SlideShare a Scribd company logo
Route Leak Prevension
with BGP Community
Q S Tahmeed
AGM, Network Operations
Level3 Carrier Ltd.
Table of
Contents
• Introduction: Route Leaks
• Types of Route Leaks – RFC 7908
• Real-Life Examples
• Findings
• Solution
• Key: BGP Community
• Benefits
• Important Notes
• Overview
• LAB: Topology, Output Analysis & Configs
• Q&A
Introduction:
Route Leaks
Defined in RFC: 7908
Type 1: Hairpin Turn with Full Prefix
Type 2: Lateral ISP-ISP-ISP Leak
Type 3: Leak of Transit Provider Prefixes to Peer
Type 4: Leak of Peer Prefixes to Transit Provider
Type 5: Prefix Re-Origination with Data Path to Legitimate Origin
Type 6: Accidental Leak of Internal Prefixes and More-Specific Prefixes
Notes:
Types 1 – 4: related with AS-PATH validation problem (not covered in RPKI)
Types 5 – 6: related with Route Object validation (covered in RPKI)
Types of
Route Leaks
Real-Life
Example
Real Life
Example
Here in Bangladesh, we faced such leaks due to human errors
back in 2018 when one of the prominent IIGs got connected
with Equinix, SG. They leaked their customer prefixes learned
from Equinix towards their Transit. One of the prominent ISPs
lost at least 10G transit traffic for almost an hour, till the IIG
applied INGRESS filter to drop the ISPs ASN from Equinix.
Later, we also faced several cases where customer prefixes
were leaked (un-intentionally) to Transit. And those
adevertisements were winning at the Global Routing Table.
The affiliated ISPs then resolved the problem by filtering each
others ASNs in their Transit Filters.
More on this in findings section …
Findings
Challenges with ISPs AS-PATH based INGRESS Filter for Customer ASNs at IX/Transit Interface(s):
• Scenario:
• ISPs not receiving client prefixes from Transit, IX, etc.
• Clients not advertising full sets of prefixes directly towards the ISPs (Multihoming & Load-Balancing)
• Challenges:
• IXes are mostly L2 based – No IX-ASN in the learned AS-PATH
• No-common AS-PATH filter can be applied
• Possibility of a very complex configuration (too many logics, very large config etc.)
• Outcome:
• If direct Customer ASNs are filtered using INGRESS AS-PATH-Filters at IX/Transit Interface(s) then the
ISP will loose shortest/best routes and end up diverting the traffic to more expensive Transit or will
direct traffic based on default route only (sub-optimal performance)
Challenges with ISPs AS-PATH based EGRESS Filter for Customer ASNs at IX/Transit Interface(s):
• ISPs implementing only AS-PATH based EGRESS filters leaks Customer routes learned from other PEERs (eg.
IX) due to macth is AS-PATH-List.
Findings (contd.)
Why we need to be concerned about it?
- Many Tier-1 carriers set higher Local-Preference for Customer Routes. This will eventually win the unintended
(leaked) prefix.
- Many/Almost all Tier-1 carriers allows their customers to set higher local-preference for their own routes (via
bgp community). If any provider changes the parameter, chances of winning the unintended (leaked) prefix is
present.
Notes:
- This is more likely a regional/localized scenario
- Further study is required to assess the overall impact at global scale
Solution Key: BGP Community
BGP Community is a very powerful Attribute for effective route policy implementation
• It offers a wide variety of Route TAG-ing which subsequently can be used for route
policy
• Route TAGs have wide range of implications
– ranging from Simple to Very Complex deployment
Solution Benfits
• Route Leak Prevension
• Preventing “unwanted trasit” situations (RFC7908: Types 1 – 4)
• Scalability & Operational Scopes:
