The document discusses BGP zombie routes, which occur when an active routing table entry remains for a prefix that has been withdrawn by its origin network. This can cause issues like partial outages or routing loops. The document provides examples of real-world incidents involving zombie routes, including outages at Telia, Interoute, and CenturyLink/Level3. It also covers ways to detect and debug zombie routes, such as looking for routing loops or inconsistencies using traceroute. Mitigation strategies are also discussed.
When implementing IPv6 it can be important to maintain a view of how it is being used. This presentation provides a quick look at using Zabbix with SNMP to monitor IP protocol usage.
PLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin WangPROIDEA
This document discusses IP/MPLS and MPLS-TP solutions from Raisecom for fixed and mobile network convergence. It introduces the iTN8800 platform and iTN200 and RAX700 series CPE devices, which support IP/MPLS, MPLS-TP and carrier Ethernet technologies. The document also outlines their applications such as business service access, mobile backhaul, legacy network migration and interworking IP/MPLS with MPLS-TP networks.
Cisco Meraki provides a complete cloud-managed networking solution including wireless, switching, security, communications, endpoint management, and security cameras. With over 140,000 customers and 2 million devices online, Meraki simplifies IT using an integrated hardware, software, and cloud services approach. The solution is managed through a centralized cloud-based dashboard that provides turnkey installation, management, security, and scalability benefits.
This document discusses IPv6 deployment in wireless networks and the telco cloud. It summarizes that IPv6 is necessary as IPv4 addresses deplete. It has achieved global traffic growth but challenges remain around network complexity when introducing virtualization and services. Proper support of IPv6 is still needed in areas like OpenStack and mobile core virtualization to fully realize benefits. Future areas like 5G, fog computing and IoT will further drive the need for IPv6 deployment and management. The long term goal is full removal of IPv4 from networks.
The document discusses Ericsson's solutions for simplifying and accelerating the rollout of 5G networks. It introduces Ericsson Spectrum Sharing to enable 5G deployment using existing spectrum bands. It also highlights the new Street Macro solution combining baseband, fronthaul, and mmWave radio to increase network capacity density in urban areas. Additionally, it presents the new RAN Compute portfolio and enclosures to provide deployment flexibility and reduce total cost of ownership for operators migrating to 5G.
It is a concern for many call centers to choose the right Cisco platform for optimum performance. This ppt will help you better understand the difference between UCCE, PCCE, and UCCX basis the agent headcount, and other functionalities.
The document discusses F5 Networks solutions for application delivery networking, including an overview of the F5 ADN and how it provides application acceleration, load balancing, security and other capabilities. Use cases are presented showing how the F5 ADN improves performance and user experience. Professional services and resources from F5 are also mentioned.
5G slicing and management tmf contribution Saurabh Verma
- The document discusses TM Forum's work on 5G network slicing, including requirements, use cases, and business models.
- It describes two deployment scenarios: a single slice provider model with one provider spanning access, backhaul, and core networks; and a multi-slice provider model with the end-to-end slice spanning multiple providers.
- The key aspects covered are the network slice lifecycle including creation, operations, modification, and termination as well as the roles of 5G OSS/BSS, orchestration, and assurance functions.
When implementing IPv6 it can be important to maintain a view of how it is being used. This presentation provides a quick look at using Zabbix with SNMP to monitor IP protocol usage.
PLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin WangPROIDEA
This document discusses IP/MPLS and MPLS-TP solutions from Raisecom for fixed and mobile network convergence. It introduces the iTN8800 platform and iTN200 and RAX700 series CPE devices, which support IP/MPLS, MPLS-TP and carrier Ethernet technologies. The document also outlines their applications such as business service access, mobile backhaul, legacy network migration and interworking IP/MPLS with MPLS-TP networks.
Cisco Meraki provides a complete cloud-managed networking solution including wireless, switching, security, communications, endpoint management, and security cameras. With over 140,000 customers and 2 million devices online, Meraki simplifies IT using an integrated hardware, software, and cloud services approach. The solution is managed through a centralized cloud-based dashboard that provides turnkey installation, management, security, and scalability benefits.
This document discusses IPv6 deployment in wireless networks and the telco cloud. It summarizes that IPv6 is necessary as IPv4 addresses deplete. It has achieved global traffic growth but challenges remain around network complexity when introducing virtualization and services. Proper support of IPv6 is still needed in areas like OpenStack and mobile core virtualization to fully realize benefits. Future areas like 5G, fog computing and IoT will further drive the need for IPv6 deployment and management. The long term goal is full removal of IPv4 from networks.
The document discusses Ericsson's solutions for simplifying and accelerating the rollout of 5G networks. It introduces Ericsson Spectrum Sharing to enable 5G deployment using existing spectrum bands. It also highlights the new Street Macro solution combining baseband, fronthaul, and mmWave radio to increase network capacity density in urban areas. Additionally, it presents the new RAN Compute portfolio and enclosures to provide deployment flexibility and reduce total cost of ownership for operators migrating to 5G.
It is a concern for many call centers to choose the right Cisco platform for optimum performance. This ppt will help you better understand the difference between UCCE, PCCE, and UCCX basis the agent headcount, and other functionalities.
The document discusses F5 Networks solutions for application delivery networking, including an overview of the F5 ADN and how it provides application acceleration, load balancing, security and other capabilities. Use cases are presented showing how the F5 ADN improves performance and user experience. Professional services and resources from F5 are also mentioned.
5G slicing and management tmf contribution Saurabh Verma
- The document discusses TM Forum's work on 5G network slicing, including requirements, use cases, and business models.
- It describes two deployment scenarios: a single slice provider model with one provider spanning access, backhaul, and core networks; and a multi-slice provider model with the end-to-end slice spanning multiple providers.
- The key aspects covered are the network slice lifecycle including creation, operations, modification, and termination as well as the roles of 5G OSS/BSS, orchestration, and assurance functions.
