SlideShare a Scribd company logo

Using MikroTik routers for BGP transit and IX points

Pavel Odintsov
Pavel Odintsov

This document discusses using MikroTik routers for BGP transit and internet exchange (IX) points. It covers how to configure BGP to import routes from transit carriers and IXes, export routes to customers, and control outgoing traffic preferences. Communities are used to mark routes from different providers and for blackholing DDoS attacks. Recommended BGP attribute values are provided to control traffic flow. Acknowledgments are given to DE-CIX for information used in the presentation.

1 of 30
Download to read offline
Using MikroTik routers for BGP transit and IX points Juan Miguel Gallardo, MikroTik Trainer and Consultant. Lisbon, on September 20, 2019.
ENGINEERING AND PROJECTS The engine for your ideas • QUALITY. • CUSTOMER DEFENSE. • SINGULAR PROJECTS. • WHITE BRAND FOR COLABORATORS
GLOBAL SUPPORT FOR COMMUNICATION NETWORKS •PROACTIVE SUPPORT. •MULTI BRAND SUPPORT. •CERTIFIED SUPPORT TECHNICIAMS. •TRANSPARENCY FOR INCIDENTS AND CONFIGURATIONS. The best technical support for ISP and Industries.
MIKROTIK TRAINING COURSES •MIKROTIK CERTIFIED EXAMS. •REAL LABS. •OWN HANDBOOKS. •SCHEDULED AND ON DEMAND. •BASED ON EXPERIENCE. A singular training.
DEDICATED IP TRANSIT FOR ISP •Direct circuits. •Virtual tunnels. •Backup sceneries. And others
Carrier 1 Carrier 2 Carrier n OwnCustomer Network Full Transit IX Prefixes Default route TRANSIT AND IX NETWORK How do we do it?
OWN NETWORKS ASN 65501 •ASN <=> OWN DOMAIN ==> 65501 (example). •eBGP <=> Border Gateway Protocol with other ASNs. •Own networks <=> 10.100.0.0/22, 10.200.0.0/22. •BGP peers: •Transit peer 1: 65510 •Transit peer 2: 65520 •DE-CIX route server 1: 48793 •Customer 1: 65530 <==> 10.200.172.0/22 We will use private ASN/IPv4 prefixes for this presentation. The shown filters are a very simply configuration for didactic purposes. In real environment, we will need a complex filter configuration to avoid network problems: Own prefixes filtering, bogons filtering, and so on.
IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501 •Transit peers: default outgoing traffic when no other preferred. •Peering: Preferred outgoing traffic. •Lower latency. •Lower cost. How to modulate the preference for incoming routes? •LOCAL_PREF •SHORTEST AS_PATH •MED •OLDEST PATH vs YOUNGER PATH FILTERS
IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501 •LOCAL_PREF: internal attribute assigned into our network domain. •Higher values, preferred routes. •Will propagate along our network domain (iBGP), but will not propagate for external peers (eBGP). •MED: Multi Exit Discriminator, can be learned from BGP neighboors. •Lower values are for preferred networks. •Can be propagated for eBGP peers if they don’t set their own values.
IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501 •Local Pref: higher for neutral IX •BGP MED: lower for neutral IX •Our outgoing traffic will prefer the IX door. Why are we using communities? Transit Carrier DE-CIX neutral IX
IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501 •We will assign communities over imported routes to ‘mark’ the routes for each provider. •It will be useful to provide transit, IX or both routes to our customers, for example. •In this case: •Transit routes will be set with: 65501:100 - 65501:109 •IX routes will be set with: 65501:110 - 65501:119 •In other cases, we can use communities for: •Geo id, router that originates the prefix… •To do more complex filters and avoid transit over our network from transit 1 to transit n. •Propagate attacked IP address to blackhole servers… Why are we using communities?
IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501
EXPORT ROUTES ==> INCOMING TRAFFIC ASN 65501 •Introduce de networks into the BGP world. •Network size will be used to define if we want to split the aggregate network or not. •Advantage: traffic control •Disadvantage: more routes in the world. •The final control will be made by routing filters. •Optionally, we can create blackhole routes in our routing table.
EXPORT ROUTES ==> INCOMING TRAFFIC ASN 65501 •Attributes aggregation. •Avoid looping.
EXPORT ROUTES ==> INCOMING TRAFFIC ASN 65501
EXPORT ROUTES ==> INCOMING TRAFFIC TRANSIT 1 POINT OF VIEW
EXPORT ROUTES ==> INCOMING TRAFFIC TRANSIT 2 POINT OF VIEW
EXPORT ROUTES ==> INCOMING TRAFFIC DECIX POINT OF VIEW
IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22 Carrier 1 Carrier 2 Carrier n OwnCustomer 1 Network
IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22 COMMUNITIES: 65501:201—> Announce for transit. 65501:202—> Announce for IX.
IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22
IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22
IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22 ??
TRANSIT, IX AND CUSTOMERS CONNECTED IS ANYMORE FOR US?
OTHER USEFUL USES FOR COMMUNITIES •Propagate black holing prefixes detected by DDoS detection tools. We are Fast Netmon Partners, and we can introduce this tool in your network.
IP: 185.X.Y.Z Attack uuid: 4cce6e17-b7df-4b69-88c7-718562377d07 Attack severity: middle Attack type: udp_flood Initial attack power: 100029 packets per second Peak attack power: 100029 packets per second Attack direction: incoming Attack protocol: udp Detection source: automatic Host network: 185.X.Y.Z/22 Protocol version: IPv4 Total incoming traffic: 919 mbps Total outgoing traffic: 0 mbps Total incoming pps: 100029 packets per second Total outgoing pps: 92 packets per second Incoming udp pps: 99988 packets per second Outgoing udp pps: 0 packets per second TRAFFIC FLOW Analysis + Permanent BGP Session DDoS mitigation Fast Netmon will publish a /32 prefix + Community: 65501:666 If Attack…
Recomended Values for incoming filters Localpref Internal 999 Customer overweight 200 Customer Default 190 Customer Underweight 180 Peering overweight 140 Peering Default 130 Peering underweight 120 Transit Default 100 Transit underweight 90 MED (metric) Internal 0 Customer prefixes 0 for default Peering prefixes 10 for best 20 for worst Transit prefixes 40 for default Up to 50 for worst Outgoing Traffic
What about incoming traffic? • Set the metric of the sent prefixes to zero. It could be OK if the other party has not set it. • Try to set some AS prepends on the link you do not want to be used. If the other party decides on the basis of localpref, it doesn’t matter how much you enlarge the AS path. • Be in touch with the other side to try the route definition together.
Acknowledgments Thanks to DE-CIX. They allowed us to use their name, logo and peering guides information for this presentation. https://www.de-cix.net Ms. Theresa Bobis: theresa.bobis@de-cix.net Mr. Da Costa: darwin.costa@de-cix.net
924 11 11 28 info@codisats.es www.codisats.es Badajoz - Spain NETWORK ENGINEERING TECHNICAL SUPPORT TRAINING INTERNET ACCESS

