This document provides an overview of multi-path VPN technologies. It discusses using Linux bridge, Rapid STP, virtual Ethernet NICs, and tunneling protocols like OpenVPN and L2TPv3 to enable multi-path VPNs across multiple cloud providers. It also covers related topics like performance benchmarking and tuning the Linux kernel for improved throughput.
Server-side Intelligent Switching using vyattaNaoto MATSUMOTO
Server-side Intelligent Switching using vyatta. (10 oct, 2012)
for Japan Vyatta Users Meeting 2012 Autumn in Tokyo.
SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
18 Mar, 2014
SAKURA Internet Research Center
Senior Researcher / Naoto MATSUMOTO
Japan Vyatta Users Meeting 2014 Spring on Tokyo.
An Easy way to build a server cluster without top of rack switches (MEMO)Naoto MATSUMOTO
An Easy way to build a server cluster without top of rack switches (MEMO)
12-Feb-2015
SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)Naoto MATSUMOTO
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
20-Feb-2015
SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO
Server-side Intelligent Switching using vyattaNaoto MATSUMOTO
Server-side Intelligent Switching using vyatta. (10 oct, 2012)
for Japan Vyatta Users Meeting 2012 Autumn in Tokyo.
SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO
UNDOCUMENTED Vyatta vRouter: Unbreakable VPN Tunneling (MEMO)
18 Mar, 2014
SAKURA Internet Research Center
Senior Researcher / Naoto MATSUMOTO
Japan Vyatta Users Meeting 2014 Spring on Tokyo.
An Easy way to build a server cluster without top of rack switches (MEMO)Naoto MATSUMOTO
An Easy way to build a server cluster without top of rack switches (MEMO)
12-Feb-2015
SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)Naoto MATSUMOTO
High Availability Server Clustering without ILB(Internal Load Balancer) (MEMO)
20-Feb-2015
SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO
Make an IPSEC VPN which will be a redundant one with two VyOS firewalls per site.
I made this document so that people who check for vpns/ipsec has a place to implement a free router/firewall appliance virtually on any hardware and have the necessity going on.
VyOS is a fork from Vyatta which happily runs on a Intel Atom based hardware with at least 256 MB RAM and a HDD with 500 GB storage.
It supports dot1q VLANs, IPSec Site-to-Site/Remote Access VPNs over GRE for B2B connectivity. It supports RIP/OSPF/BGP dynamic protocols. It has support for both interface based and zone based firewalls.
Slawomir Janukowicz, Juniper Networks
Juniper Day, Praha, 13.5.2015
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf (kliknutím na tlačitko v dolní liště snímků).
A lot of Internet of things devices use linux as its core. More so with the advent of DIY projects and Internet of things projects. A lot of Raspberry PI's, Beaglebone, Tessel boards are out there with default settings, and all connected to the internet, ready to be taken over. With the recent dyn DNS attack its of prime importance to know how we can keep these end point devices secure and out of the hands of botnet hoarders, attackers. In this presentation Rabimba Karanjai will show how to harden the security on these endpint devices taking a RaspBerry PI as an example. He will explain different techniques with code examples along with a toolkit made specifically for this demo which will make devices considerable harder to compromise. And even when they are, will allow to locate and detect the breach. After all, proetcting the device fially protects us all (prevents another DDOS)
Server-side Intelligent Switching using Windows AzureNaoto MATSUMOTO
Server-side Intelligent Switching using Windows Azure
for High Availability Cluster Networking
16 Nov, 2012
SAKURA Internet Research Center
Senior Researcher / Naoto MATSUMOTO
Make an IPSEC VPN which will be a redundant one with two VyOS firewalls per site.
I made this document so that people who check for vpns/ipsec has a place to implement a free router/firewall appliance virtually on any hardware and have the necessity going on.
VyOS is a fork from Vyatta which happily runs on a Intel Atom based hardware with at least 256 MB RAM and a HDD with 500 GB storage.