Open Ethernet: an open-source approach to modern network designAlexander Petrovskiy
The era of closed proprietary hardware platforms is coming to an end. Today, in the world of Web-scale IT, the industry is starting to adopt new approach, based on the principles of openness, scalabilty and customizability. However, in more conservative networking industry, traditional equipment and proprietary technologies from a single vendor are often being used, which limits the flexibility, prevents innovation and narrows down the choice.
The "Open Ethernet" initiative from Mellanox brings open source principles into the world of modern networking and allows customers to select the best hardware and software to design network infrastructure, based on open and standard protocols and technologies, also opening the way for broad adoption of SDN.
Here are the key steps to include IPv6 on an existing IPv4 MPLS VPN using 6PE and CsC:
1. Upgrade PE routers to support 6PE and CsC. This allows the PEs to tunnel IPv6 packets over the existing IPv4 MPLS infrastructure.
2. Configure loopback addresses for the PE routers and advertise these addresses over MP-iBGP to exchange IPv6 reachability information.
3. Configure IPv6 VPN address families and enable the send-label option to exchange VPNv6 routes and labels over MP-iBGP.
4. Configure IPv6 VPN routes on the PEs and redistribute these routes into the VPNv6 address family to advertise to other PEs.
Traffic Engineering Using Segment Routing Cisco Canada
1) The document discusses using segment routing for traffic engineering. It provides an overview of segment routing technology, use cases, control and data plane operations, and how segment routing can be used for traffic engineering.
2) Key aspects covered include how segment routing works by encoding a path as an ordered list of segments, different types of segments (IGP prefixes, adjacencies, BGP), and how this allows for application-engineered end-to-end paths.
3) Traffic engineering with segment routing provides explicit routing, supports constraint-based routing without needing RSVP-TE, and uses existing IGP extensions to advertise link attributes.
This document provides an overview of wireless network design challenges for retail stores, warehouses, manufacturing facilities, and outdoor areas. It discusses key considerations for planning a wireless deployment such as inventorying devices, quantifying coverage needs, modeling access point placement, and performing site surveys. The document also covers RF fundamentals including characterizing materials' absorption properties, managing access point interference, and the difference between coverage and reliable coverage. Troubleshooting techniques and a question and answer section are also included on the agenda.
This document contains slides from a Cisco presentation on firewall certification. It discusses the CCNP Security Firewall v2.0 exam, including exam details, recommended reading, and high-level topics covered. It also provides an overview of Cisco firewall technology including the Adaptive Security Appliance and its features. Configuration topics like licensing, interfaces, NAT, routing, inspection policies and transparent mode are briefly outlined.
Barry Hesk: Cisco Unified Communications Manager training deck 1Barry Hesk
Cisco Unified Communications Manager (CUCM) training will cover CUCM basics and advanced configurations over three days. The instructor will use a demo environment including two CUCM servers and a Cisco Unity Connection voicemail server. Topics will include CUCM architecture, installation, upgrades, backups/restores, protocols, phones, gateways, and more. The goal is to explain how CUCM works from the perspective of a customer.
The document discusses Alcatel-Lucent's Service Router Operating System (SR-OS) and their High Leverage Network (HLN). It introduces the HLN as a converged, scalable, and intelligent IP network that offers distributed service intelligence, broadband access, scalable IP transport, and supports innovative revenue-generating services. The HLN focuses on application enablement, universal access, network evolution, and operational transformation. It also discusses the FP3 chip that enables 100Gbps networking and the services supported on the HLN network.
Tutorial at IEEE IM 2019.
The tutorial will provide a comprehensive coverage of the Network Automation domain starting with the scope and definitions, introducing the challenges and then developing the different approaches to realize complete future network automation solutions. A special focus will be put on the newly created ETSI ISG ZSM "Zero Touch Network and Service Management" and the standardization landscape.
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsRobb Boyd
Cisco Catalyst 9600 Series Switches are the next-generation purpose-built 40/100G modular core/aggregation platform, providing resiliency at scale with the industry’s most comprehensive security while allowing the business to grow at a low total operational cost.
The Cisco Catalyst 9606R is a 6-slot 8RU chassis ready to support a wired switching capacity of up to 25.6 Tbps, with up to 6.4 Tbps of bandwidth per slot. Some salient features of the Cisco Catalyst 9606R chassis are:
- Supports a nonblocking 40/100G Quad Small Form-Factor Pluggable (QSFP+, QSFP28) line card
- Supports a line-rate 1/10/25G SFP and Enhanced SFP (SFP, SFP+, SFP28) line card
- Optimized for the enterprise with efficient side-to-side airflow
- Front accessibility for all removable components, such as the supervisor, line cards, power supply, and fan tray
- Dual accessible fan tray for easy removal
- Embedded RFID tag for easy asset tracking
Resources:
TechWiseTV: http://cs.co/9009DzrjN
This lesson covers designing for high availability with Cisco Meraki solutions. It discusses setting up role-based access in the Meraki Dashboard and best practices for organizing devices using tags. It also reviews configuring high availability for MX appliances using a warm spare setup, including the terms, concepts, and requirements for failover between a primary and secondary MX.
This document discusses media handling in FreeSWITCH. It covers topics like audio codecs, transcoding, codec negotiation, bypass media, proxy media, and Sangoma transcoding. The document provides details on common audio codecs supported by FreeSWITCH, how transcoding works in FreeSWITCH, codec negotiation algorithms, different media modes like bypass and proxy media, and Sangoma hardware transcoding cards. It aims to give an overview of key concepts around media and codecs in FreeSWITCH.
SMS (Short Message Service) allows users to send and receive text messages to and from mobile devices. SMS was introduced in 1991 in Europe and is supported on major mobile networks like GSM, GPRS, and CDMA. SMS messages can contain up to 160 Latin characters or 70 Unicode characters and are sent and received via Short Message Entities and a Short Message Service Center, which stores and forwards messages between mobile stations and networks.
