Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

BGP filter with mikrotik

2,672 views

Published on

In this webinar, we start the discussion with an introduction to BGP like AS to AS connection, comparison BGP routing and traditional routing, also BGP peering. we then talk about problem that might occur during BGP peering, its effects, and the solution. finally we cover an example of how to configure BGP filter on mikrotik.

The recording is available on youtube (GLC Networks Channel): https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg

Published in: Internet
  • Hey guys! Who wants to chat with me? More photos with me here 👉 http://www.bit.ly/katekoxx
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

BGP filter with mikrotik

  1. 1. www.glcnetworks.com BGP filter GLC webinar, 10 august 2017 Achmad Mardiansyah achmad@glcnetworks.com GLC Networks, Indonesia 1
  2. 2. www.glcnetworks.com Agenda ● Introduction ● BGP ● BGP filter ● Demo ● Q & A 2
  3. 3. www.glcnetworks.com What is GLC? ● Garda Lintas Cakrawala (www.glcnetworks.com) ● An Indonesian company ● Located in Bandung ● Areas: Training, IT Consulting ● Mikrotik Certified Training Partner/Consultant/Distributor ● Ubiquiti Certified Trainer/Consultant ● RedHat Certified Trainer 3
  4. 4. www.glcnetworks.com About GLC webinar? ● First webinar: january 1, 2010 (title: tahun baru bersama solaris - new year with solaris OS) ● As a sharing event with various topics: linux, networking, wireless, database, programming, etc ● Regular schedule: every 2 weeks ● Irregular schedule: as needed ● Checking schedule: http://www.glcnetworks.com/main/sc hedule ● You are invited to be a presenter ○ No need to be an expert ○ This is a forum for sharing: knowledge, experiences, information 4
  5. 5. www.glcnetworks.com Trainer Introduction ● Name: Achmad Mardiansyah ● Base: bandung, Indonesia ● Linux user (since 1999), Mikrotik user (since 2007), ubnt user (since 2011) ● Certified Trainer (Mikrotik, Ubiquiti, Redhat) ● Certified Consultant ● Work: Telco engineer, Sysadmin, PHP programmer, and Lecturer ● Personal website: http://achmadjournal.com ● More info: http://au.linkedin.com/in/achmadmardiansyah 5
  6. 6. www.glcnetworks.com Please introduce yourself ● Your name ● Your company/university? ● Your networking experience? ● Your mikrotik experience? ● Your expectation from this course? 6
  7. 7. www.glcnetworks.com BGP 7
  8. 8. www.glcnetworks.com AS and BGP ● AS (Autonomous System) ○ Collection of routers and prefixes under single administration (can be an organisation) which also apply single routing policy ○ AS is identified by AS number, given by IANA via Regional Registry ● BGP (Border Gateway Protocol) ○ A protocol that is used between AS for exchanging routing information (prefixes) ○ BGP see an AS as a (big) node which can forward packet based on layer 3 ● 8
  9. 9. www.glcnetworks.com ● Traditional routing: based on router HOP count ● BGP routing: based on AS HOP count Traditional routing VS. BGP routing 9
  10. 10. www.glcnetworks.com BGP peering types: ● Internal (iBGP) ○ peering inside AS ○ usually is backed-up by IGP (Interior Gateway Protocol). E.g. OSPF, RIP, EIGRP, etc ○ Unless route-reflector is used, every router inside AS need to setup peering each other (full-mesh peering). ● External (eBGP) ○ Peering between AS border router During ebgp peering, each router will exchange: ● Outgoing: inform own prefix to the world ● Incoming: receive prefixes from other AS BGP peering 10 Other AS
  11. 11. www.glcnetworks.com ● Announce wrong prefix ○ Example: AS2 announcing wrong prefix (e.g. 8.8.8.0/24) to AS5 and AS3 ● Receiving wrong prefix ○ Example: AS3 and AS5 receiving wrong prefix (8.8.8.0/24) from AS 2 BGP peering problem (example) 11 Wrong prefix Wrong prefix Other AS
  12. 12. www.glcnetworks.com ● Other AS (AS5, AS3, AS4, AS1) will see prefix 8.8.8.0/24 is very close to them, compared to the real AS that own that ip block ● Traffic goes to 8.8.8.0/24 will be forwarded to AS2 ● AS2 will receive flood of traffic ● packets never reach the destination (because its landed in wrong AS) ● Packets will moving around in AS2 until TTL expired -> causing congestion ● Customers complain internet is slow BGP peering problem (effect) 12 Wrong prefix Wrong prefix Other AS
  13. 13. www.glcnetworks.com ● Setup outgoing filter on AS2 ○ Only allow prefix that AS2 really own ● Setup incoming filter on AS3 and AS5 ○ Only allow prefix that AS2 really own BGP FILTER is used to protect YOU from INTERNET and to protect INTERNET from YOU BGP peering problem (solution) 13 filter filter Other AS
  14. 14. www.glcnetworks.com BGP filter on Mikrotik 14
  15. 15. www.glcnetworks.com Filter on BGP peering Filter can be applied on BGP peering: - In-filter - Out-filter This is just an example only, not taken from real environment 15
  16. 16. www.glcnetworks.com /routing filter (outgoing) ● Outgoing filter ○ In this example we only allow our own prefix (20.0.0.0/24) to announce it to moratel peer /routing filter add action=accept chain=moratel-out prefix=20.0.0.0/24 prefix-length=23-24 ○ Reject anything else /routing filter add action=reject chain=moratel-out 16
  17. 17. www.glcnetworks.com /routing filter (incoming) ● Incoming filter ○ In this example: we only allow prefix 50.0.0.0/8 from moratel to enter our routing table /routing filter add action=accept chain=moratel-in prefix=50.0.0.0/8 prefix-length=8-24 ○ Reject anything else /routing filter add action=reject chain=moratel-in 17
  18. 18. www.glcnetworks.com Interested? Just come to our training... Special price for webinar attendees… http://www.glcnetworks.c om/main/schedule 18
  19. 19. www.glcnetworks.com End of slides ● Thank you for your attention ● Please submit your feedback: http://bit.ly/glcfeedback ● Like our facebook page: “GLC networks” ● Slide: http://www.slideshare.net/r41nbuw ● Recording: https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg ● Stay tune with our schedule 19

×