IMS Core DNS PCRF SGW MME www Internet S1-MME S2 S6b S6a SGi S11 eNodeB PDN-GW HSS AAA IMS Core DNS PCRF SGW MME www Internet eNodeB S1-U S1-MME S1-U L2 Network
© 2012 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only Data Center Use Case 6/24/2014 25 Data Center Interconnect
© 2012 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only ACKNOWLEDGEMENT Raphael Ho CheeYong Tay Jimmy Halim 6/24/2014 26
THANK YOU
 Eric Choi Senior Product Manager, Product Management Service Provider Group, APJ " email: echoi@brocade.com

Recommended

The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...Aruba, a Hewlett Packard Enterprise company
 
ACI MultiPod Config Guide
ACI MultiPod Config GuideACI MultiPod Config Guide
ACI MultiPod Config GuideWoo Hyung Choi
 
FlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLEFlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLETariq Sheikh
 
Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba, a Hewlett Packard Enterprise company
 
Day 11 eigrp
Day 11 eigrpDay 11 eigrp
Day 11 eigrpCYBERINTELLIGENTS
 
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNICIndonesia Network Operators Group
 
Networking basics EIGRP
Networking basics EIGRPNetworking basics EIGRP
Networking basics EIGRPHassan Tariq
 
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Jiunn-Jer Sun
 

Recommended

The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...Aruba, a Hewlett Packard Enterprise company
 
ACI MultiPod Config Guide
ACI MultiPod Config GuideACI MultiPod Config Guide
ACI MultiPod Config GuideWoo Hyung Choi
 
FlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLEFlexVPNLabHandbook-SAMPLE
FlexVPNLabHandbook-SAMPLETariq Sheikh
 
Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba, a Hewlett Packard Enterprise company
 
Day 11 eigrp
Day 11 eigrpDay 11 eigrp
Day 11 eigrpCYBERINTELLIGENTS
 
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNICIndonesia Network Operators Group
 
Networking basics EIGRP
Networking basics EIGRPNetworking basics EIGRP
Networking basics EIGRPHassan Tariq
 
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Jiunn-Jer Sun
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookRHC Technologies
 
Multicast in OpenStack Tips
Multicast in OpenStack TipsMulticast in OpenStack Tips
Multicast in OpenStack TipsVikram G Hosakote
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)NetProtocol Xpert
 
CODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONG
CODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONGCODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONG
CODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONGCODE BLUE
 
5 ip security urpf
5 ip security urpf5 ip security urpf
5 ip security urpfSagarR24
 
Iuwne10 S06 L01
Iuwne10 S06 L01Iuwne10 S06 L01
Iuwne10 S06 L01Ravi Ranjan
 
IPSec VPN
IPSec VPNIPSec VPN
IPSec VPNNetProtocol Xpert
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
 
Aruba OS 7.3 Command Line Interface Reference Guide
Aruba OS 7.3 Command Line Interface Reference GuideAruba OS 7.3 Command Line Interface Reference Guide
Aruba OS 7.3 Command Line Interface Reference GuideAruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAruba, a Hewlett Packard Enterprise company
 
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONG
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONGCODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONG
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONGCODE BLUE
 
Rap split tunnelv2
Rap split tunnelv2Rap split tunnelv2
Rap split tunnelv2Aruba, a Hewlett Packard Enterprise company
 
Using PerfDHCP tool to scale DHCP in OpenStack Neutron
Using PerfDHCP tool to scale DHCP in OpenStack NeutronUsing PerfDHCP tool to scale DHCP in OpenStack Neutron
Using PerfDHCP tool to scale DHCP in OpenStack NeutronVikram G Hosakote
 
Rap installation updated
Rap installation updatedRap installation updated
Rap installation updatedAruba, a Hewlett Packard Enterprise company
 
Air group configuration howto with clearpass 6 v1.2(1)
Air group configuration howto with clearpass 6 v1.2(1)Air group configuration howto with clearpass 6 v1.2(1)
Air group configuration howto with clearpass 6 v1.2(1)Aruba, a Hewlett Packard Enterprise company
 
SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693
SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693 SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693
SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693 Muhammad Adeel Kazim⭐⭐⭐⭐⭐
 
Iuwne10 S06 L03
Iuwne10 S06 L03Iuwne10 S06 L03
Iuwne10 S06 L03Ravi Ranjan
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXCisco Canada
 