Building on TAP sync resiliency for the cloud Adtran
This document discusses software synchronization techniques for cloud and telecom applications. It outlines trends driving more software-based synchronization, including miniaturization, consolidation, and scalability. It then examines the Time Appliance Project (TAP) and Open RAN architectures as examples where software synchronization could provide accurate timing to virtualized applications over standard server hardware. Specific techniques presented include using a software PTP client called SoftSync, hardware timestamping NICs, and precision time measurement over PCIe to synchronize virtualized applications with sub-microsecond accuracy. The document concludes that while dedicated hardware provides the highest accuracy for critical applications, software synchronization is suitable today for applications like TAP and O-RAN using standard servers, and precision time measurement over
The sole purpose to study Enterprise Network is to create business simplicity across worldwide. The side arms of successful networking are scalability, robustness, fault identification, communication, modularity, security and maintaining privacy. The key for making a network is to provide the essential tools and techniques that will offer the quality of a private/public network.
As I discussed earlier the key purpose is to create business simplicity that means creating IT/Infrastructure simplicity across the cities where an Enterprise Network is connected. Obtaining success in failure/break-down conditions is the main purpose of a network. So to achieve that requirement network designing involves certain topologies, protocols, bandwidth allocation. Topology requirement can be described as maintaining two adjacent networks against any failure in a single link or node. Protocol requirement can be described as using dynamic/static routing protocol to provide routes must be congestion free in a network. Bandwidth allocation is needed to actively allocate extra bandwidth just to maintain the working condition in a network. Design and Modification criteria is all over handed to a person called Network Administrator, who maintains and solely responsible for anything(wanted or unwanted) happens in a network.
The document describes several registration and de-registration flows for IP Multimedia Subsystem (IMS). The key steps are:
1. For registration, the UE requests P-CSCF information from DHCP and DNS servers, then sends a register request to the P-CSCF which assigns a S-CSCF and retrieves the user profile from HSS.
2. Periodic re-registration follows the same process to refresh the registration.
3. For de-registration, the UE or network send a register request with expiration time of zero, removing the registration.
The document discusses the Session Initiation Protocol (SIP) architecture. SIP is a signaling protocol used to initiate, maintain, and terminate real-time sessions for voice, video and messaging applications over Internet Protocol (IP) networks. It uses the Internet architecture and TCP/IP protocol suite. The document describes how SIP works, the various network elements involved like user agents, proxy servers, registrars, and gateways. It also discusses BSNL's deployment of SIP trunk services in India as an alternative to ISDN PRI and analog trunks.
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfKlausSchwegler
Aryaka helps CIOs modernize their infrastructure and simplify operations by converging networking and security in an all-in-one service. In today’s distributed world, where applications are everywhere, and employees can be anywhere, this unified SASE approach provides enterprises the security, connectivity, and flexibility they need to adapt to an unpredictable future rapidly.
This document provides an outline for Lecture 4 on UNIX OS networking. It discusses TCP/IP and the OSI model, IP and MAC addressing, networking commands like ping, traceroute, arp, ifconfig and route. It also gives an overview of common UNIX command line tools like cut, diff, grep, strings, tr and uniq along with examples of using each tool.
MTR is a network diagnostic tool that combines the functionality of traceroute and ping. It probes routers on the network path by sending packets and listening for responses to determine the quality of each hop. As it runs continuously, it tracks response times and packet loss to identify links that may be causing issues like increased latency or buffering. The MTR output provides statistics on each hop, including the hostname, packet loss percentage, and response times, to help locate potential problems along the route.
Open Ethernet: an open-source approach to modern network designAlexander Petrovskiy
The era of closed proprietary hardware platforms is coming to an end. Today, in the world of Web-scale IT, the industry is starting to adopt new approach, based on the principles of openness, scalabilty and customizability. However, in more conservative networking industry, traditional equipment and proprietary technologies from a single vendor are often being used, which limits the flexibility, prevents innovation and narrows down the choice.
The "Open Ethernet" initiative from Mellanox brings open source principles into the world of modern networking and allows customers to select the best hardware and software to design network infrastructure, based on open and standard protocols and technologies, also opening the way for broad adoption of SDN.
Here are the key steps to include IPv6 on an existing IPv4 MPLS VPN using 6PE and CsC:
1. Upgrade PE routers to support 6PE and CsC. This allows the PEs to tunnel IPv6 packets over the existing IPv4 MPLS infrastructure.
2. Configure loopback addresses for the PE routers and advertise these addresses over MP-iBGP to exchange IPv6 reachability information.
3. Configure IPv6 VPN address families and enable the send-label option to exchange VPNv6 routes and labels over MP-iBGP.
4. Configure IPv6 VPN routes on the PEs and redistribute these routes into the VPNv6 address family to advertise to other PEs.
Traffic Engineering Using Segment Routing Cisco Canada
1) The document discusses using segment routing for traffic engineering. It provides an overview of segment routing technology, use cases, control and data plane operations, and how segment routing can be used for traffic engineering.
2) Key aspects covered include how segment routing works by encoding a path as an ordered list of segments, different types of segments (IGP prefixes, adjacencies, BGP), and how this allows for application-engineered end-to-end paths.
3) Traffic engineering with segment routing provides explicit routing, supports constraint-based routing without needing RSVP-TE, and uses existing IGP extensions to advertise link attributes.
This document provides an overview of wireless network design challenges for retail stores, warehouses, manufacturing facilities, and outdoor areas. It discusses key considerations for planning a wireless deployment such as inventorying devices, quantifying coverage needs, modeling access point placement, and performing site surveys. The document also covers RF fundamentals including characterizing materials' absorption properties, managing access point interference, and the difference between coverage and reliable coverage. Troubleshooting techniques and a question and answer section are also included on the agenda.
This document contains slides from a Cisco presentation on firewall certification. It discusses the CCNP Security Firewall v2.0 exam, including exam details, recommended reading, and high-level topics covered. It also provides an overview of Cisco firewall technology including the Adaptive Security Appliance and its features. Configuration topics like licensing, interfaces, NAT, routing, inspection policies and transparent mode are briefly outlined.
