This document discusses route leaks between autonomous systems and proposes a solution using BGP communities. It defines different types of route leaks based on RFC 7908 and provides a real-world example. Analyzing the problem, it finds challenges with using AS path filters alone. The proposed solution tags routes received from different peers with BGP communities and filters based on the tags to prevent unintended route advertisements. This is demonstrated in a lab topology where route leaks are shown before and after applying the BGP community configurations.
In this webinar, we are talking about BGP implementation on mikrotik router. the presentation starts with the fundamental of BGP and then discuss about Basic BGP setting on RouterOS
In this webinar, we are talking about BGP implementation on mikrotik router. the presentation starts with the fundamental of BGP and then discuss about Basic BGP setting on RouterOS
Overview of IP routing protocols, packet forwarding and proxy ARP.
The principle of IP routing proved to be very flexible and scalable in the growth of the Internet and TCP/IP based networks.
IP routing denotes protocols for exchanging IP address range reachability like RIP, BGP and OSPF.
In contrast to IP routing, IP packet forwarding collectively means all functions performed when an IP router receives a packet and forwards it over the output interface indicated by an IP route in the routing table.
When an IP router performs a route lookup, it calculates a route decision based on different properties like prefix (mask) length, route precedence and metrics.
Routing protocols for exchanging route information can be coarsely classified as distance vector and link state protocols. Distance vector protocols like RIP (Routing Information Protocol) exchange information about the path cost to specific targets (IP address ranges). Routers that talk distance vector protocols receive reachability information about all sub-networks indirectly from neighboring routers.
In contrast to distance vector protocols, link state protocols like OSPF disseminate information about the link state of each router link in a network to all routers in the network. Thus link state protocols tend to converge faster to topology changes since all routers have firsthand information of the topology of the network.
Proxy ARP may be a convenient solution when it comes to add additional subnets without having to add routes to routers and hosts. A proxy ARP enabled router would answer ARP requests on behalf of the targeted hosts mimicking a local network access to the requesting host.
Webinar topic: OSPF On Router OS7
Presenter: Achmad Mardiansyah & M. Taufik Nurhuda
In this webinar series, How OSPF On Router OS7
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/nuByFdZHvAg
Zone Based Firewall is the most advanced method of a stateful firewall that is available on Cisco IOS
routers. The idea behind ZBF is that we don’t assign access-lists to interfaces but we will create different
zones. Interfaces will be assigned to the different zones and security policies will be assigned to traffic
between zones.
Overview of IP routing protocols, packet forwarding and proxy ARP.
The principle of IP routing proved to be very flexible and scalable in the growth of the Internet and TCP/IP based networks.
IP routing denotes protocols for exchanging IP address range reachability like RIP, BGP and OSPF.
In contrast to IP routing, IP packet forwarding collectively means all functions performed when an IP router receives a packet and forwards it over the output interface indicated by an IP route in the routing table.
When an IP router performs a route lookup, it calculates a route decision based on different properties like prefix (mask) length, route precedence and metrics.
Routing protocols for exchanging route information can be coarsely classified as distance vector and link state protocols. Distance vector protocols like RIP (Routing Information Protocol) exchange information about the path cost to specific targets (IP address ranges). Routers that talk distance vector protocols receive reachability information about all sub-networks indirectly from neighboring routers.
In contrast to distance vector protocols, link state protocols like OSPF disseminate information about the link state of each router link in a network to all routers in the network. Thus link state protocols tend to converge faster to topology changes since all routers have firsthand information of the topology of the network.
Proxy ARP may be a convenient solution when it comes to add additional subnets without having to add routes to routers and hosts. A proxy ARP enabled router would answer ARP requests on behalf of the targeted hosts mimicking a local network access to the requesting host.
Webinar topic: OSPF On Router OS7
Presenter: Achmad Mardiansyah & M. Taufik Nurhuda
In this webinar series, How OSPF On Router OS7
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/nuByFdZHvAg
Zone Based Firewall is the most advanced method of a stateful firewall that is available on Cisco IOS
routers. The idea behind ZBF is that we don’t assign access-lists to interfaces but we will create different
zones. Interfaces will be assigned to the different zones and security policies will be assigned to traffic
between zones.