Recommended

BGP filter with mikrotik
BGP filter with mikrotikBGP filter with mikrotik
BGP filter with mikrotik
Achmad Mardiansyah
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming Techniques
APNIC
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and Discussion
APNIC
 
BGP filtering - Zagreb 2013
BGP filtering - Zagreb 2013 BGP filtering - Zagreb 2013
BGP filtering - Zagreb 2013
Wardner Maia
 
464XLAT Tutorial
464XLAT Tutorial464XLAT Tutorial
464XLAT Tutorial
APNIC
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
APNIC
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit network
Pavel Odintsov
 
Mikrotik load balansing
Mikrotik load balansingMikrotik load balansing
Mikrotik load balansing
Кирилл Кекер
 

Recommended

BGP filter with mikrotik
BGP filter with mikrotikBGP filter with mikrotik
BGP filter with mikrotik
Achmad Mardiansyah
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming Techniques
APNIC
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and Discussion
APNIC
 
BGP filtering - Zagreb 2013
BGP filtering - Zagreb 2013 BGP filtering - Zagreb 2013
BGP filtering - Zagreb 2013
Wardner Maia
 
464XLAT Tutorial
464XLAT Tutorial464XLAT Tutorial
464XLAT Tutorial
APNIC
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
APNIC
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit network
Pavel Odintsov
 
Mikrotik load balansing
Mikrotik load balansingMikrotik load balansing
Mikrotik load balansing
Кирилл Кекер
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotik
Achmad Mardiansyah
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developments
Pavel Odintsov
 
Large BGP Communities
Large BGP CommunitiesLarge BGP Communities
Large BGP Communities
APNIC
 
Using BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsUsing BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet Connections
Rowell Dionicio
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44
Jisc
 
BGP Services IP Transit vs IP Peering
BGP Services IP Transit vs IP PeeringBGP Services IP Transit vs IP Peering
BGP Services IP Transit vs IP Peering
GLC Networks
 
Mikro tik advanced training
Mikro tik advanced trainingMikro tik advanced training
Mikro tik advanced training
Jignesh H. Bhalsod
 
Mikrotik Hotspot
Mikrotik HotspotMikrotik Hotspot
Mikrotik Hotspot
GLC Networks
 
Bgp
BgpBgp
Bgp
Febrian ‎
 
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000
Cisco Canada
 
ALU 7360 5520_gpon_basic_configuration
ALU 7360 5520_gpon_basic_configurationALU 7360 5520_gpon_basic_configuration
ALU 7360 5520_gpon_basic_configuration
Wahyu Nasution
 
How BGP Works
How BGP WorksHow BGP Works
How BGP Works
ThousandEyes
 
Deploy MPLS Traffic Engineering
Deploy MPLS Traffic EngineeringDeploy MPLS Traffic Engineering
Deploy MPLS Traffic Engineering
APNIC
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
Bangladesh Network Operators Group
 
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Fred Posner
 
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USASegment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Jose Liste
 
BGP on RouterOS7 -Part 1
BGP on RouterOS7 -Part 1BGP on RouterOS7 -Part 1
BGP on RouterOS7 -Part 1
GLC Networks
 
Migrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip SmithMigrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip Smith
MyNOG
 
IPsec on Mikrotik
IPsec on MikrotikIPsec on Mikrotik
IPsec on Mikrotik
GLC Networks
 
Nat
NatNat
Nat
Elshan86
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
MyNOG
 
Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...
Muhammad Moinur Rahman
 

More Related Content

What's hot

BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotik
Achmad Mardiansyah
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developments
Pavel Odintsov
 
Large BGP Communities
Large BGP CommunitiesLarge BGP Communities
Large BGP Communities
APNIC
 
Using BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsUsing BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet Connections
Rowell Dionicio
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44
Jisc
 
BGP Services IP Transit vs IP Peering
BGP Services IP Transit vs IP PeeringBGP Services IP Transit vs IP Peering
BGP Services IP Transit vs IP Peering
GLC Networks
 
Mikro tik advanced training
Mikro tik advanced trainingMikro tik advanced training
Mikro tik advanced training
Jignesh H. Bhalsod
 
Mikrotik Hotspot
Mikrotik HotspotMikrotik Hotspot
Mikrotik Hotspot
GLC Networks
 
Bgp
BgpBgp
Bgp
Febrian ‎
 
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000
Cisco Canada
 
ALU 7360 5520_gpon_basic_configuration
ALU 7360 5520_gpon_basic_configurationALU 7360 5520_gpon_basic_configuration
ALU 7360 5520_gpon_basic_configuration
Wahyu Nasution
 
How BGP Works
How BGP WorksHow BGP Works
How BGP Works
ThousandEyes
 
Deploy MPLS Traffic Engineering
Deploy MPLS Traffic EngineeringDeploy MPLS Traffic Engineering
Deploy MPLS Traffic Engineering
APNIC
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
Bangladesh Network Operators Group
 
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Fred Posner
 
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USASegment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Jose Liste
 