Barry Hesk: Cisco Unified Communications Manager training deck 1Barry Hesk
Cisco Unified Communications Manager (CUCM) training will cover CUCM basics and advanced configurations over three days. The instructor will use a demo environment including two CUCM servers and a Cisco Unity Connection voicemail server. Topics will include CUCM architecture, installation, upgrades, backups/restores, protocols, phones, gateways, and more. The goal is to explain how CUCM works from the perspective of a customer.
The document discusses Alcatel-Lucent's Service Router Operating System (SR-OS) and their High Leverage Network (HLN). It introduces the HLN as a converged, scalable, and intelligent IP network that offers distributed service intelligence, broadband access, scalable IP transport, and supports innovative revenue-generating services. The HLN focuses on application enablement, universal access, network evolution, and operational transformation. It also discusses the FP3 chip that enables 100Gbps networking and the services supported on the HLN network.
Tutorial at IEEE IM 2019.
The tutorial will provide a comprehensive coverage of the Network Automation domain starting with the scope and definitions, introducing the challenges and then developing the different approaches to realize complete future network automation solutions. A special focus will be put on the newly created ETSI ISG ZSM "Zero Touch Network and Service Management" and the standardization landscape.
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsRobb Boyd
Cisco Catalyst 9600 Series Switches are the next-generation purpose-built 40/100G modular core/aggregation platform, providing resiliency at scale with the industry’s most comprehensive security while allowing the business to grow at a low total operational cost.
The Cisco Catalyst 9606R is a 6-slot 8RU chassis ready to support a wired switching capacity of up to 25.6 Tbps, with up to 6.4 Tbps of bandwidth per slot. Some salient features of the Cisco Catalyst 9606R chassis are:
- Supports a nonblocking 40/100G Quad Small Form-Factor Pluggable (QSFP+, QSFP28) line card
- Supports a line-rate 1/10/25G SFP and Enhanced SFP (SFP, SFP+, SFP28) line card
- Optimized for the enterprise with efficient side-to-side airflow
- Front accessibility for all removable components, such as the supervisor, line cards, power supply, and fan tray
- Dual accessible fan tray for easy removal
- Embedded RFID tag for easy asset tracking
Resources:
TechWiseTV: http://cs.co/9009DzrjN
This lesson covers designing for high availability with Cisco Meraki solutions. It discusses setting up role-based access in the Meraki Dashboard and best practices for organizing devices using tags. It also reviews configuring high availability for MX appliances using a warm spare setup, including the terms, concepts, and requirements for failover between a primary and secondary MX.
This document discusses media handling in FreeSWITCH. It covers topics like audio codecs, transcoding, codec negotiation, bypass media, proxy media, and Sangoma transcoding. The document provides details on common audio codecs supported by FreeSWITCH, how transcoding works in FreeSWITCH, codec negotiation algorithms, different media modes like bypass and proxy media, and Sangoma hardware transcoding cards. It aims to give an overview of key concepts around media and codecs in FreeSWITCH.
SMS (Short Message Service) allows users to send and receive text messages to and from mobile devices. SMS was introduced in 1991 in Europe and is supported on major mobile networks like GSM, GPRS, and CDMA. SMS messages can contain up to 160 Latin characters or 70 Unicode characters and are sent and received via Short Message Entities and a Short Message Service Center, which stores and forwards messages between mobile stations and networks.
Building on TAP sync resiliency for the cloud Adtran
This document discusses software synchronization techniques for cloud and telecom applications. It outlines trends driving more software-based synchronization, including miniaturization, consolidation, and scalability. It then examines the Time Appliance Project (TAP) and Open RAN architectures as examples where software synchronization could provide accurate timing to virtualized applications over standard server hardware. Specific techniques presented include using a software PTP client called SoftSync, hardware timestamping NICs, and precision time measurement over PCIe to synchronize virtualized applications with sub-microsecond accuracy. The document concludes that while dedicated hardware provides the highest accuracy for critical applications, software synchronization is suitable today for applications like TAP and O-RAN using standard servers, and precision time measurement over
The sole purpose to study Enterprise Network is to create business simplicity across worldwide. The side arms of successful networking are scalability, robustness, fault identification, communication, modularity, security and maintaining privacy. The key for making a network is to provide the essential tools and techniques that will offer the quality of a private/public network.
As I discussed earlier the key purpose is to create business simplicity that means creating IT/Infrastructure simplicity across the cities where an Enterprise Network is connected. Obtaining success in failure/break-down conditions is the main purpose of a network. So to achieve that requirement network designing involves certain topologies, protocols, bandwidth allocation. Topology requirement can be described as maintaining two adjacent networks against any failure in a single link or node. Protocol requirement can be described as using dynamic/static routing protocol to provide routes must be congestion free in a network. Bandwidth allocation is needed to actively allocate extra bandwidth just to maintain the working condition in a network. Design and Modification criteria is all over handed to a person called Network Administrator, who maintains and solely responsible for anything(wanted or unwanted) happens in a network.
The document describes several registration and de-registration flows for IP Multimedia Subsystem (IMS). The key steps are:
1. For registration, the UE requests P-CSCF information from DHCP and DNS servers, then sends a register request to the P-CSCF which assigns a S-CSCF and retrieves the user profile from HSS.
2. Periodic re-registration follows the same process to refresh the registration.
3. For de-registration, the UE or network send a register request with expiration time of zero, removing the registration.
The document discusses the Session Initiation Protocol (SIP) architecture. SIP is a signaling protocol used to initiate, maintain, and terminate real-time sessions for voice, video and messaging applications over Internet Protocol (IP) networks. It uses the Internet architecture and TCP/IP protocol suite. The document describes how SIP works, the various network elements involved like user agents, proxy servers, registrars, and gateways. It also discusses BSNL's deployment of SIP trunk services in India as an alternative to ISDN PRI and analog trunks.
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfKlausSchwegler
Aryaka helps CIOs modernize their infrastructure and simplify operations by converging networking and security in an all-in-one service. In today’s distributed world, where applications are everywhere, and employees can be anywhere, this unified SASE approach provides enterprises the security, connectivity, and flexibility they need to adapt to an unpredictable future rapidly.