It supports dot1q VLANs, IPSec Site-to-Site/Remote Access VPNs over GRE for B2B connectivity. It supports RIP/OSPF/BGP dynamic protocols. It has support for both interface based and zone based firewalls.
Slawomir Janukowicz, Juniper Networks
Juniper Day, Praha, 13.5.2015
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf (kliknutím na tlačitko v dolní liště snímků).
A lot of Internet of things devices use linux as its core. More so with the advent of DIY projects and Internet of things projects. A lot of Raspberry PI's, Beaglebone, Tessel boards are out there with default settings, and all connected to the internet, ready to be taken over. With the recent dyn DNS attack its of prime importance to know how we can keep these end point devices secure and out of the hands of botnet hoarders, attackers. In this presentation Rabimba Karanjai will show how to harden the security on these endpint devices taking a RaspBerry PI as an example. He will explain different techniques with code examples along with a toolkit made specifically for this demo which will make devices considerable harder to compromise. And even when they are, will allow to locate and detect the breach. After all, proetcting the device fially protects us all (prevents another DDOS)
Server-side Intelligent Switching using Windows AzureNaoto MATSUMOTO
Server-side Intelligent Switching using Windows Azure
for High Availability Cluster Networking
16 Nov, 2012
SAKURA Internet Research Center
Senior Researcher / Naoto MATSUMOTO
Virtualizing the Network to enable a Software Defined Infrastructure (SDI)Odinot Stanislas
Une très intéressante présentation autour de la virtualisation des réseaux contenant des explications détaillées autour des VLAN, VXLAN, mais aussi d'NVGRE et surtout de GENEVE (Generic Network Virtualization Encapsulation) supporté pour la première fois sur la dernière carte 40 GbE d'Intel (XL710)
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
VYATTAによるマルチパスVPN接続手法
1. (C)Copyright 1996-2010 SAKURA Internet Inc.
5 Sep, 2013
SAKURA Internet Research Center
Senior Researcher / Naoto MATSUMOTO
日本学術振興会産学協力研究委員会 インターネット技術第 163 委員会 (ITRC)
地域間インタークラウド分科会 (RICC)
第3回地域間インタークラウドワークショップ
2. Multi-Path VPN Overview
Bridge + IEEE 802.1w(Rapid STP)
Virtual Ethernet NIC
Process Process Process
Vyatta VM
IaaS-B IaaS-C
IaaS-A
IaaS-D
Source: SAKURA Internet Research Center. 08/2012: Project THORN
Tunnel TunnelTunnel
Vyatta VM
Process Process Process
Vyatta VM
Process Process Process
Vyatta VM
Process Process Process
3. How does it works?
Bridge + IEEE 802.1w(Rapid STP)
Virtual Ethernet NIC
Process Process Process
Tunnel Tunnel Tunnel
Vyatta VM
vyattaVM# sudo rstpctl showport br0
* vtun1 8001 Fwd 8000-027a0b4f3269 8...3269 8001 D
* vtun2 8001 Fwd 8000-027a0b4f3269 8...3269 8002 D
:
veth1 8004 Fwd 8000-027a0b4f3269 8...3269 8004 D
Tunnel Interface + Linux Bridge + IEEE 802.1w (Rapid STP) Daemon
Source: SAKURA Internet Research Center. 08/2012: Project THORN
4. Packages for Multi-Path VPN
Bridge + IEEE 802.1w
(Rapid STP)
Virtual Ethernet NIC
Process Process Process