32nd TWNIC IP OPM: ROA+ROV deployment & industry developmentAPNIC
APNIC Infrastructure & Development Director Che-Hoo Cheng gives a presentation on ROA and ROV deployment and why routing security is becoming more important than ever at the 32nd TWNIC IP OPM in Taipei from 20 to 21 June 2019.
In part 2 of this BGP webinar series, we cover how to diagnose a variety of route changes. Starting from key concepts, you'll learn about the many types of policy and peering changes and routing misconfigurations, and how you can set alerts for these scenarios. See the webinar recording at https://www.thousandeyes.com/webinars/monitoring-route-changes
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
3. Introduction:
Route Leaks
Defined in RFC: 7908
Type 1: Hairpin Turn with Full Prefix
Type 2: Lateral ISP-ISP-ISP Leak
Type 3: Leak of Transit Provider Prefixes to Peer
Type 4: Leak of Peer Prefixes to Transit Provider
Type 5: Prefix Re-Origination with Data Path to Legitimate Origin
Type 6: Accidental Leak of Internal Prefixes and More-Specific Prefixes
Notes:
Types 1 – 4: related with AS-PATH validation problem (not covered in RPKI)
Types 5 – 6: related with Route Object validation (covered in RPKI)
6. Real Life
Example
Here in Bangladesh, we faced such leaks due to human errors
back in 2018 when one of the prominent IIGs got connected
with Equinix, SG. They leaked their customer prefixes learned
from Equinix towards their Transit. One of the prominent ISPs
lost at least 10G transit traffic for almost an hour, till the IIG
applied INGRESS filter to drop the ISPs ASN from Equinix.
Later, we also faced several cases where customer prefixes
were leaked (un-intentionally) to Transit. And those
adevertisements were winning at the Global Routing Table.
The affiliated ISPs then resolved the problem by filtering each
others ASNs in their Transit Filters.
More on this in findings section …
7. Findings
Challenges with ISPs AS-PATH based INGRESS Filter for Customer ASNs at IX/Transit Interface(s):
• Scenario:
• ISPs not receiving client prefixes from Transit, IX, etc.
• Clients not advertising full sets of prefixes directly towards the ISPs (Multihoming & Load-Balancing)
• Challenges:
• IXes are mostly L2 based – No IX-ASN in the learned AS-PATH
• No-common AS-PATH filter can be applied
• Possibility of a very complex configuration (too many logics, very large config etc.)
• Outcome:
• If direct Customer ASNs are filtered using INGRESS AS-PATH-Filters at IX/Transit Interface(s) then the
ISP will loose shortest/best routes and end up diverting the traffic to more expensive Transit or will
direct traffic based on default route only (sub-optimal performance)
Challenges with ISPs AS-PATH based EGRESS Filter for Customer ASNs at IX/Transit Interface(s):
• ISPs implementing only AS-PATH based EGRESS filters leaks Customer routes learned from other PEERs (eg.
IX) due to macth is AS-PATH-List.
8. Findings (contd.)
Why we need to be concerned about it?
- Many Tier-1 carriers set higher Local-Preference for Customer Routes. This will eventually win the unintended
(leaked) prefix.
- Many/Almost all Tier-1 carriers allows their customers to set higher local-preference for their own routes (via
bgp community). If any provider changes the parameter, chances of winning the unintended (leaked) prefix is
present.