CCNA CDP LLDP NTP
CCNA CDP LLDP NTP CCNA CDP LLDP NTP
CCNA CDP LLDP NTP Networkel
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesAruba, a Hewlett Packard Enterprise company
 
The Regional Internet Registry System and Internet Number Resources
The Regional Internet Registry System and Internet Number ResourcesThe Regional Internet Registry System and Internet Number Resources
The Regional Internet Registry System and Internet Number ResourcesRIPE NCC
 
03 (IDNOG02) Sub Sea Cable System a brief introduction by Willy Sutrisno
03 (IDNOG02) Sub Sea Cable System a brief introduction by Willy Sutrisno03 (IDNOG02) Sub Sea Cable System a brief introduction by Willy Sutrisno
03 (IDNOG02) Sub Sea Cable System a brief introduction by Willy SutrisnoIndonesia Network Operators Group
 

More Related Content

What's hot

Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookRHC Technologies
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)NetProtocol Xpert
 
CODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONG
CODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONGCODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONG
CODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONGCODE BLUE
 
5 ip security urpf
5 ip security urpf5 ip security urpf
5 ip security urpfSagarR24
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
 
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONG
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONGCODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONG
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONGCODE BLUE
 
Using PerfDHCP tool to scale DHCP in OpenStack Neutron
Using PerfDHCP tool to scale DHCP in OpenStack NeutronUsing PerfDHCP tool to scale DHCP in OpenStack Neutron
Using PerfDHCP tool to scale DHCP in OpenStack NeutronVikram G Hosakote
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXCisco Canada
 
CCNA CDP LLDP NTP
CCNA CDP LLDP NTP CCNA CDP LLDP NTP
CCNA CDP LLDP NTP Networkel
 

What's hot (20)

Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBook
 
Multicast in OpenStack Tips
Multicast in OpenStack TipsMulticast in OpenStack Tips
Multicast in OpenStack Tips
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
 
CODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONG
CODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONGCODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONG
CODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONG
 
5 ip security urpf
5 ip security urpf5 ip security urpf
5 ip security urpf
 
Iuwne10 S06 L01
Iuwne10 S06 L01Iuwne10 S06 L01
Iuwne10 S06 L01
 
IPSec VPN
IPSec VPNIPSec VPN
IPSec VPN
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
 
Aruba OS 7.3 Command Line Interface Reference Guide
Aruba OS 7.3 Command Line Interface Reference GuideAruba OS 7.3 Command Line Interface Reference Guide
Aruba OS 7.3 Command Line Interface Reference Guide
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONG
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONGCODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONG
CODE BLUE 2014 : Drone attack by malware and network hacking by DONGCHEOL HONG
 
Rap split tunnelv2
Rap split tunnelv2Rap split tunnelv2
Rap split tunnelv2
 
Using PerfDHCP tool to scale DHCP in OpenStack Neutron
Using PerfDHCP tool to scale DHCP in OpenStack NeutronUsing PerfDHCP tool to scale DHCP in OpenStack Neutron
Using PerfDHCP tool to scale DHCP in OpenStack Neutron
 
Rap installation updated
Rap installation updatedRap installation updated
Rap installation updated
 
Air group configuration howto with clearpass 6 v1.2(1)
Air group configuration howto with clearpass 6 v1.2(1)Air group configuration howto with clearpass 6 v1.2(1)
Air group configuration howto with clearpass 6 v1.2(1)
 
SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693
SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693 SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693
SANGFOR NGAF FIREWALL SG TECHNICAL PVT LTD 03002019693
 
Iuwne10 S06 L03
Iuwne10 S06 L03Iuwne10 S06 L03
Iuwne10 S06 L03
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CX
 
CCNA CDP LLDP NTP
CCNA CDP LLDP NTP CCNA CDP LLDP NTP
CCNA CDP LLDP NTP
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment Challenges
 

Viewers also liked

The Regional Internet Registry System and Internet Number Resources
The Regional Internet Registry System and Internet Number ResourcesThe Regional Internet Registry System and Internet Number Resources
The Regional Internet Registry System and Internet Number ResourcesRIPE NCC
 