Tunnel Tunnel Tunnel
VyattaCore 6.4
- Tunneling Protocol:
OpenVPN,GRETAP,L2TPv3 or VXLAN ..etc
- Bridging Daemon: bridge-utils
- Rapid STP Daemon: rstpd
http://git.kernel.org/?p=linux/kernel/git/shemminger/rstp.git
- Virtual Interface: iproute2
http://kernel.org/pub/linux/utils/net/iproute2/
Source: SAKURA Internet Research Center. 08/2012: Project THORN
5. How to Build on Vyatta
configure
delete system package repository community
set system package repository oxnard components main
set system package repository oxnard distribution oxnard
set system package repository oxnard url http://packages.vyatta.com/vyatta-dev/oxnard/unstable
commit
save
reboot
sudo full-upgrade -k
configure
set system package repository squeeze components main
set system package repository squeeze distribution squeeze
set system package repository squeeze url http://cdn.debian.net/debian
commit
save
sudo apt-get update
sudo aptitude install module-assistant
sudo aptitude install linux-vyatta-kbuild
cd /lib/modules/3.0.23-1-586-vyatta-virt/
sudo ln -s /usr/src/linux-image/debian/build/build-i386-none-586-vyatta-virt/ build
sudo aptitude install rpm zlib1g-dev zlib1g-dbg byacc bison flex
sudo module-assistant prepare Source: SAKURA Internet Research Center. 08/2012: Project THORN
6. Install rstpd and switch-setup
- Downloading latest master from git
http://git.kernel.org/?p=linux/kernel/git/shemminger/rstp.git
cd rstp ; sudo make; sudo make install
- L2TPv3 pseudo-wire Config
sudo ip l2tp add tunnel tunnel_id 1 peer_tunnel_id 1 udp_sport 5001 udp_dport 5001 ¥
encap udp local X.X.X.X remote Y.Y.Y.Y
sudo ip l2tp add session tunnel_id 1 session_id 1 peer_session_id 1
:
sudo ifconfig l2tpeth0 0
sudo ifconfig l2tpeth0 up up
- Virtual Ehternet Config
ip link add type veth
sudo ifconfig veth0 up up ; sudo ifconfig veth1 up up
- Bridge/Switch Config
sudo brctl addbr br0
sudo brctl addif br0 veth1
sudo brctl addif br0 l2tpeth0
sudo rstpd
sudo rstpctl rstp br0 on
Bridge + IEEE 802.1w(Rapid STP)
Virtual Ethernet NIC
Process Process Process
Tunnel Tunnel Tunnel
Vyatta VM
8. Bridge/RSTP Aging Timer
- Linux Bridge STP Timer Config
brctl sethello br0 1
brctl setfd br0 4
brctl setmaxage br0 6
brctl setageing br0 10
- Linux RSTP Timer Config
rstpctl sethello br0 1
rstpctl setmaxage br0 6
rstpctl setfdelay br0 4
Bridge + IEEE 802.1w
(Rapid STP)
Virtual Ethernet NIC
Process Process Process
Tunnel Tunnel Tunnel
VyattaCore 6.4
Source: SAKURA Internet Research Center. 08/2012: Project THORN
9. Performance Benchmark HowTo
- Linux in-kernel packet generator tool
su
modprobe pktgen
echo "rem_device_all" > /proc/net/pktgen/kpktgend_0
echo "add_device eth0" > /proc/net/pktgen/kpktgend_0
echo "max_before_softirq 50000" > /proc/net/pktgen/kpktgend_0
echo "count 0" > /proc/net/pktgen/eth0
echo "clone_skb 1000000" > /proc/net/pktgen/eth0
echo "pkt_size 64" > /proc/net/pktgen/eth0
echo "delay 400" > /proc/net/pktgen/eth0
echo "dst X.X.X.X" > /proc/net/pktgen/eth0
echo "dst_mac aa:18:39:6e:fc:3c" > /proc/net/pktgen/eth0
echo "start" > /proc/net/pktgen/pgctrl
Bridge + IEEE 802.1w(Rapid STP)