• Gain more Granular Control on BGP Advertisement Policy (both iBGP & eBGP)
• Reduce Operational overhead for ASN/Prefix Add/Remove activities (time savings)
• Reduce Operational Risks for human errors
Solution Overview - Important Notes
The proposed solution is in addition to already implemented Routing Security Methods:
- RPKI/ROA validation
- INGRESS Filters
- EGRESS Filters
Soultion Overview
INGRESS Policy
• TAG all received routes based on PEER Types
• Transit
• IX
• PNI
• Customer
EGRESS (Transit/IX/PNI) Policy
• Filter all TAGs matching Transit/IX/PNI
• Allow Customer ASNs/Prefixes based on organization business policy
Customer EGRESS Policy
• Advertise towards clients as per Agreement
Notes:
The proposed solution is a very simple approach to implement BGP community based filtering (in addition to existing route filters/validations) to
prevent Route Leaks (Types 1 – 4). Extensive detailing is possible for larger and complex network topology.
LAB
Topology
Output Analysis
Configurations
LAB
Topology
Confiugration Logic
01 – BGP Table Analysis
As per configuration logic (without BGP community TAGs)
LAB Outputs
ASN: 1000
CE BGP Advertisement to ISP-A
o 192.168.0.0/24
o 192.168.0.0/23
CE BGP Advertisement to ISP-B
o 192.168.1.0/24
o 192.168.0.0/23
LAB Outputs – ISP-A
ASN: 100
BGP Advertisement output from ISP-A
Router:
- Advertisement to ISP-01
- Advertisement to ISP-02
- Advertisement to IX-LAB
Analysis:
- Problematic prefix 192.168.1.0/24 is
being learned from IX-LAB and not Client
- The same prefix is then advertised
towards Transit (ISP-01 & ISP-02)
LAB Outputs – ISP-B
ASN: 200
BGP Advertisement output from ISP-A
Router:
- Advertisement to ISP-01
- Advertisement to ISP-02
- Advertisement to IX-LAB
Analysis:
- Problematic prefix 192.168.0.0/24 is
being learned from IX-LAB and not Client
- The same prefix is then advertised
towards Transit (ISP-01 & ISP-02)
LAB Outputs – ISP-01
ASN: 10
BGP Table Output
192.168.0.0/24
- One of the entry shows path via IX-LAB
192.168.1.0/24
- One of the entry shows path via IX-LAB
LAB Outputs – ISP-01
ASN: 10
BGP Route Lookup
192.168.0.0/24
- One of the entry shows path via IX-LAB
192.168.1.0/24
- One of the entry shows path via IX-LAB
LAB Outputs – ISP-02
ASN: 20
BGP Table Output
192.168.0.0/24
- One of the entry shows path via IX-LAB
192.168.1.0/24
- One of the entry shows path via IX-LAB
LAB Outputs – ISP-02
ASN: 20
BGP Route Lookup
192.168.0.0/24
- One of the entry shows path via IX-LAB
192.168.1.0/24
- One of the entry shows path via IX-LAB
Solution
Adding BGP Community based Filters
Configuration Logic – ISP-A (ASN100)
INGRESS Policy:
• Apply BGP Community TAG 100:9
• Peering types: IX & Transit (ASN150, ASN10, ASN20)
EGRESS Policy:
• Apply Filter towards IX/Transit to discard all Prefixes with TAG 100:9
• Peering types: IX & Transit (ASN150, ASN10, ASN20)
• Also may remove existing AS-PATH filters (applicable for the LAB, may not be a
viable option in real-life scenario)
Configuration Logic – ISP-B (ASN200)
INGRESS Policy:
• Apply BGP Community TAG 200:9
• Peering types: IX & Transit (ASN150, ASN10, ASN20)
EGRESS Policy:
• Apply Filter towards IX/Transit to discard all Prefixes with TAG 200:9
• Peering types: IX & Transit (ASN150, ASN10, ASN20)
• Also may remove existing AS-PATH filters (applicable for the LAB, may not be a
viable option in real-life scenario)
02 – BGP Table Analysis
As per configuration logic (with BGP community TAGs)
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
LAB Configs (ISP-A & ISP-B)
Pre vs. Post BGP Community implementation
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
Questions & Answers
Thank You