03 (IDNOG02) Sub Sea Cable System a brief introduction by Willy Sutrisno
03 (IDNOG02) Sub Sea Cable System a brief introduction by Willy Sutrisno03 (IDNOG02) Sub Sea Cable System a brief introduction by Willy Sutrisno
03 (IDNOG02) Sub Sea Cable System a brief introduction by Willy SutrisnoIndonesia Network Operators Group
 
Ptcl call setup between different exchanges
Ptcl call setup between different exchangesPtcl call setup between different exchanges
Ptcl call setup between different exchangesPTCL
 
IDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesiaIDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesiaAPNIC
 
07 (IDNOG01) Local Exchange Point and APIX Update by Harijanto Pribadi
07 (IDNOG01) Local Exchange Point and APIX Update by Harijanto Pribadi07 (IDNOG01) Local Exchange Point and APIX Update by Harijanto Pribadi
07 (IDNOG01) Local Exchange Point and APIX Update by Harijanto PribadiIndonesia Network Operators Group
 
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya 01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya Indonesia Network Operators Group
 
Expand Your Enterprise Cloud Strategy with AWS Direct Connect and Equinix
Expand Your Enterprise Cloud Strategy with AWS Direct Connect and EquinixExpand Your Enterprise Cloud Strategy with AWS Direct Connect and Equinix
Expand Your Enterprise Cloud Strategy with AWS Direct Connect and EquinixAmazon Web Services
 
An introduction to AWS Direct Connect
An introduction to AWS Direct ConnectAn introduction to AWS Direct Connect
An introduction to AWS Direct ConnectJulien SIMON
 
APNIC Update - NZNOG 2017
APNIC Update - NZNOG 2017APNIC Update - NZNOG 2017
APNIC Update - NZNOG 2017APNIC
 
(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNsAmazon Web Services
 
Cloud Architectures with AWS Direct Connect (ARC304) | AWS re:Invent 2013
Cloud Architectures with AWS Direct Connect (ARC304) | AWS re:Invent 2013Cloud Architectures with AWS Direct Connect (ARC304) | AWS re:Invent 2013
Cloud Architectures with AWS Direct Connect (ARC304) | AWS re:Invent 2013Amazon Web Services
 

Viewers also liked (12)

The Regional Internet Registry System and Internet Number Resources
The Regional Internet Registry System and Internet Number ResourcesThe Regional Internet Registry System and Internet Number Resources
The Regional Internet Registry System and Internet Number Resources
 
03 (IDNOG02) Sub Sea Cable System a brief introduction by Willy Sutrisno
03 (IDNOG02) Sub Sea Cable System a brief introduction by Willy Sutrisno03 (IDNOG02) Sub Sea Cable System a brief introduction by Willy Sutrisno
03 (IDNOG02) Sub Sea Cable System a brief introduction by Willy Sutrisno
 
Ptcl call setup between different exchanges
Ptcl call setup between different exchangesPtcl call setup between different exchanges
Ptcl call setup between different exchanges
 
IDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesiaIDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesia
 
06 (IDNOG02) IPv4 Address Transfer by Wita Laksono
06 (IDNOG02) IPv4 Address Transfer by Wita Laksono06 (IDNOG02) IPv4 Address Transfer by Wita Laksono
06 (IDNOG02) IPv4 Address Transfer by Wita Laksono
 
07 (IDNOG01) Local Exchange Point and APIX Update by Harijanto Pribadi
07 (IDNOG01) Local Exchange Point and APIX Update by Harijanto Pribadi07 (IDNOG01) Local Exchange Point and APIX Update by Harijanto Pribadi
07 (IDNOG01) Local Exchange Point and APIX Update by Harijanto Pribadi
 
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya 01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
 
Expand Your Enterprise Cloud Strategy with AWS Direct Connect and Equinix
Expand Your Enterprise Cloud Strategy with AWS Direct Connect and EquinixExpand Your Enterprise Cloud Strategy with AWS Direct Connect and Equinix
Expand Your Enterprise Cloud Strategy with AWS Direct Connect and Equinix
 
An introduction to AWS Direct Connect
An introduction to AWS Direct ConnectAn introduction to AWS Direct Connect
An introduction to AWS Direct Connect
 
APNIC Update - NZNOG 2017
APNIC Update - NZNOG 2017APNIC Update - NZNOG 2017
APNIC Update - NZNOG 2017
 