BGP on RouterOS7 -Part 1
BGP on RouterOS7 -Part 1BGP on RouterOS7 -Part 1
BGP on RouterOS7 -Part 1
GLC Networks
 
Migrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip SmithMigrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip Smith
MyNOG
 
IPsec on Mikrotik
IPsec on MikrotikIPsec on Mikrotik
IPsec on Mikrotik
GLC Networks
 
Nat
NatNat
Nat
Elshan86
 

What's hot (20)

BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotik
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developments
 
Large BGP Communities
Large BGP CommunitiesLarge BGP Communities
Large BGP Communities
 
Using BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsUsing BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet Connections
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44
 
BGP Services IP Transit vs IP Peering
BGP Services IP Transit vs IP PeeringBGP Services IP Transit vs IP Peering
BGP Services IP Transit vs IP Peering
 
Mikro tik advanced training
Mikro tik advanced trainingMikro tik advanced training
Mikro tik advanced training
 
Mikrotik Hotspot
Mikrotik HotspotMikrotik Hotspot
Mikrotik Hotspot
 
Bgp
BgpBgp
Bgp
 
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000
Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000
 
ALU 7360 5520_gpon_basic_configuration
ALU 7360 5520_gpon_basic_configurationALU 7360 5520_gpon_basic_configuration
ALU 7360 5520_gpon_basic_configuration
 
How BGP Works
How BGP WorksHow BGP Works
How BGP Works
 
Deploy MPLS Traffic Engineering
Deploy MPLS Traffic EngineeringDeploy MPLS Traffic Engineering
Deploy MPLS Traffic Engineering
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
 
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USASegment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
 
BGP on RouterOS7 -Part 1
BGP on RouterOS7 -Part 1BGP on RouterOS7 -Part 1
BGP on RouterOS7 -Part 1
 
Migrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip SmithMigrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip Smith
 
IPsec on Mikrotik
IPsec on MikrotikIPsec on Mikrotik
IPsec on Mikrotik
 
Nat
NatNat
Nat
 

Similar to Using MikroTik routers for BGP transit and IX points

DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
MyNOG
 
Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...
Muhammad Moinur Rahman
 
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
APNIC
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection tool
Pavel Odintsov
 
Хакеры хотят ваш банк больше, чем ваших клиентов
Хакеры хотят ваш банк больше, чем ваших клиентовХакеры хотят ваш банк больше, чем ваших клиентов
Хакеры хотят ваш банк больше, чем ваших клиентов
Positive Hack Days
 
[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT
Site24x7
 
DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and more
Internet Society
 
Publishing Microservices Applications
Publishing Microservices ApplicationsPublishing Microservices Applications
Publishing Microservices Applications
Francisco Javier Ramírez Urea
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and Techniques
Babak Farrokhi
 
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Jiunn-Jer Sun
 
Vsat day-2008-idirect
Vsat day-2008-idirectVsat day-2008-idirect
Vsat day-2008-idirect
SSPI Brasil
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasures
dkaya
 
Selective blackholing - how to use & implement
Selective blackholing - how to use & implementSelective blackholing - how to use & implement
Selective blackholing - how to use & implement
APNIC
 
DDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet FilteringDDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet Filtering
Qrator Labs
 
Interoute VDC: Education from the cloud
Interoute VDC: Education from the cloudInteroute VDC: Education from the cloud
Interoute VDC: Education from the cloud
jon_graham1977
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and Mitigation
Jerod Brennen
 
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PROIDEA
 
PLNOG16: Jak zbudować Punkt Wymiany Ruchu używając urządzeń Junipera, Aleksan...
PLNOG16: Jak zbudować Punkt Wymiany Ruchu używając urządzeń Junipera, Aleksan...PLNOG16: Jak zbudować Punkt Wymiany Ruchu używając urządzeń Junipera, Aleksan...
PLNOG16: Jak zbudować Punkt Wymiany Ruchu używając urządzeń Junipera, Aleksan...
PROIDEA
 
Cubro subprocessor appliance in nic format
Cubro subprocessor appliance in nic formatCubro subprocessor appliance in nic format
Cubro subprocessor appliance in nic format
Christian Ferenz
 
Chapter 8 overview
Chapter 8 overviewChapter 8 overview
Chapter 8 overview
ali raza
 

Similar to Using MikroTik routers for BGP transit and IX points (20)

DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...
 