More Related Content

What's hot

Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000
Vinod Kumar Balasubramanyam
 
CCIE Lab - IGP Routing
CCIE Lab -  IGP Routing  CCIE Lab -  IGP Routing
CCIE Lab - IGP Routing
Kristof De Brouwer
 
BGP Weight Manipulation with Route Map
BGP Weight Manipulation with Route MapBGP Weight Manipulation with Route Map
BGP Weight Manipulation with Route Map
NetProtocol Xpert
 
Demystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesDemystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode series
Cumulus Networks
 
Basic BGP Configuration
Basic BGP ConfigurationBasic BGP Configuration
Basic BGP Configuration
NetProtocol Xpert
 
A comparison of segment routing data-plane encodings
A comparison of segment routing data-plane encodingsA comparison of segment routing data-plane encodings
A comparison of segment routing data-plane encodings
Gunter Van de Velde
 
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USASegment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Jose Liste
 
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124  | Las Vegas 2017Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124  | Las Vegas 2017
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
Bruno Teixeira
 
IOS Zone based Firewall
IOS Zone based FirewallIOS Zone based Firewall
IOS Zone based Firewall
Netwax Lab
 
Bidirectional Forwarding Detection (BFD)
Bidirectional Forwarding Detection (BFD) Bidirectional Forwarding Detection (BFD)
Bidirectional Forwarding Detection (BFD)
KHNOG
 
Ccna rse chp7 Access Control List (ACL)
Ccna rse chp7 Access Control List (ACL)Ccna rse chp7 Access Control List (ACL)
Ccna rse chp7 Access Control List (ACL)
newbie2019
 
BGP Loop Prevention
BGP Loop Prevention BGP Loop Prevention
BGP Loop Prevention
NetProtocol Xpert
 
BGP protocol presentation
BGP protocol  presentationBGP protocol  presentation
BGP protocol presentation
Gorantla Mohanavamsi
 
IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015
Netgate
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming Techniques
APNIC
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Bruno Teixeira
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
Bangladesh Network Operators Group
 
Inter-AS MPLS VPN Deployment
Inter-AS MPLS VPN DeploymentInter-AS MPLS VPN Deployment
Inter-AS MPLS VPN Deployment
Bangladesh Network Operators Group
 
Next Generation Nexus 9000 Architecture
Next Generation Nexus 9000 ArchitectureNext Generation Nexus 9000 Architecture
Next Generation Nexus 9000 Architecture
Cisco Canada
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching Commands
Eng. Emad Al-Atoum
 

What's hot (20)

Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000
 
CCIE Lab - IGP Routing
CCIE Lab -  IGP Routing  CCIE Lab -  IGP Routing
CCIE Lab - IGP Routing
 
BGP Weight Manipulation with Route Map
BGP Weight Manipulation with Route MapBGP Weight Manipulation with Route Map
BGP Weight Manipulation with Route Map
 
Demystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesDemystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode series
 
Basic BGP Configuration
Basic BGP ConfigurationBasic BGP Configuration
Basic BGP Configuration
 
A comparison of segment routing data-plane encodings
A comparison of segment routing data-plane encodingsA comparison of segment routing data-plane encodings
A comparison of segment routing data-plane encodings
 
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USASegment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
 
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124  | Las Vegas 2017Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124  | Las Vegas 2017
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
 
IOS Zone based Firewall
IOS Zone based FirewallIOS Zone based Firewall
IOS Zone based Firewall
 
Bidirectional Forwarding Detection (BFD)
Bidirectional Forwarding Detection (BFD) Bidirectional Forwarding Detection (BFD)
Bidirectional Forwarding Detection (BFD)
 
Ccna rse chp7 Access Control List (ACL)
Ccna rse chp7 Access Control List (ACL)Ccna rse chp7 Access Control List (ACL)
Ccna rse chp7 Access Control List (ACL)
 