(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs
 
Cloud Architectures with AWS Direct Connect (ARC304) | AWS re:Invent 2013
Cloud Architectures with AWS Direct Connect (ARC304) | AWS re:Invent 2013Cloud Architectures with AWS Direct Connect (ARC304) | AWS re:Invent 2013
Cloud Architectures with AWS Direct Connect (ARC304) | AWS re:Invent 2013
 

Similar to 08 (IDNOG01) ARP Guard in IXP by Eric Choy

Advanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkAdvanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkRiyaj Shamsudeen
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Oracle Client Failover - Under The Hood
Oracle Client Failover - Under The HoodOracle Client Failover - Under The Hood
Oracle Client Failover - Under The HoodLudovico Caldara
 
5 ip security ipsec gre
5 ip security ipsec gre5 ip security ipsec gre
5 ip security ipsec greSagarR24
 
Networking Concepts and Tools for the Cloud
Networking Concepts and Tools for the CloudNetworking Concepts and Tools for the Cloud
Networking Concepts and Tools for the CloudAlex Amies
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяEkaterina Melnik
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NamePositive Hack Days
 
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua CiscoGiai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua CiscoTran Thanh Song
 
Krzysztof Mazepa - IOS XR - IP Fast Convergence
Krzysztof Mazepa - IOS XR - IP Fast ConvergenceKrzysztof Mazepa - IOS XR - IP Fast Convergence
Krzysztof Mazepa - IOS XR - IP Fast ConvergencePROIDEA
 
Deep submicron-backdoors-ortega-syscan-2014-slides
Deep submicron-backdoors-ortega-syscan-2014-slidesDeep submicron-backdoors-ortega-syscan-2014-slides
Deep submicron-backdoors-ortega-syscan-2014-slidesortegaalfredo
 
Firewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaFirewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaHanaysha
 
10G/40G gen to 25G/100G gen, and go forward (HPVI community meetup)
10G/40G gen to 25G/100G gen, and go forward (HPVI community meetup)10G/40G gen to 25G/100G gen, and go forward (HPVI community meetup)
10G/40G gen to 25G/100G gen, and go forward (HPVI community meetup)Takao Setaka
 
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...Nelson Calero
 
Catalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your NetworkCatalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your NetworkCisco Russia
 
Dynamic Service Chaining
Dynamic Service Chaining Dynamic Service Chaining
Dynamic Service Chaining Tail-f Systems
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
Отчет Audit report RAPID7
Отчет Audit report RAPID7 Отчет Audit report RAPID7
Отчет Audit report RAPID7Sergey Yrievich
 
BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...
BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...
BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...aaajjj4
 
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Cisco Russia
 

Similar to 08 (IDNOG01) ARP Guard in IXP by Eric Choy (20)

Advanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkAdvanced RAC troubleshooting: Network
Advanced RAC troubleshooting: Network
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
Oracle Client Failover - Under The Hood
Oracle Client Failover - Under The HoodOracle Client Failover - Under The Hood
Oracle Client Failover - Under The Hood
 
5 ip security ipsec gre
5 ip security ipsec gre5 ip security ipsec gre
5 ip security ipsec gre
 
Networking Concepts and Tools for the Cloud
Networking Concepts and Tools for the CloudNetworking Concepts and Tools for the Cloud
Networking Concepts and Tools for the Cloud
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имя
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the Name
 
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua CiscoGiai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
 
Krzysztof Mazepa - IOS XR - IP Fast Convergence
Krzysztof Mazepa - IOS XR - IP Fast ConvergenceKrzysztof Mazepa - IOS XR - IP Fast Convergence
Krzysztof Mazepa - IOS XR - IP Fast Convergence
 
Deep submicron-backdoors-ortega-syscan-2014-slides
Deep submicron-backdoors-ortega-syscan-2014-slidesDeep submicron-backdoors-ortega-syscan-2014-slides
Deep submicron-backdoors-ortega-syscan-2014-slides
 
Firewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaFirewall arch by Tareq Hanaysha
Firewall arch by Tareq Hanaysha
 
10G/40G gen to 25G/100G gen, and go forward (HPVI community meetup)
10G/40G gen to 25G/100G gen, and go forward (HPVI community meetup)10G/40G gen to 25G/100G gen, and go forward (HPVI community meetup)
10G/40G gen to 25G/100G gen, and go forward (HPVI community meetup)
 
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
 
Catalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your NetworkCatalyst Smart Operations : Simplify Your Network
Catalyst Smart Operations : Simplify Your Network
 
Dynamic Service Chaining
Dynamic Service Chaining Dynamic Service Chaining
Dynamic Service Chaining
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
 
Отчет Audit report RAPID7
Отчет Audit report RAPID7 Отчет Audit report RAPID7
Отчет Audit report RAPID7
 
Report PAPID 7
Report PAPID 7Report PAPID 7
Report PAPID 7
 
BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...
BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...
BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...
 