This document provides an outline for Lecture 4 on UNIX OS networking. It discusses TCP/IP and the OSI model, IP and MAC addressing, networking commands like ping, traceroute, arp, ifconfig and route. It also gives an overview of common UNIX command line tools like cut, diff, grep, strings, tr and uniq along with examples of using each tool.
MTR is a network diagnostic tool that combines the functionality of traceroute and ping. It probes routers on the network path by sending packets and listening for responses to determine the quality of each hop. As it runs continuously, it tracks response times and packet loss to identify links that may be causing issues like increased latency or buffering. The MTR output provides statistics on each hop, including the hostname, packet loss percentage, and response times, to help locate potential problems along the route.
The document discusses various network security tools including TCP/IP headers, tcpdump, ethereal, ntop, MRTG, network scanners like Nmap and Nessus. It provides examples of using these tools to analyze network traffic, scan for open ports, detect operating systems, and monitor network usage.
Handy Networking Tools and How to Use ThemSneha Inguva
Linux networking tools can be used to analyze network connectivity and performance. Tools like ifconfig show interface configurations, route displays routing tables, arp shows the ARP cache, dig/nslookup resolve DNS, and traceroute traces the network path. Nmap scans for open ports, ping checks latency, and tcpdump captures traffic. Iperf3 and wrk2 can load test throughput and capacity, while tcpreplay replays captured traffic. These CLI tools provide essential network information and testing capabilities from the command line.
Chapter 3. sensors in the network domainPhu Nguyen
This chapter discusses network sensors and the data they generate. Examples of network sensors include NetFlow sensors on routers and packet capture tools like tcpdump. The chapter covers challenges of analyzing large network traffic data, and describes common data formats generated by sensors like NetFlow records and packet captures. It also discusses techniques for filtering large packet capture data, such as using rolling buffers, limiting packet snap lengths, and Berkeley Packet Filter rules.
QUIC is a new transport protocol developed by Google to replace TCP+TLS. It aims to reduce latency by eliminating OSI layers and supporting features like 0-RTT handshakes. The document provides a high-level overview of QUIC including its architecture, use of TLS 1.3, streams for multiplexing data, and support for features like connection migration through the use of connection IDs. It also discusses QUIC's current implementation status and adoption. Examples are given of QUIC packets and the handshake process.
Falha na em protocolo de provedires permite a hackers mal intencionados sequestrar grande quantidade de informações nunca antes imaginada e adulterá-las antes que cheguem a seu destino.
This document provides a summary of common Linux network tools including ifconfig, netstat, route, ping, traceroute, iptables, netcat, rinetd, tcpdump, and tcpreplay. It describes what each tool is used for at a high level, such as configuring network interfaces, displaying network status, manipulating network routes, testing network connectivity, implementing firewalls, and capturing/replaying network traffic. The document also provides basic introductions to IPv4 and IPv6 addressing and routing concepts.
The document discusses network layering models and TCP/IP fundamentals. It describes:
1. Networking problems are divided into layers for easier understanding and standardization, with the two main models being OSI and TCP/IP.
2. The TCP/IP model has four or five layers - process, host-to-host transport, internet, network access, and sometimes physical.
3. Packets are encapsulated as they leave a machine and decapsulated on the receiving host, with each layer adding headers.
The document provides an overview of key topics related to internet protocols and performance, including:
- How packet loss and delay can occur due to queueing in router buffers when arrival rates exceed link capacities;
- The four main sources of packet delay: processing, queueing, transmission, and propagation;
- How throughput is determined by the minimum of the sender and receiver rates or any bottleneck link rate;
- Examples of security issues like denial of service attacks, packet interception, and IP spoofing;
- A brief history of the development of the Internet from the 1960s to the present.
University of Virginia
cs4414: Operating Systems
http://rust-class.org
The Internet
Benchmarking: Customer vs. Developer
Cheating on Benchmarks
Networking
Latency and Bandwidth
Tracing Routes
Network Layers
For embedded notes and videos, see:
http://rust-class.org/class-13-the-internet.html
This document discusses Cisco's Software-Defined Access (SD-Access) solution. It provides an overview of the key components of SD-Access, including:
- A control plane based on LISP that separates endpoint identity from location and consolidates routing tables.
- A data plane based on VXLAN that uses virtual tunnel endpoints and an overlay network to provide mobility and remove topology limitations.
- A policy plane based on Cisco TrustSec that implements security policies based on endpoint groups rather than individual IP addresses.
SD-Access leverages these components to automate configuration, management, and policy across campus wired, wireless and WAN networks. The document also outlines the platform support and roles of different
Black Hat Europe 2015 - Time and Position Spoofing with Open Source ProjectsWang Kang
Time and position data of mobile devices are trusted without checking by most vendors and developers. We discover a method of GPS spoofing with low-cost SDR devices. The method can be used to alter the location status as well as the time of affected devices, which poses a security threat to location-based services. We also examine other positioning methods used by smart devices (e.g. WiFi) and how to spoof them. Advices on preventing such spoofing are given.
Data centre networking at London School of Economics and Political Science - ...Jisc
Juniper MX routers and SRX firewalls were selected to build an Ethernet VPN (EVPN) network to connect data centers at LSE and in Slough over the Janet network. EVPN uses BGP for MAC address learning and MPLS with RSVP for fast convergence to provide a layer 2 extension across sites. Testing showed throughput of 3Gbps and latency of 3.3ms for small packets over the encrypted VPN tunnel between sites. While the solution works, some bugs were found in Junos and dependencies on Janet routing protocols. Supporting layer 3 and additional firewall performance improvements could enhance the network. EVPN/VXLAN on other platforms may be alternatives for the future.
NUSE (Network Stack in Userspace) at #osioHajime Tazaki
This document describes Network Stack in Userspace (NUSE), which implements a full network stack as a userspace library. NUSE aims to allow faster evolution of network stacks outside the kernel and enable network protocol personalization. It works by patching the Linux kernel to include a new architecture, implementing the network stack components as a userspace library, and hijacking POSIX socket calls to redirect them to the NUSE implementation. Performance tests show NUSE adding only small overhead compared to kernel implementations. NUSE can also integrate with the ns-3 network simulator to enable controllable and reproducible network simulations using real protocol implementations.