BGP Loop Prevention
BGP Loop Prevention BGP Loop Prevention
BGP Loop Prevention
 
BGP protocol presentation
BGP protocol  presentationBGP protocol  presentation
BGP protocol presentation
 
IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015IPv6 Basics - pfSense Hangout July 2015
IPv6 Basics - pfSense Hangout July 2015
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming Techniques
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
Inter-AS MPLS VPN Deployment
Inter-AS MPLS VPN DeploymentInter-AS MPLS VPN Deployment
Inter-AS MPLS VPN Deployment
 
Next Generation Nexus 9000 Architecture
Next Generation Nexus 9000 ArchitectureNext Generation Nexus 9000 Architecture
Next Generation Nexus 9000 Architecture
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching Commands
 

Similar to Route Leak Prevension with BGP Community

Wrou01
Wrou01Wrou01
Wrou01
tanawan44
 
E rou01 routing_basics
E rou01 routing_basicsE rou01 routing_basics
E rou01 routing_basics
tanawan44
 
Computer network (14)
Computer network (14)Computer network (14)
Computer network (14)
NYversity
 
Apricot2004 bgp00
Apricot2004 bgp00Apricot2004 bgp00
Apricot2004 bgp00
La Htoi Layang
 
Bgp (1)
Bgp (1)Bgp (1)
bgp.ppt
bgp.pptbgp.ppt
bgp.ppt
aozcan1
 
Prefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul IslamPrefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul Islam
MyNOG
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
APNIC
 
Route Server service @ NaMeX
Route Server service @ NaMeXRoute Server service @ NaMeX
Route Server service @ NaMeX
Flavio Luciani
 
CCCNP ROUTE v6_ch05
CCCNP ROUTE  v6_ch05CCCNP ROUTE  v6_ch05
【EPN Seminar Nov.10. 2015】 パネルディスカッション その2: BGP Peering Engineering Automatio...
【EPN Seminar Nov.10. 2015】 パネルディスカッション その2: BGP Peering Engineering Automatio...【EPN Seminar Nov.10. 2015】 パネルディスカッション その2: BGP Peering Engineering Automatio...
【EPN Seminar Nov.10. 2015】 パネルディスカッション その2: BGP Peering Engineering Automatio...
シスコシステムズ合同会社
 
Prefix Filtering BCP
Prefix Filtering BCP Prefix Filtering BCP
Prefix Filtering BCP
Bangladesh Network Operators Group
 
Bgp
BgpBgp
Brkrst 3123 previdi-final
Brkrst 3123 previdi-finalBrkrst 3123 previdi-final
Brkrst 3123 previdi-final
Stefano Previdi
 
ENCOR_Chapter_6.pptx
ENCOR_Chapter_6.pptxENCOR_Chapter_6.pptx
ENCOR_Chapter_6.pptx
ManuelRojas960410
 
Monitoring Route Changes
Monitoring Route ChangesMonitoring Route Changes
Monitoring Route Changes
ThousandEyes
 
3 ip routing part b
3 ip routing part b3 ip routing part b
3 ip routing part b
SagarR24
 
3 ip routing bgp-updated
3 ip routing bgp-updated3 ip routing bgp-updated
3 ip routing bgp-updated
SagarR24
 
2) Routing Protocol Basis.pdf
2) Routing Protocol Basis.pdf2) Routing Protocol Basis.pdf
2) Routing Protocol Basis.pdf
RandyDookheran2
 
2) Routing Protocol Basis.pdf
2) Routing Protocol Basis.pdf2) Routing Protocol Basis.pdf
2) Routing Protocol Basis.pdf
RandyDookheran1
 

Similar to Route Leak Prevension with BGP Community (20)

Wrou01
Wrou01Wrou01
Wrou01
 
E rou01 routing_basics
E rou01 routing_basicsE rou01 routing_basics
E rou01 routing_basics
 
Computer network (14)
Computer network (14)Computer network (14)
Computer network (14)
 