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
 

More from Indonesia Network Operators Group

LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your networkLT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your networkIndonesia Network Operators Group
 
LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...
LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...
LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...Indonesia Network Operators Group
 
10 - IDNOG04 - Enrico Hugo (Indonesia Honeynet Project) - The Rise of DGA Mal...
10 - IDNOG04 - Enrico Hugo (Indonesia Honeynet Project) - The Rise of DGA Mal...10 - IDNOG04 - Enrico Hugo (Indonesia Honeynet Project) - The Rise of DGA Mal...
10 - IDNOG04 - Enrico Hugo (Indonesia Honeynet Project) - The Rise of DGA Mal...Indonesia Network Operators Group
 
09 - IDNOG04 - Low Kok Seng (Sigfox) - Make Mass IOT Come Alive!
09 - IDNOG04 - Low Kok Seng (Sigfox) - Make Mass IOT Come Alive! 09 - IDNOG04 - Low Kok Seng (Sigfox) - Make Mass IOT Come Alive!
09 - IDNOG04 - Low Kok Seng (Sigfox) - Make Mass IOT Come Alive! Indonesia Network Operators Group
 
08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mit...
08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mit...08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mit...
08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mit...Indonesia Network Operators Group
 
07 - IDNOG04 - Leontinus Alpha Edison (Tokopedia) - Data Driven Innovation
07 - IDNOG04 - Leontinus Alpha Edison (Tokopedia) - Data Driven Innovation07 - IDNOG04 - Leontinus Alpha Edison (Tokopedia) - Data Driven Innovation
07 - IDNOG04 - Leontinus Alpha Edison (Tokopedia) - Data Driven InnovationIndonesia Network Operators Group
 
06 - IDNOG04 - Dion Leung (Coriant) - Emerging Trends & Real Deployments for ...
06 - IDNOG04 - Dion Leung (Coriant) - Emerging Trends & Real Deployments for ...06 - IDNOG04 - Dion Leung (Coriant) - Emerging Trends & Real Deployments for ...
06 - IDNOG04 - Dion Leung (Coriant) - Emerging Trends & Real Deployments for ...Indonesia Network Operators Group
 
03 - IDNOG04 - Hideyuki Sasaki (BBIX) - Introducing Internet Culture To The O...
03 - IDNOG04 - Hideyuki Sasaki (BBIX) - Introducing Internet Culture To The O...03 - IDNOG04 - Hideyuki Sasaki (BBIX) - Introducing Internet Culture To The O...
03 - IDNOG04 - Hideyuki Sasaki (BBIX) - Introducing Internet Culture To The O...Indonesia Network Operators Group
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLANIndonesia Network Operators Group
 
14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG
14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG
14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOGIndonesia Network Operators Group
 
21 - IDNOG03 - Jimmy Halim (Cloudflare) - Brief Introduction of CloudFlare, t...
21 - IDNOG03 - Jimmy Halim (Cloudflare) - Brief Introduction of CloudFlare, t...21 - IDNOG03 - Jimmy Halim (Cloudflare) - Brief Introduction of CloudFlare, t...
21 - IDNOG03 - Jimmy Halim (Cloudflare) - Brief Introduction of CloudFlare, t...Indonesia Network Operators Group
 
22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...
22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...
22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...Indonesia Network Operators Group
 
23 - IDNOG03 - Affan Basalamah (ITB) Achmad Basuki (UNIBRAW) - Overview of In...
23 - IDNOG03 - Affan Basalamah (ITB) Achmad Basuki (UNIBRAW) - Overview of In...23 - IDNOG03 - Affan Basalamah (ITB) Achmad Basuki (UNIBRAW) - Overview of In...
23 - IDNOG03 - Affan Basalamah (ITB) Achmad Basuki (UNIBRAW) - Overview of In...Indonesia Network Operators Group
 