Using open source tools for network device dataplane testing.
Our experiences from redGuardian DDoS mitigation scrubber testing.
Presented at PLNOG 20 (2018).
PLNOG20 - Paweł Małachowski - Stress your DUT–wykorzystanie narzędzi open sou...PROIDEA
Wybór docelowej platformy sieciowej (np. routera, firewalla, scrubbera DDoS) jest często poprzedzony jej testami. Jednym z celów testów jest sprawdzenie, czy parametry wydajnościowe deklarowane przez producenta odpowiadają rzeczywistości. Zespół rozwijający redGuardian Anty DDoS testuje rozwiązanie regresyjnie i wydajnościowo w sposób zautomatyzowany od początku jego istnienia. W czasie prezentacji przeanalizujemy aspekty, na które warto zwrócić uwagę w czasie testów wydajnościowych urządzeń IP oraz przyjrzymy się narzędziom open source pomocnym w realizacji tego zadania.
Next-gen Network Telemetry is Within Your Packets: In-band OAMFrank Brockners
While troubleshooting or planning, did you ever wish to get full insight into which paths *all* your packets take in your network or were you ever asked to prove that your traffic really follows the path you specified by service chaining or traffic engineering? We approach this problem by adding meta-data to *all* packets - "In-band OAM for IPv6" and "path/service-chain verification" are the associated technologies. In-band OAM adds forwarding path information and other information/stats to every data packet - as opposed to relying on probe packets, which is the traditional method that tools like ping or traceroute use. In-band OAM information can either be accessed directly on the router or be available via Netflow. The presentation introduces in-band OAM as a technology and discuss a series of use-cases and deployment scenarios, ranging from proving that all packets traverse a specific path and troubleshooting forwarding issues in networks which use ECMP, over simple approaches to deriving the network traffic matrix, or trend analysis on network parameters such as delay or packet loss, to using iOAM as a tool to optimize forwarding in your network. The technology discussion is complemented references to demos (using Cisco IOS, FD.io/VPP, OpenDaylight Controller etc.) which showcase this new technology at work.
This document summarizes BGP hijacks and leaks, both malicious and unintentional. It provides examples of past hijacking incidents and explains how hijacks can occur due to factors like more specific routes, local preference, and AS path manipulation. Detection methods are discussed, including looking glasses, BGP monitoring tools, and RIPE resources. Prevention techniques are also covered, such as route validation using RPKI and BGPsec, as well as tools the speaker recommends for analyzing routing data. The presentation concludes with a proposed live demo of hijacking a third-party prefix.
Ochrona przed atakami DDoS na platformie x86. Czy można mieć jednocześnie wyd...Redge Technologies
(Polish only)
Gaming/DDoS mitigation/x86 performance and elasticity.
Talk given at Net::IP meetup in Wrocław, Poland (2017.05): https://www.meetup.com/Wroclaw-Net-IP-Meetup/events/238738376/
Spy hard, challenges of 100G deep packet inspection on x86 platformRedge Technologies
This document discusses challenges and approaches for performing deep packet inspection (DPI) at speeds of 100 gigabits per second and beyond on x86 platforms. It begins by explaining why DPI is needed at such high speeds, for tasks like large-scale intrusion detection. It then examines the performance requirements for scanning payloads at 100Gbps rates. The document reviews different software approaches for payload matching, such as regular expressions, and hardware that can assist, such as Intel's Hyperscan technology. It also provides examples of how Hyperscan can be integrated into real-world intrusion detection and prevention systems.
This document discusses achieving very high speeds of 100 million packets per second (100Mpps) on commodity PC hardware using kernel bypassing techniques. It describes the company redCDN and their development of a DDoS mitigation solution called redGuardian. Key challenges discussed include the limitations of operating system network stacks at high speeds, hardware capabilities, and how data plane frameworks like DPDK can be used to bypass the OS and achieve wire-speed performance by accessing network interface cards directly from userspace.
Prezentacja dotycząca wydajnego przetwarzania ruchu IP na PC wygłoszona podczas IT Conference na WAT (http://itacademicday.azurewebsites.net/), listopad 2015.
(Polish only) Talk regarding effective IP traffic processing on x86 platforms, given at IT Academic Day / Military University of Technology in Warsaw, November 2015.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
5. BGP zombie / ghost route
„an active routing table entry for a prefix that has been withdrawn
by its origin network”
source: https://labs.ripe.net/Members/romain_fontugne/bgp-zombies (2019)
see also: „BGP Zombies: an Analysis of Beacons Stuck Routes” (2019),
https://www.iij-ii.co.jp/en/members/romain/pdf/romain_pam2019.pdf
not a new phenomenon
Ghost Route Hunter (2003): https://www.sixxs.net/tools/grh/what/
„An overview of the global IPv6 routing table” (2005):
https://meetings.ripe.net/ripe-50/presentations/ripe50-plenary-tue-ipv6-routing.pdf
may take hours/days to „expire”
6. BGP zombie / ghost route
Who cares?
It was withdrawn anyway!
Unless we are talking about
partial withdrawal and some ingress traffic goes via different path
you may expect / does not converge or even loops
more-specific route and zombie sits in Tier1/Tier2/NSP/IXP
infrastructure causing partial or complete outage
7. More-specific prefix usage examples
Traffic engineering
Announce 10.0.0.0/23 into global table
Announce 10.0.0.0/24 to some IXP peers to override their local prefs
Customer delegation
ISP1 announces 10.0.0.0/16 PA block
ISP1 delegates 10.1.2.0/24 to customer
Customer runs own BGP, announces 10.1.2.0/24 via ISP1, ISP2 and IXP
9. 2016 (TPNET-OTI loop)
Orange PL (5617) – Opentransit (5511)
Zombie AS path: 5511 1299 24724 57811 201029 x
Looking glass:
TPNET sees (zombie) more specific via OTI
OTI has less specific via TPNET
I gave up after 20 minute outage and reannounced
more specific to save „x”
Withdrawn later with no issues
11. 2016 (Interoute/AS8928 hijack)
• zombie /24 route via NTT at former
Interoute/Madrid hijacked significant part of
ingress traffic
• luckily, no loop; trace reaches customer in
Warsaw
• many hours, finally „fixed” by
announce/withdraw flaps
14. 2018 (Telia loop)
• 1299 announces zombie route
• hijacks and loops large portion of ingress traffic
• we reproduced this problem with another, non-production prefix
• ~two days of disaster!