Apricot2004 bgp00
Apricot2004 bgp00Apricot2004 bgp00
Apricot2004 bgp00
 
Bgp (1)
Bgp (1)Bgp (1)
Bgp (1)
 
bgp.ppt
bgp.pptbgp.ppt
bgp.ppt
 
Prefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul IslamPrefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul Islam
 
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development32nd TWNIC IP OPM: ROA+ROV deployment & industry development
32nd TWNIC IP OPM: ROA+ROV deployment & industry development
 
Route Server service @ NaMeX
Route Server service @ NaMeXRoute Server service @ NaMeX
Route Server service @ NaMeX
 
CCCNP ROUTE v6_ch05
CCCNP ROUTE  v6_ch05CCCNP ROUTE  v6_ch05
CCCNP ROUTE v6_ch05
 
【EPN Seminar Nov.10. 2015】 パネルディスカッション その2: BGP Peering Engineering Automatio...
【EPN Seminar Nov.10. 2015】 パネルディスカッション その2: BGP Peering Engineering Automatio...【EPN Seminar Nov.10. 2015】 パネルディスカッション その2: BGP Peering Engineering Automatio...
【EPN Seminar Nov.10. 2015】 パネルディスカッション その2: BGP Peering Engineering Automatio...
 
Prefix Filtering BCP
Prefix Filtering BCP Prefix Filtering BCP
Prefix Filtering BCP
 
Bgp
BgpBgp
Bgp
 
Brkrst 3123 previdi-final
Brkrst 3123 previdi-finalBrkrst 3123 previdi-final
Brkrst 3123 previdi-final
 
ENCOR_Chapter_6.pptx
ENCOR_Chapter_6.pptxENCOR_Chapter_6.pptx
ENCOR_Chapter_6.pptx
 
Monitoring Route Changes
Monitoring Route ChangesMonitoring Route Changes
Monitoring Route Changes
 
3 ip routing part b
3 ip routing part b3 ip routing part b
3 ip routing part b
 
3 ip routing bgp-updated
3 ip routing bgp-updated3 ip routing bgp-updated
3 ip routing bgp-updated
 
2) Routing Protocol Basis.pdf
2) Routing Protocol Basis.pdf2) Routing Protocol Basis.pdf
2) Routing Protocol Basis.pdf
 
2) Routing Protocol Basis.pdf
2) Routing Protocol Basis.pdf2) Routing Protocol Basis.pdf
2) Routing Protocol Basis.pdf
 

More from Bangladesh Network Operators Group

Maximizing Network Efficiency with Large Language Models (LLM)
Maximizing Network Efficiency with Large Language Models (LLM)Maximizing Network Efficiency with Large Language Models (LLM)
Maximizing Network Efficiency with Large Language Models (LLM)
Bangladesh Network Operators Group
 
Geolocation and Geofeed Implementation bdNOG18
Geolocation and Geofeed Implementation bdNOG18Geolocation and Geofeed Implementation bdNOG18
Geolocation and Geofeed Implementation bdNOG18
Bangladesh Network Operators Group
 
Data Centre Design Consideration for Bangladesh
Data Centre Design Consideration for BangladeshData Centre Design Consideration for Bangladesh
Data Centre Design Consideration for Bangladesh
Bangladesh Network Operators Group
 
DNS Troubleshooting - Assumptions and Problem Breakdown
DNS Troubleshooting - Assumptions and Problem BreakdownDNS Troubleshooting - Assumptions and Problem Breakdown
DNS Troubleshooting - Assumptions and Problem Breakdown
Bangladesh Network Operators Group
 
Team Cymru Community Services,Overview of all public services
Team Cymru Community Services,Overview of all public servicesTeam Cymru Community Services,Overview of all public services
Team Cymru Community Services,Overview of all public services
Bangladesh Network Operators Group
 
Open Source TCP or Netflow Log Server Using Graylog
Open Source TCP or Netflow Log Server Using GraylogOpen Source TCP or Netflow Log Server Using Graylog
Open Source TCP or Netflow Log Server Using Graylog
Bangladesh Network Operators Group
 