30 - IDNOG03 - Setiaji (Pemda DKI) - Jakarta Smart City Journey & The Future
30 - IDNOG03 - Setiaji (Pemda DKI) - Jakarta Smart City Journey & The Future30 - IDNOG03 - Setiaji (Pemda DKI) - Jakarta Smart City Journey & The Future
30 - IDNOG03 - Setiaji (Pemda DKI) - Jakarta Smart City Journey & The FutureIndonesia Network Operators Group
 

More from Indonesia Network Operators Group (20)

LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your networkLT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
 
LT03 IDNOG04 - Dewangga - IPv6 Implementation for End Users
LT03 IDNOG04 - Dewangga - IPv6 Implementation for End UsersLT03 IDNOG04 - Dewangga - IPv6 Implementation for End Users
LT03 IDNOG04 - Dewangga - IPv6 Implementation for End Users
 
LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...
LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...
LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...
 
10 - IDNOG04 - Enrico Hugo (Indonesia Honeynet Project) - The Rise of DGA Mal...
10 - IDNOG04 - Enrico Hugo (Indonesia Honeynet Project) - The Rise of DGA Mal...10 - IDNOG04 - Enrico Hugo (Indonesia Honeynet Project) - The Rise of DGA Mal...
10 - IDNOG04 - Enrico Hugo (Indonesia Honeynet Project) - The Rise of DGA Mal...
 
09 - IDNOG04 - Low Kok Seng (Sigfox) - Make Mass IOT Come Alive!
09 - IDNOG04 - Low Kok Seng (Sigfox) - Make Mass IOT Come Alive! 09 - IDNOG04 - Low Kok Seng (Sigfox) - Make Mass IOT Come Alive!
09 - IDNOG04 - Low Kok Seng (Sigfox) - Make Mass IOT Come Alive!
 
08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mit...
08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mit...08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mit...
08 - IDNOG04 - Anton Purba (Amandata) - On-Premise, Cloud or Hybrid? DDoS Mit...
 
07 - IDNOG04 - Leontinus Alpha Edison (Tokopedia) - Data Driven Innovation
07 - IDNOG04 - Leontinus Alpha Edison (Tokopedia) - Data Driven Innovation07 - IDNOG04 - Leontinus Alpha Edison (Tokopedia) - Data Driven Innovation
07 - IDNOG04 - Leontinus Alpha Edison (Tokopedia) - Data Driven Innovation
 
06 - IDNOG04 - Dion Leung (Coriant) - Emerging Trends & Real Deployments for ...
06 - IDNOG04 - Dion Leung (Coriant) - Emerging Trends & Real Deployments for ...06 - IDNOG04 - Dion Leung (Coriant) - Emerging Trends & Real Deployments for ...
06 - IDNOG04 - Dion Leung (Coriant) - Emerging Trends & Real Deployments for ...
 
05 - IDNOG04 - Bambang Gunawan (Juniper) - Segment Routing
05 - IDNOG04 - Bambang Gunawan (Juniper) - Segment Routing05 - IDNOG04 - Bambang Gunawan (Juniper) - Segment Routing
05 - IDNOG04 - Bambang Gunawan (Juniper) - Segment Routing
 
04 - IDNOG04 - Charles Chiu (Skipio) - The Latest In G Fast
04 - IDNOG04 - Charles Chiu (Skipio) - The Latest In G Fast04 - IDNOG04 - Charles Chiu (Skipio) - The Latest In G Fast
04 - IDNOG04 - Charles Chiu (Skipio) - The Latest In G Fast
 
03 - IDNOG04 - Hideyuki Sasaki (BBIX) - Introducing Internet Culture To The O...
03 - IDNOG04 - Hideyuki Sasaki (BBIX) - Introducing Internet Culture To The O...03 - IDNOG04 - Hideyuki Sasaki (BBIX) - Introducing Internet Culture To The O...
03 - IDNOG04 - Hideyuki Sasaki (BBIX) - Introducing Internet Culture To The O...
 