• „Routeprocessor Switchover in one of our backbone router in Chicago
solved the issue”
15. 2020 (TATA-Level3 loop)
Router: gin-n0v-tcore1
Site: US, New York, N0V
Command: traceroute inet4 x as-number-lookup
traceroute to x (x), 30 hops max, 52 byte packets
1 if-ae-7-5.tcore1.nto-newyork.as6453.net (63.243.128.141) 2.990 ms 1.545 ms 1.369 ms
MPLS Label=415563 CoS=0 TTL=1 S=1
2 if-ae-9-2.tcore1.n75-newyork.as6453.net (63.243.128.122) 1.653 ms 1.704 ms 1.439 ms
3 ae-7.edge2.NewYorkCity6.Level3.net (4.68.39.49) [AS 3356] 3.038 ms 1.118 ms 3.086 ms
4 ae-1-3103.ear3.Frankfurt1.Level3.net (4.69.163.86) [AS 3356] 82.672 ms 81.989 ms 82.221 ms
5 ix-ae-18-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.49) 82.072 ms 81.949 ms 81.731 ms
6 if-ae-4-2.tcore2.fnm-frankfurt.as6453.net (195.219.87.17) 87.154 ms if-ae-59-2.tcore2.fnm-
frankfurt.as6453.net (195.219.87.194) 87.064 ms 87.038 ms
MPLS Label=486720 CoS=0 TTL=1 S=1
7 if-ae-30-2.tcore1.pvu-paris.as6453.net (80.231.153.89) 86.645 ms if-ae-9-3.tcore1.pvu-
paris.as6453.net (195.219.87.14) 87.036 ms if-ae-9-2.tcore1.pvu-paris.as6453.net (195.219.87.10)
87.412 ms
MPLS Label=345609 CoS=0 TTL=1 S=1
8 if-ae-11-2.tcore1.pye-paris.as6453.net (80.231.153.50) 87.357 ms 87.522 ms 86.774 ms
MPLS Label=525823 CoS=0 TTL=1 S=1
9 if-ae-3-2.tcore1.l78-london.as6453.net (80.231.154.143) 87.089 ms 86.984 ms 87.120 ms
MPLS Label=558832 CoS=0 TTL=1 S=1
10 if-ae-66-2.tcore2.nto-newyork.as6453.net (80.231.130.106) 86.711 ms 86.872 ms 87.689 ms
MPLS Label=300093 CoS=0 TTL=1 S=1
11 if-ae-12-2.tcore1.n75-newyork.as6453.net (66.110.96.5) 86.838 ms 86.749 ms 86.667 ms
12 ae-7.edge2.NewYorkCity6.Level3.net (4.68.39.49) [AS 3356] 87.039 ms 86.777 ms 108.465 ms
13 ae-1-3103.ear3.Frankfurt1.Level3.net (4.69.163.86) [AS 3356] 167.903 ms 167.436 ms 167.919
ms
14 ix-ae-18-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.49) 167.316 ms 167.016 ms 167.156 ms
15 if-ae-4-2.tcore2.fnm-frankfurt.as6453.net (195.219.87.17) 172.082 ms 172.347 ms if-ae-59-
2.tcore2.fnm-frankfurt.as6453.net (195.219.87.194) 172.688 ms
MPLS Label=486720 CoS=0 TTL=1 S=1
16 if-ae-9-3.tcore1.pvu-paris.as6453.net (195.219.87.14) 172.403 ms if-ae-9-2.tcore1.pvu-
paris.as6453.net (195.219.87.10) 177.623 ms 172.588 ms
MPLS Label=345609 CoS=0 TTL=1 S=1
17 if-ae-11-2.tcore1.pye-paris.as6453.net (80.231.153.50) 173.956 ms 176.402 ms 172.581
ms
MPLS Label=525823 CoS=0 TTL=1 S=1
18 if-ae-3-2.tcore1.l78-london.as6453.net (80.231.154.143) 172.784 ms 172.592 ms 172.921
ms
MPLS Label=558832 CoS=0 TTL=1 S=1
19 if-ae-66-2.tcore2.nto-newyork.as6453.net (80.231.130.106) 172.660 ms 172.503 ms
172.937 ms
MPLS Label=300093 CoS=0 TTL=1 S=1
20 if-ae-12-2.tcore1.n75-newyork.as6453.net (66.110.96.5) 172.258 ms 172.540 ms 171.995
ms
21 ae-7.edge2.NewYorkCity6.Level3.net (4.68.39.49) [AS 3356] 183.732 ms 171.950 ms
172.068 ms
22 ae-1-3103.ear3.Frankfurt1.Level3.net (4.69.163.86) [AS 3356] 252.748 ms 252.855 ms
252.719 ms
23 ix-ae-18-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.49) 253.215 ms 253.049 ms
252.474 ms
24 if-ae-59-2.tcore2.fnm-frankfurt.as6453.net (195.219.87.194) 258.598 ms if-ae-4-
2.tcore2.fnm-frankfurt.as6453.net (195.219.87.17) 258.467 ms 257.584 ms
MPLS Label=486720 CoS=0 TTL=1 S=1
25 if-ae-9-3.tcore1.pvu-paris.as6453.net (195.219.87.14) 257.906 ms 257.857 ms if-ae-9-
2.tcore1.pvu-paris.as6453.net (195.219.87.10) 258.308 ms
MPLS Label=345609 CoS=0 TTL=1 S=1
26 if-ae-11-2.tcore1.pye-paris.as6453.net (80.231.153.50) 257.546 ms 257.812 ms 268.691
ms
MPLS Label=525823 CoS=0 TTL=1 S=1
27 if-ae-3-2.tcore1.l78-london.as6453.net (80.231.154.143) 261.149 ms 257.873 ms 258.124
ms
MPLS Label=558832 CoS=0 TTL=1 S=1
28 if-ae-66-2.tcore2.nto-newyork.as6453.net (80.231.130.106) 257.746 ms 257.491 ms
258.035 ms
MPLS Label=300093 CoS=0 TTL=1 S=1
29 if-ae-12-2.tcore1.n75-newyork.as6453.net (66.110.96.5) 257.737 ms 258.226 ms 257.614
ms
30 ae-7.edge2.NewYorkCity6.Level3.net (4.68.39.49) [AS 3356] 257.587 ms 259.322 ms
258.347 ms
16. 2020 (TATA-Level3 loop)
…
20 if-ae-12-2.tcore1.n75-newyork.as6453.net (66.110.96.5) 172.258 ms 172.540 ms 171.995 ms