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection tool
 
Хакеры хотят ваш банк больше, чем ваших клиентов
Хакеры хотят ваш банк больше, чем ваших клиентовХакеры хотят ваш банк больше, чем ваших клиентов
Хакеры хотят ваш банк больше, чем ваших клиентов
 
[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT
 
DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and more
 
Publishing Microservices Applications
Publishing Microservices ApplicationsPublishing Microservices Applications
Publishing Microservices Applications
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and Techniques
 
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
 
Vsat day-2008-idirect
Vsat day-2008-idirectVsat day-2008-idirect
Vsat day-2008-idirect
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasures
 
Selective blackholing - how to use & implement
Selective blackholing - how to use & implementSelective blackholing - how to use & implement
Selective blackholing - how to use & implement
 
DDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet FilteringDDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet Filtering
 
Interoute VDC: Education from the cloud
Interoute VDC: Education from the cloudInteroute VDC: Education from the cloud
Interoute VDC: Education from the cloud
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and Mitigation
 
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
 
PLNOG16: Jak zbudować Punkt Wymiany Ruchu używając urządzeń Junipera, Aleksan...
PLNOG16: Jak zbudować Punkt Wymiany Ruchu używając urządzeń Junipera, Aleksan...PLNOG16: Jak zbudować Punkt Wymiany Ruchu używając urządzeń Junipera, Aleksan...
PLNOG16: Jak zbudować Punkt Wymiany Ruchu używając urządzeń Junipera, Aleksan...
 
Cubro subprocessor appliance in nic format
Cubro subprocessor appliance in nic formatCubro subprocessor appliance in nic format
Cubro subprocessor appliance in nic format
 
Chapter 8 overview
Chapter 8 overviewChapter 8 overview
Chapter 8 overview
 

More from Pavel Odintsov

DDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentDDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environment
Pavel Odintsov
 
Network telemetry for DDoS detection presentation
Network telemetry for DDoS detection presentationNetwork telemetry for DDoS detection presentation
Network telemetry for DDoS detection presentation
Pavel Odintsov
 
VietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedVietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume Based
Pavel Odintsov
 
DDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP Infrastructures
Pavel Odintsov
 
Flowspec contre les attaques DDoS : l'expérience danoise
Flowspec contre les attaques DDoS : l'expérience danoiseFlowspec contre les attaques DDoS : l'expérience danoise
Flowspec contre les attaques DDoS : l'expérience danoise
Pavel Odintsov
 
Detectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOSDetectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOS
Pavel Odintsov
 
DeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSDeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPS
Pavel Odintsov
 
Lekker weer nlnog_nlnog_ddos_fl
Lekker weer nlnog_nlnog_ddos_flLekker weer nlnog_nlnog_ddos_fl
Lekker weer nlnog_nlnog_ddos_fl
Pavel Odintsov
 
Lekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routersLekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routers
Pavel Odintsov
 
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiJanog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Pavel Odintsov
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simple
Pavel Odintsov
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
Pavel Odintsov
 
Jon Nield FastNetMon
Jon Nield FastNetMonJon Nield FastNetMon
Jon Nield FastNetMon
Pavel Odintsov
 
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaDetecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
Pavel Odintsov
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_voss
Pavel Odintsov
 
SIG-NOC Tools Survey
SIG-NOC Tools SurveySIG-NOC Tools Survey
SIG-NOC Tools Survey
Pavel Odintsov
 
DDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaDDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner Maia
Pavel Odintsov
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And Mitigation
Pavel Odintsov
 
9534715
95347159534715
9534715
Pavel Odintsov
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmon
Pavel Odintsov
 

More from Pavel Odintsov (20)

DDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentDDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environment
 