Notes:
- This is more likely a regional/localized scenario
- Further study is required to assess the overall impact at global scale
9. Solution Key: BGP Community
BGP Community is a very powerful Attribute for effective route policy implementation
• It offers a wide variety of Route TAG-ing which subsequently can be used for route
policy
• Route TAGs have wide range of implications
– ranging from Simple to Very Complex deployment
10. Solution Benfits
• Route Leak Prevension
• Preventing “unwanted trasit” situations (RFC7908: Types 1 – 4)
• Scalability & Operational Scopes:
• Gain more Granular Control on BGP Advertisement Policy (both iBGP & eBGP)
• Reduce Operational overhead for ASN/Prefix Add/Remove activities (time savings)
• Reduce Operational Risks for human errors
11. Solution Overview - Important Notes
The proposed solution is in addition to already implemented Routing Security Methods:
- RPKI/ROA validation
- INGRESS Filters
- EGRESS Filters
12. Soultion Overview
INGRESS Policy
• TAG all received routes based on PEER Types
• Transit
• IX
• PNI
• Customer
EGRESS (Transit/IX/PNI) Policy
• Filter all TAGs matching Transit/IX/PNI
• Allow Customer ASNs/Prefixes based on organization business policy
Customer EGRESS Policy
• Advertise towards clients as per Agreement
Notes:
The proposed solution is a very simple approach to implement BGP community based filtering (in addition to existing route filters/validations) to
prevent Route Leaks (Types 1 – 4). Extensive detailing is possible for larger and complex network topology.
16. 01 – BGP Table Analysis
As per configuration logic (without BGP community TAGs)
17. LAB Outputs
ASN: 1000
CE BGP Advertisement to ISP-A
o 192.168.0.0/24
o 192.168.0.0/23
CE BGP Advertisement to ISP-B
o 192.168.1.0/24
o 192.168.0.0/23
18. LAB Outputs – ISP-A
ASN: 100
BGP Advertisement output from ISP-A
Router:
- Advertisement to ISP-01
- Advertisement to ISP-02
- Advertisement to IX-LAB
Analysis:
- Problematic prefix 192.168.1.0/24 is
being learned from IX-LAB and not Client
- The same prefix is then advertised
towards Transit (ISP-01 & ISP-02)
19. LAB Outputs – ISP-B
ASN: 200
BGP Advertisement output from ISP-A
Router:
- Advertisement to ISP-01
- Advertisement to ISP-02
- Advertisement to IX-LAB
Analysis:
- Problematic prefix 192.168.0.0/24 is
being learned from IX-LAB and not Client
- The same prefix is then advertised
towards Transit (ISP-01 & ISP-02)
20. LAB Outputs – ISP-01
ASN: 10
BGP Table Output
192.168.0.0/24
- One of the entry shows path via IX-LAB
192.168.1.0/24
- One of the entry shows path via IX-LAB
21. LAB Outputs – ISP-01
ASN: 10
BGP Route Lookup
192.168.0.0/24
- One of the entry shows path via IX-LAB
192.168.1.0/24
- One of the entry shows path via IX-LAB
22. LAB Outputs – ISP-02
ASN: 20
BGP Table Output
192.168.0.0/24
- One of the entry shows path via IX-LAB
192.168.1.0/24
- One of the entry shows path via IX-LAB
23. LAB Outputs – ISP-02
ASN: 20
BGP Route Lookup
192.168.0.0/24
- One of the entry shows path via IX-LAB
192.168.1.0/24
- One of the entry shows path via IX-LAB
25. Configuration Logic – ISP-A (ASN100)
INGRESS Policy:
• Apply BGP Community TAG 100:9
• Peering types: IX & Transit (ASN150, ASN10, ASN20)
EGRESS Policy:
• Apply Filter towards IX/Transit to discard all Prefixes with TAG 100:9
• Peering types: IX & Transit (ASN150, ASN10, ASN20)
• Also may remove existing AS-PATH filters (applicable for the LAB, may not be a
viable option in real-life scenario)
26. Configuration Logic – ISP-B (ASN200)
INGRESS Policy:
• Apply BGP Community TAG 200:9
• Peering types: IX & Transit (ASN150, ASN10, ASN20)
EGRESS Policy:
• Apply Filter towards IX/Transit to discard all Prefixes with TAG 200:9
• Peering types: IX & Transit (ASN150, ASN10, ASN20)
• Also may remove existing AS-PATH filters (applicable for the LAB, may not be a
viable option in real-life scenario)
27. 02 – BGP Table Analysis
As per configuration logic (with BGP community TAGs)