Enhancing seamless access using TIGERfed
Enhancing seamless access using TIGERfedEnhancing seamless access using TIGERfed
Enhancing seamless access using TIGERfed
Bangladesh Network Operators Group
 
Software Defined Networking, Concepts and Practical Implementations
Software Defined Networking, Concepts and Practical ImplementationsSoftware Defined Networking, Concepts and Practical Implementations
Software Defined Networking, Concepts and Practical Implementations
Bangladesh Network Operators Group
 
IPv6 Deployment Planning and Security Considerations
IPv6 Deployment Planning and Security ConsiderationsIPv6 Deployment Planning and Security Considerations
IPv6 Deployment Planning and Security Considerations
Bangladesh Network Operators Group
 
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Bangladesh Network Operators Group
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Bangladesh Network Operators Group
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
Bangladesh Network Operators Group
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
Bangladesh Network Operators Group
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
Bangladesh Network Operators Group
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
Bangladesh Network Operators Group
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
Bangladesh Network Operators Group
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia  2022IPv6 Deployment in South Asia  2022
IPv6 Deployment in South Asia 2022
Bangladesh Network Operators Group
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
Bangladesh Network Operators Group
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
Bangladesh Network Operators Group
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
Bangladesh Network Operators Group
 

More from Bangladesh Network Operators Group (20)

Maximizing Network Efficiency with Large Language Models (LLM)
Maximizing Network Efficiency with Large Language Models (LLM)Maximizing Network Efficiency with Large Language Models (LLM)
Maximizing Network Efficiency with Large Language Models (LLM)
 
Geolocation and Geofeed Implementation bdNOG18
Geolocation and Geofeed Implementation bdNOG18Geolocation and Geofeed Implementation bdNOG18
Geolocation and Geofeed Implementation bdNOG18
 
Data Centre Design Consideration for Bangladesh
Data Centre Design Consideration for BangladeshData Centre Design Consideration for Bangladesh
Data Centre Design Consideration for Bangladesh
 
DNS Troubleshooting - Assumptions and Problem Breakdown
DNS Troubleshooting - Assumptions and Problem BreakdownDNS Troubleshooting - Assumptions and Problem Breakdown
DNS Troubleshooting - Assumptions and Problem Breakdown
 
Team Cymru Community Services,Overview of all public services
Team Cymru Community Services,Overview of all public servicesTeam Cymru Community Services,Overview of all public services
Team Cymru Community Services,Overview of all public services
 
Open Source TCP or Netflow Log Server Using Graylog
Open Source TCP or Netflow Log Server Using GraylogOpen Source TCP or Netflow Log Server Using Graylog
Open Source TCP or Netflow Log Server Using Graylog
 
Enhancing seamless access using TIGERfed
Enhancing seamless access using TIGERfedEnhancing seamless access using TIGERfed
Enhancing seamless access using TIGERfed
 
Software Defined Networking, Concepts and Practical Implementations
Software Defined Networking, Concepts and Practical ImplementationsSoftware Defined Networking, Concepts and Practical Implementations
Software Defined Networking, Concepts and Practical Implementations
 
IPv6 Deployment Planning and Security Considerations
IPv6 Deployment Planning and Security ConsiderationsIPv6 Deployment Planning and Security Considerations
IPv6 Deployment Planning and Security Considerations
 
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia  2022IPv6 Deployment in South Asia  2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 

Recently uploaded

Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
shanihomely
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
Steven Carlson
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
ldtexsolbl
 
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
Edge AI and Vision Alliance
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
Neo4j
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
Kief Morris
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
Shiv Technolabs
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
aakash malhotra
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Muhammad Ali
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
Axel Rennoch
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Torry Harris
 
WhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring AppsWhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring Apps
HackersList
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
HackersList
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
Jimmy Lai
 
Figma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdfFigma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdf
Management Institute of Skills Development
 