Network telemetry for DDoS detection presentation
Network telemetry for DDoS detection presentationNetwork telemetry for DDoS detection presentation
Network telemetry for DDoS detection presentation
 
VietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedVietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume Based
 
DDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP Infrastructures
 
Flowspec contre les attaques DDoS : l'expérience danoise
Flowspec contre les attaques DDoS : l'expérience danoiseFlowspec contre les attaques DDoS : l'expérience danoise
Flowspec contre les attaques DDoS : l'expérience danoise
 
Detectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOSDetectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOS
 
DeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSDeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPS
 
Lekker weer nlnog_nlnog_ddos_fl
Lekker weer nlnog_nlnog_ddos_flLekker weer nlnog_nlnog_ddos_fl
Lekker weer nlnog_nlnog_ddos_fl
 
Lekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routersLekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routers
 
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiJanog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka Ishizaki
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simple
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 
Jon Nield FastNetMon
Jon Nield FastNetMonJon Nield FastNetMon
Jon Nield FastNetMon
 
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaDetecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_voss
 
SIG-NOC Tools Survey
SIG-NOC Tools SurveySIG-NOC Tools Survey
SIG-NOC Tools Survey
 
DDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaDDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner Maia
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And Mitigation
 
9534715
95347159534715
9534715
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmon
 

Recently uploaded

National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 

Recently uploaded (20)