10 - IDNOG03 - Parlin Marius (IDNOG) Opening Speech
10 - IDNOG03 - Parlin Marius (IDNOG) Opening Speech10 - IDNOG03 - Parlin Marius (IDNOG) Opening Speech
10 - IDNOG03 - Parlin Marius (IDNOG) Opening Speech
 
99 - IDNOG03 - Valens Riyadi (IDNOG) Closing Speech
99 - IDNOG03 - Valens Riyadi (IDNOG) Closing Speech99 - IDNOG03 - Valens Riyadi (IDNOG) Closing Speech
99 - IDNOG03 - Valens Riyadi (IDNOG) Closing Speech
 
12 - IDNOG03 - Hammam Riza (BPPT) Welcoming Speech
12 - IDNOG03 - Hammam Riza (BPPT) Welcoming Speech12 - IDNOG03 - Hammam Riza (BPPT) Welcoming Speech
12 - IDNOG03 - Hammam Riza (BPPT) Welcoming Speech
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
 
14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG
14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG
14 - IDNOG03 - George Michaelson (APNIC) - IPV6-in-2016-IDNOG
 
21 - IDNOG03 - Jimmy Halim (Cloudflare) - Brief Introduction of CloudFlare, t...
21 - IDNOG03 - Jimmy Halim (Cloudflare) - Brief Introduction of CloudFlare, t...21 - IDNOG03 - Jimmy Halim (Cloudflare) - Brief Introduction of CloudFlare, t...
21 - IDNOG03 - Jimmy Halim (Cloudflare) - Brief Introduction of CloudFlare, t...
 
22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...
22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...
22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...
 
23 - IDNOG03 - Affan Basalamah (ITB) Achmad Basuki (UNIBRAW) - Overview of In...
23 - IDNOG03 - Affan Basalamah (ITB) Achmad Basuki (UNIBRAW) - Overview of In...23 - IDNOG03 - Affan Basalamah (ITB) Achmad Basuki (UNIBRAW) - Overview of In...
23 - IDNOG03 - Affan Basalamah (ITB) Achmad Basuki (UNIBRAW) - Overview of In...
 
30 - IDNOG03 - Setiaji (Pemda DKI) - Jakarta Smart City Journey & The Future
30 - IDNOG03 - Setiaji (Pemda DKI) - Jakarta Smart City Journey & The Future30 - IDNOG03 - Setiaji (Pemda DKI) - Jakarta Smart City Journey & The Future
30 - IDNOG03 - Setiaji (Pemda DKI) - Jakarta Smart City Journey & The Future
 

Recently uploaded

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 

Recently uploaded (20)

INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 

08 (IDNOG01) ARP Guard in IXP by Eric Choy

  • 1. Reduce IXP Outage From 40 mins to 0 min
 - ARP Guard in IXP Eric Choi Senior Product Manager, Product Management Service Provider Group, APJ
  • 2. The Problem Statement – Quick Recap Information from the presentation “The Danger of Proxy ARP in IX environment by Maksym Tulyuk @ AMSIX http://ripe63.ripe.net/presentations/130-Proxy_ARP_RIPE_Nov2011.pdf
  • 3. The Problem Statement – Quick Recap Information from the presentation provided by Maksym Tulyuk @ AMSIX http://ripe63.ripe.net/presentations/130-Proxy_ARP_RIPE_Nov2011.pdf
  • 4. Computing Sciences Area 4 The Problem Statement – Quick Recap
  • 5. Computing Sciences Area 5 The Problem Statement – Quick Recap
  • 6. Computing Sciences Area 6 The Problem Statement – Quick Recap
  • 7. The Problem Statement – Quick Recap Information from the presentation provided by Maksym Tulyuk @ AMSIX http://ripe63.ripe.net/presentations/130-Proxy_ARP_RIPE_Nov2011.pdf Start End
  • 8. The Problem Statement – Quick Recap Information from the presentation provided by Maksym Tulyuk @ AMSIX http://ripe63.ripe.net/presentations/130-Proxy_ARP_RIPE_Nov2011.pdf Start End
  • 9. Computing Sciences Area 9 Can we do better ?
  • 11. Can we avoid the outage when the problem happens Information from the presentation provided by Maksym Tulyuk @ AMSIX http://ripe63.ripe.net/presentations/130-Proxy_ARP_RIPE_Nov2011.pdfStop here
  • 12. ©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA 12 Introducing ARP Guard Use Case 1
  • 13. ©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA 13 Introducing ARP Guard Use Case 2
  • 14. © 2012 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only How to implement? Can it be done using existing mechanism? ▪ ACL? ▪Secure ARP? Solution ▪Checking all the ARP requests/replies entering the L2 interface against access list. 6/24/2014 14
  • 15. ©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA Configuration • Syntax: [no] arp-guard-group <arp-guard-access-group|id> • Syntax: [no] permit [src_ip_addr] [src_mac_addr] • Syntax: [no] permit vlan [id] [src_ip_addr] any • Syntax: [no] permit vlan [id] [src_ip_addr] [src_mac_addr] • Description of parameters: • arp-guard-group – Command in the global config mode to give ACL-like commands. • arp-guard-access-group – name of the ARP Guard access-group, which contains the list of rules. • permit – This command is used to specify the required set of rules for the associated ARP Guard group Part I 15
  • 16. ©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA Configuration arp-guard-group AS201 permit 20.0.0.2 0001:0002:0003:0004 arp-guard-group AS202 permit vlan 100 20.0.0.32 any permit vlan 200 20.0.0.31 0001:0003:0003:0003 16
  • 17. ©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA Configuration Syntax: [no] arp-guard <arp-guard-access-group> [log]  Description of parameters: arp-guard – Command to enable ARP GUARD in the interface config mode. arp-guard-access-group – name of the ARP Guard access-group, which contains the list of rules. log – option to log the information about the dropped packet. Part 2 17
  • 18. ©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA Show command MLX(config-if-e1000-1/1)#show arp-guard counters port <port-id> [vlan <vlan-id>] MLX(config-if-e1000-1/1)#show arp-guard counters all MLX(config-if-e1000-1/1)#clear arp-guard counters port <port-id> [vlan <vlan-id>] MLX(config-if-e1000-1/1)#clear arp-guard counters all 18
  • 19. © 2012 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only Show command Example 6/24/2014 19   MLX#show arp-guard statistics ethernet 1/1 Port Vlan-id Arp_pkts_captured Arp_pkts_forwarded Arp_pkts_dropped 1/1 (Def/Untag) 0 0 0 1/1 3 10000 9000 100 1/1 2 10000 9000 100
  • 20. ©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA Syslog • If a “log” option is used on the arp-guard command, then a syslog message is generated to log the error ARP packet. Syslog message would contain the following: - • Port name/id, • arp-guard-group name • vlan-id (if-any), • MAC address and the IP address 20
  • 21. © 2012 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only Syslog Example 6/24/2014 21 SYSLOG: <14>Mar 14 1905 22:37:21 MLX-Dist1 ARP_GUARD DROP LOG:Violation occured at time Mar 14 22:37:20: on Trunk port=4/1 having Access_Grp=AS201, for the incoming packet with MAC_ADDR=0000.5822.bf78 IP_ADDR=1.1.1.2 VLAN: 1 
  • 22. ©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA Example MLX(config)#arp-guard-group AS303 MLX(config-arp-guard-group)#permit 30.0.0.31 0000:0003:0003:0004 MLX(config-arp-guard-group)#permit 30.0.0.32 any MLX(config-arp-guard-group)#exit MLX(config)#interface ethe 1/1 MLX(config-if)#arp-guard AS303 log Port Based Deployment 22
  • 23. ©2012 Brocade Communications Systems, Inc. CONFIDENTIAL — Discussion under NDA Example MLX(config)#arp-guard-group AS202 MLX(config-arp-guard-group)#permit vlan 100 20.0.0.31 0000:0003:0003:0003 MLX(config-arp-guard-group)#permit vlan 101 20.0.0.32 any MLX(config-arp-guard-group)#exit MLX(config)#interface ethe 1/1 MLX(config-if)#arp-guard AS202 log IXP WholeSale Using IX 23
  • 24. © 2012 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only LTE Backhaul Use Case 6/24/2014 24 eNB PDN-GW HSS AAA IMS Core DNS PCRF SGW MME www Internet S1-MME S2 S6b S6a SGi S11 eNodeB PDN-GW HSS AAA IMS Core DNS PCRF SGW MME www Internet eNodeB S1-U S1-MME S1-U L2 Network
  • 25. © 2012 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only Data Center Use Case 6/24/2014 25 Data Center Interconnect
  • 26. © 2012 Brocade Communications Systems, Inc. CONFIDENTIAL—For Internal Use Only ACKNOWLEDGEMENT Raphael Ho CheeYong Tay Jimmy Halim 6/24/2014 26
  • 27. THANK YOU
 Eric Choi Senior Product Manager, Product Management Service Provider Group, APJ " email: echoi@brocade.com