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Zilliz
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
ssuser1915fe1
 

Recently uploaded (20)

Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
 
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
 
WhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring AppsWhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring Apps
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
 
Figma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdfFigma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdf
 
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
 

Route Leak Prevension with BGP Community

  • 1. Route Leak Prevension with BGP Community Q S Tahmeed AGM, Network Operations Level3 Carrier Ltd.
  • 2. Table of Contents • Introduction: Route Leaks • Types of Route Leaks – RFC 7908 • Real-Life Examples • Findings • Solution • Key: BGP Community • Benefits • Important Notes • Overview • LAB: Topology, Output Analysis & Configs • Q&A
  • 3. Introduction: Route Leaks Defined in RFC: 7908 Type 1: Hairpin Turn with Full Prefix Type 2: Lateral ISP-ISP-ISP Leak Type 3: Leak of Transit Provider Prefixes to Peer Type 4: Leak of Peer Prefixes to Transit Provider Type 5: Prefix Re-Origination with Data Path to Legitimate Origin Type 6: Accidental Leak of Internal Prefixes and More-Specific Prefixes Notes: Types 1 – 4: related with AS-PATH validation problem (not covered in RPKI) Types 5 – 6: related with Route Object validation (covered in RPKI)
  • 6. Real Life Example Here in Bangladesh, we faced such leaks due to human errors back in 2018 when one of the prominent IIGs got connected with Equinix, SG. They leaked their customer prefixes learned from Equinix towards their Transit. One of the prominent ISPs lost at least 10G transit traffic for almost an hour, till the IIG applied INGRESS filter to drop the ISPs ASN from Equinix. Later, we also faced several cases where customer prefixes were leaked (un-intentionally) to Transit. And those adevertisements were winning at the Global Routing Table. The affiliated ISPs then resolved the problem by filtering each others ASNs in their Transit Filters. More on this in findings section …
  • 7. Findings Challenges with ISPs AS-PATH based INGRESS Filter for Customer ASNs at IX/Transit Interface(s): • Scenario: • ISPs not receiving client prefixes from Transit, IX, etc. • Clients not advertising full sets of prefixes directly towards the ISPs (Multihoming & Load-Balancing) • Challenges: • IXes are mostly L2 based – No IX-ASN in the learned AS-PATH • No-common AS-PATH filter can be applied • Possibility of a very complex configuration (too many logics, very large config etc.) • Outcome: • If direct Customer ASNs are filtered using INGRESS AS-PATH-Filters at IX/Transit Interface(s) then the ISP will loose shortest/best routes and end up diverting the traffic to more expensive Transit or will direct traffic based on default route only (sub-optimal performance) Challenges with ISPs AS-PATH based EGRESS Filter for Customer ASNs at IX/Transit Interface(s): • ISPs implementing only AS-PATH based EGRESS filters leaks Customer routes learned from other PEERs (eg. IX) due to macth is AS-PATH-List.
  • 8. Findings (contd.) Why we need to be concerned about it? - Many Tier-1 carriers set higher Local-Preference for Customer Routes. This will eventually win the unintended (leaked) prefix. - Many/Almost all Tier-1 carriers allows their customers to set higher local-preference for their own routes (via bgp community). If any provider changes the parameter, chances of winning the unintended (leaked) prefix is present. Notes: - This is more likely a regional/localized scenario - Further study is required to assess the overall impact at global scale