National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 

Using MikroTik routers for BGP transit and IX points

  • 1. Using MikroTik routers for BGP transit and IX points Juan Miguel Gallardo, MikroTik Trainer and Consultant. Lisbon, on September 20, 2019.
  • 2. ENGINEERING AND PROJECTS The engine for your ideas • QUALITY. • CUSTOMER DEFENSE. • SINGULAR PROJECTS. • WHITE BRAND FOR COLABORATORS
  • 3. GLOBAL SUPPORT FOR COMMUNICATION NETWORKS •PROACTIVE SUPPORT. •MULTI BRAND SUPPORT. •CERTIFIED SUPPORT TECHNICIAMS. •TRANSPARENCY FOR INCIDENTS AND CONFIGURATIONS. The best technical support for ISP and Industries.
  • 4. MIKROTIK TRAINING COURSES •MIKROTIK CERTIFIED EXAMS. •REAL LABS. •OWN HANDBOOKS. •SCHEDULED AND ON DEMAND. •BASED ON EXPERIENCE. A singular training.
  • 5. DEDICATED IP TRANSIT FOR ISP •Direct circuits. •Virtual tunnels. •Backup sceneries. And others
  • 7. OWN NETWORKS ASN 65501 •ASN <=> OWN DOMAIN ==> 65501 (example). •eBGP <=> Border Gateway Protocol with other ASNs. •Own networks <=> 10.100.0.0/22, 10.200.0.0/22. •BGP peers: •Transit peer 1: 65510 •Transit peer 2: 65520 •DE-CIX route server 1: 48793 •Customer 1: 65530 <==> 10.200.172.0/22 We will use private ASN/IPv4 prefixes for this presentation. The shown filters are a very simply configuration for didactic purposes. In real environment, we will need a complex filter configuration to avoid network problems: Own prefixes filtering, bogons filtering, and so on.
  • 8. IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501 •Transit peers: default outgoing traffic when no other preferred. •Peering: Preferred outgoing traffic. •Lower latency. •Lower cost. How to modulate the preference for incoming routes? •LOCAL_PREF •SHORTEST AS_PATH •MED •OLDEST PATH vs YOUNGER PATH FILTERS
  • 9. IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501 •LOCAL_PREF: internal attribute assigned into our network domain. •Higher values, preferred routes. •Will propagate along our network domain (iBGP), but will not propagate for external peers (eBGP). •MED: Multi Exit Discriminator, can be learned from BGP neighboors. •Lower values are for preferred networks. •Can be propagated for eBGP peers if they don’t set their own values.
  • 10. IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501 •Local Pref: higher for neutral IX •BGP MED: lower for neutral IX •Our outgoing traffic will prefer the IX door. Why are we using communities? Transit Carrier DE-CIX neutral IX
  • 11. IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501 •We will assign communities over imported routes to ‘mark’ the routes for each provider. •It will be useful to provide transit, IX or both routes to our customers, for example. •In this case: •Transit routes will be set with: 65501:100 - 65501:109 •IX routes will be set with: 65501:110 - 65501:119 •In other cases, we can use communities for: •Geo id, router that originates the prefix… •To do more complex filters and avoid transit over our network from transit 1 to transit n. •Propagate attacked IP address to blackhole servers… Why are we using communities?
  • 12. IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501
  • 13. EXPORT ROUTES ==> INCOMING TRAFFIC ASN 65501 •Introduce de networks into the BGP world. •Network size will be used to define if we want to split the aggregate network or not. •Advantage: traffic control •Disadvantage: more routes in the world. •The final control will be made by routing filters. •Optionally, we can create blackhole routes in our routing table.
  • 14. EXPORT ROUTES ==> INCOMING TRAFFIC ASN 65501 •Attributes aggregation. •Avoid looping.
  • 15. EXPORT ROUTES ==> INCOMING TRAFFIC ASN 65501
  • 16. EXPORT ROUTES ==> INCOMING TRAFFIC TRANSIT 1 POINT OF VIEW
  • 17. EXPORT ROUTES ==> INCOMING TRAFFIC TRANSIT 2 POINT OF VIEW
  • 18. EXPORT ROUTES ==> INCOMING TRAFFIC DECIX POINT OF VIEW
  • 19. IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22 Carrier 1 Carrier 2 Carrier n OwnCustomer 1 Network
  • 20. IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22 COMMUNITIES: 65501:201—> Announce for transit. 65501:202—> Announce for IX.
  • 21. IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22
  • 22. IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22
  • 23. IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22 ??
  • 24. TRANSIT, IX AND CUSTOMERS CONNECTED IS ANYMORE FOR US?
  • 25. OTHER USEFUL USES FOR COMMUNITIES •Propagate black holing prefixes detected by DDoS detection tools. We are Fast Netmon Partners, and we can introduce this tool in your network.
  • 26. IP: 185.X.Y.Z Attack uuid: 4cce6e17-b7df-4b69-88c7-718562377d07 Attack severity: middle Attack type: udp_flood Initial attack power: 100029 packets per second Peak attack power: 100029 packets per second Attack direction: incoming Attack protocol: udp Detection source: automatic Host network: 185.X.Y.Z/22 Protocol version: IPv4 Total incoming traffic: 919 mbps Total outgoing traffic: 0 mbps Total incoming pps: 100029 packets per second Total outgoing pps: 92 packets per second Incoming udp pps: 99988 packets per second Outgoing udp pps: 0 packets per second TRAFFIC FLOW Analysis + Permanent BGP Session DDoS mitigation Fast Netmon will publish a /32 prefix + Community: 65501:666 If Attack…
  • 27. Recomended Values for incoming filters Localpref Internal 999 Customer overweight 200 Customer Default 190 Customer Underweight 180 Peering overweight 140 Peering Default 130 Peering underweight 120 Transit Default 100 Transit underweight 90 MED (metric) Internal 0 Customer prefixes 0 for default Peering prefixes 10 for best 20 for worst Transit prefixes 40 for default Up to 50 for worst Outgoing Traffic
  • 28. What about incoming traffic? • Set the metric of the sent prefixes to zero. It could be OK if the other party has not set it. • Try to set some AS prepends on the link you do not want to be used. If the other party decides on the basis of localpref, it doesn’t matter how much you enlarge the AS path. • Be in touch with the other side to try the route definition together.
  • 29. Acknowledgments Thanks to DE-CIX. They allowed us to use their name, logo and peering guides information for this presentation. https://www.de-cix.net Ms. Theresa Bobis: theresa.bobis@de-cix.net Mr. Da Costa: darwin.costa@de-cix.net
  • 30. 924 11 11 28 info@codisats.es www.codisats.es Badajoz - Spain NETWORK ENGINEERING TECHNICAL SUPPORT TRAINING INTERNET ACCESS