Virtual Ethernet NIC
Process Process Process
Tunnel Tunnel Tunnel
Vyatta VM
Source: SAKURA Internet Research Center. 08/2012: Project THORN
10. Tunneling Performance Analysis
[System: Intel(R) Core(TM) i7-3930K CPU @ 3.20GHz / 32GB DDR3-DIMM]
[Traffic Generater: *pktgen, **iperf. Traffic Monitor: vnstat]
VXLAN on UNKOWN-DEVICE (IPoEth) 4.79 Gbit/s**
Mellanox ConnectX3 10GbE-NIC (IPoEth) 9.93 Gbit/s*
Mellanox ConnectX3 40GbE-NIC (IPoEth) 27.45 Gbit/s*
Mellanox ConnectX3 FDR10-HCA (IPoIB) 29.56 Gbit/s**
(Gbit/sec) (Packet/sec)
820Kpps (MTU 1,500)
882Kpps (MTU 1,500)
2.28Mpps (MTU 1,500)
61Kpps (MTU 65,520)
High is Faster Low is Better
OpenVPN on FDR10-HCA (IPoIB) 0.24 Gbit/s*
GRETAP on FDR10-HCA (IPoIB) 5.41 Gbit/s*
L2TPv3 on FDR10-HCA (IPoIB) 10.65 Gbit/s*
N/A
N/A
N/A
Source: SAKURA Internet Research Center. 07/2012: Project THORN
11. Another way to Multi-Path VPN
set interfaces tunnel tun0 address 10.0.0.99/24
set interfaces tunnel tun0 encapsulation gre-multipoint
set interfaces tunnel tun0 local‐ip 192.168.2.99
set interfaces tunnel tun0 multicast enable
set interfaces tunnel tun0 nhrp authentication pre‐shared‐secret NET10
set interfaces tunnel tun0 nhrp holding‐time 300
set interfaces tunnel tun0 nhrp multicast parameters dynamic
set interfaces tunnel tun0 nhrp redirect
set interfaces tunnel tun0 parameters ip key 1
set protocols static route 192.168.1.0/24 next‐hop 10.0.0.1
set protocols static route 192.168.2.0/24 next‐hop 10.0.0.2
12.
13. What is PBR?
1) PBR-LB (Policy Based Router–Load Balancing) is forcusing Server Scale-Out Tech.
- Breaking L2DSR(Layer 2 Direct Server Return) Limitation.
- without NAT.
- without DSCP modify (e.g. Layer 3 Direct Server Return mechanism).
- Add Tunneling Capabiltiy.
- Do not add/modify Server kernel modules.
- using Policy Based Routing Functionality on Newest Software Router.
14. PBR-LB BASIC Configuration.
vyatta$ configuration
# set policy route SRC-PORT-SLB rule 11 destination address A.A.A.A
# set policy route SRC-PORT-SLB rule 11 protocol tcp_udp
# set policy route SRC-PORT-SLB rule 11 set table 11
# set policy route SRC-PORT-SLB rule 11 source port 1-10000
# set protocols static table 10 route 0.0.0.0/0 next-hop 10.0.0.1
# set interfaces ethernet eth0 policy route SRC-PORT-SLB
# commit
# save
*Reference: VYATTA, INC. Policy Based Routing REFERENCE GUIDE. (6.5R1 v01)
15. Internet
Layer 3 Direct Server Return
SERVER
eth0:10.0.0.1/32
lo:A.A.A.A/32
SRC PORT DST ADDR NEXTHOP-TABLE
1-10,000 A.A.A.A 0.0.0.0/0 -> 10.0.0.1
10,001-20,000 A.A.A.A 0.0.0.0/0 -> 10.0.0.2
20,001-30,000 A.A.A.A 0.0.0.0/0 -> 10.0.0.3
Policy Router
(VyattaCore 6.5R1 on x86 Commodity Hardware)
SOURCE: SAKURA Internet Research Center. 02/2013 Project THORN.
*Reference: L3DSR – Overcoming Layer 2 Limitations of Direct Server Return Load Balancing. Jan Schaumann, Systems Architect (NANOG51),
Policy Based Routing REFERENCE GUIDE. (6.5R1 v01), VYATTA, INC.
16. in more detail.
$ show version
Version: VC6.5R1
Description: Vyatta Core 6.5 R1
:
$ show policy route
$ show policy route statistics
...etc