  • 9. Solution Key: BGP Community BGP Community is a very powerful Attribute for effective route policy implementation • It offers a wide variety of Route TAG-ing which subsequently can be used for route policy • Route TAGs have wide range of implications – ranging from Simple to Very Complex deployment
  • 10. Solution Benfits • Route Leak Prevension • Preventing “unwanted trasit” situations (RFC7908: Types 1 – 4) • Scalability & Operational Scopes: • Gain more Granular Control on BGP Advertisement Policy (both iBGP & eBGP) • Reduce Operational overhead for ASN/Prefix Add/Remove activities (time savings) • Reduce Operational Risks for human errors
  • 11. Solution Overview - Important Notes The proposed solution is in addition to already implemented Routing Security Methods: - RPKI/ROA validation - INGRESS Filters - EGRESS Filters
  • 12. Soultion Overview INGRESS Policy • TAG all received routes based on PEER Types • Transit • IX • PNI • Customer EGRESS (Transit/IX/PNI) Policy • Filter all TAGs matching Transit/IX/PNI • Allow Customer ASNs/Prefixes based on organization business policy Customer EGRESS Policy • Advertise towards clients as per Agreement Notes: The proposed solution is a very simple approach to implement BGP community based filtering (in addition to existing route filters/validations) to prevent Route Leaks (Types 1 – 4). Extensive detailing is possible for larger and complex network topology.
  • 16. 01 – BGP Table Analysis As per configuration logic (without BGP community TAGs)
  • 17. LAB Outputs ASN: 1000 CE BGP Advertisement to ISP-A o 192.168.0.0/24 o 192.168.0.0/23 CE BGP Advertisement to ISP-B o 192.168.1.0/24 o 192.168.0.0/23
  • 18. LAB Outputs – ISP-A ASN: 100 BGP Advertisement output from ISP-A Router: - Advertisement to ISP-01 - Advertisement to ISP-02 - Advertisement to IX-LAB Analysis: - Problematic prefix 192.168.1.0/24 is being learned from IX-LAB and not Client - The same prefix is then advertised towards Transit (ISP-01 & ISP-02)
  • 19. LAB Outputs – ISP-B ASN: 200 BGP Advertisement output from ISP-A Router: - Advertisement to ISP-01 - Advertisement to ISP-02 - Advertisement to IX-LAB Analysis: - Problematic prefix 192.168.0.0/24 is being learned from IX-LAB and not Client - The same prefix is then advertised towards Transit (ISP-01 & ISP-02)
  • 20. LAB Outputs – ISP-01 ASN: 10 BGP Table Output 192.168.0.0/24 - One of the entry shows path via IX-LAB 192.168.1.0/24 - One of the entry shows path via IX-LAB
  • 21. LAB Outputs – ISP-01 ASN: 10 BGP Route Lookup 192.168.0.0/24 - One of the entry shows path via IX-LAB 192.168.1.0/24 - One of the entry shows path via IX-LAB
  • 22. LAB Outputs – ISP-02 ASN: 20 BGP Table Output 192.168.0.0/24 - One of the entry shows path via IX-LAB 192.168.1.0/24 - One of the entry shows path via IX-LAB
  • 23. LAB Outputs – ISP-02 ASN: 20 BGP Route Lookup 192.168.0.0/24 - One of the entry shows path via IX-LAB 192.168.1.0/24 - One of the entry shows path via IX-LAB
  • 25. Configuration Logic – ISP-A (ASN100) INGRESS Policy: • Apply BGP Community TAG 100:9 • Peering types: IX & Transit (ASN150, ASN10, ASN20) EGRESS Policy: • Apply Filter towards IX/Transit to discard all Prefixes with TAG 100:9 • Peering types: IX & Transit (ASN150, ASN10, ASN20) • Also may remove existing AS-PATH filters (applicable for the LAB, may not be a viable option in real-life scenario)
  • 26. Configuration Logic – ISP-B (ASN200) INGRESS Policy: • Apply BGP Community TAG 200:9 • Peering types: IX & Transit (ASN150, ASN10, ASN20) EGRESS Policy: • Apply Filter towards IX/Transit to discard all Prefixes with TAG 200:9 • Peering types: IX & Transit (ASN150, ASN10, ASN20) • Also may remove existing AS-PATH filters (applicable for the LAB, may not be a viable option in real-life scenario)
  • 27. 02 – BGP Table Analysis As per configuration logic (with BGP community TAGs)
  • 32. LAB Configs (ISP-A & ISP-B) Pre vs. Post BGP Community implementation