21 ae-7.edge2.NewYorkCity6.Level3.net (4.68.39.49) [AS 3356] 183.732 ms 171.950 ms 172.068 ms
22 ae-1-3103.ear3.Frankfurt1.Level3.net (4.69.163.86) [AS 3356] 252.748 ms 252.855 ms 252.719 ms
23 ix-ae-18-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.49) 253.215 ms 253.049 ms 252.474 ms
24 if-ae-59-2.tcore2.fnm-frankfurt.as6453.net (195.219.87.194) 258.598 ms if-ae-4-2.tcore2.fnm-
frankfurt.as6453.net (195.219.87.17) 258.467 ms 257.584 ms
MPLS Label=486720 CoS=0 TTL=1 S=1
25 if-ae-9-3.tcore1.pvu-paris.as6453.net (195.219.87.14) 257.906 ms 257.857 ms if-ae-9-2.tcore1.pvu-
paris.as6453.net (195.219.87.10) 258.308 ms
MPLS Label=345609 CoS=0 TTL=1 S=1
26 if-ae-11-2.tcore1.pye-paris.as6453.net (80.231.153.50) 257.546 ms 257.812 ms 268.691 ms
MPLS Label=525823 CoS=0 TTL=1 S=1
27 if-ae-3-2.tcore1.l78-london.as6453.net (80.231.154.143) 261.149 ms 257.873 ms 258.124 ms
MPLS Label=558832 CoS=0 TTL=1 S=1
28 if-ae-66-2.tcore2.nto-newyork.as6453.net (80.231.130.106) 257.746 ms 257.491 ms 258.035 ms
MPLS Label=300093 CoS=0 TTL=1 S=1
29 if-ae-12-2.tcore1.n75-newyork.as6453.net (66.110.96.5) 257.737 ms 258.226 ms 257.614 ms
…
17. 2020 (TATA-Level3 loop)
1. TATA/US „sees” more specific via Level3/US
2. Level3/US does not have this zombie route and
uses „cold potato” routing to reach
Level3/Frankfurt
3. Level3 passes packets to TATA in Frankfurt (less
specific route, destination is TATAs customer in
Poland)
4. once passed to TATA, „zombie more specific via
Level3” kicks in – traffic goes to Tata/US where
it is passed to Level3/US once again…
18. 2020 (Level3 loop and zombie resurrection)
• First outage directly after withdrawal
• Finally BGP converges
• However, few hours later zombie route resurrects in AS3356 core and causes
another 1h outage
20. 2020 Aug (well known Centurylink/Level3-related outage)
NANOG mailing list threads:
„Centurylink having a bad morning?”
„[outages] Major Level3 (CenturyLink) Issues”
https://mailman.nanog.org/pipermail/nanog/2020-August/thread.html
https://mailman.nanog.org/pipermail/nanog/2020-September/thread.html
https://puck.nether.net/pipermail/outages/2020-August/013204.html
21. 2020 Aug (well known Centurylink/Level3-related outage)
Analysis:
https://blog.thousandeyes.com/centurylink-level-3-outage-analysis/
„Level 3 continues to advertise stale routes despite services withdrawing routes”
https://blog.cloudflare.com/analysis-of-todays-centurylink-level-3-outage/
https://radar.qrator.net/blog/another-centurylink-bgp-incident
34. Zombie risk mitigation
Fix all Tier1 routers
Gradual more specific withdrawal
stage 1: withdraw from distant locations and transits
stage 2: withdraw from local/national peerings
Selective more specific announcements
by continent/peer
no transit, just peerings
gratis: faster convergence!
35. Selective announcements / traffic steering
Use the communities, Luke!
Features
excellent customer BGP communities (NTT, Telia, GTT, DE-CIX)
good enough
~nothing (HE)
secret
Transition
transparent
partial clear/override
full clear
overlap risk! (EC/LC still not widely adopted)
36. Example: add GTT leak to the mix (via RETN)
Note: covers all RETN, Telia, GTT and
TATA customers (not visible here)
37. Example: leak to Telia (via Level3)
Note: leaks to all Level3 customers
(incl. RETN) and Telia customers
38. Per customer announcement tailoring (BIRD filter syntax)
case bgp_path.last {
# ASx Customer Foo (uses: Level3, Telia)
x:
if pop = "PLIX" then bgp_community.add(level3_yes_telia);
if pop = "THINX" then bgp_community.add(retn_yes_telia);
if pop = "LINX" then {…}
# ASy Customer Bar (uses: GTT, Cogent)
y:
if pop = "PLIX" then bgp_community.add(level3_yes_cogent);
if pop = "THINX" then bgp_community.add(retn_yes_gtt);
if pop = "LINX" then {…}
# ASz Customer Baz...
}
docs: https://bird.network.cz/?get_doc&v=20&f=bird-5.html#ss5.4
39. Summary
Still not well understood
BGP update queueing, races/reordering, losses?
BGP optimizers/stabilizers, broken damping?
In $vendors we trust
Avoid more-specifics in global table
Monitor your reachability/visibility