SlideShare a Scribd company logo

Using MikroTik routers for BGP transit and IX points

Pavel Odintsov
Pavel Odintsov

Juan Miguel Gallardo, MikroTik Trainer and Consultant. Lisbon, on September 20, 2019.

Technology
1 of 30
Download to read offline
Using MikroTik routers for BGP transit and IX points Juan Miguel Gallardo, MikroTik Trainer and Consultant. Lisbon, on September 20, 2019.
ENGINEERING AND PROJECTS The engine for your ideas • QUALITY. • CUSTOMER DEFENSE. • SINGULAR PROJECTS. • WHITE BRAND FOR COLABORATORS
GLOBAL SUPPORT FOR COMMUNICATION NETWORKS •PROACTIVE SUPPORT. •MULTI BRAND SUPPORT. •CERTIFIED SUPPORT TECHNICIAMS. •TRANSPARENCY FOR INCIDENTS AND CONFIGURATIONS. The best technical support for ISP and Industries.
MIKROTIK TRAINING COURSES •MIKROTIK CERTIFIED EXAMS. •REAL LABS. •OWN HANDBOOKS. •SCHEDULED AND ON DEMAND. •BASED ON EXPERIENCE. A singular training.
DEDICATED IP TRANSIT FOR ISP •Direct circuits. •Virtual tunnels. •Backup sceneries. And others
Carrier 1 Carrier 2 Carrier n OwnCustomer Network Full Transit IX Prefixes Default route TRANSIT AND IX NETWORK How do we do it?
OWN NETWORKS ASN 65501 •ASN <=> OWN DOMAIN ==> 65501 (example). •eBGP <=> Border Gateway Protocol with other ASNs. •Own networks <=> 10.100.0.0/22, 10.200.0.0/22. •BGP peers: •Transit peer 1: 65510 •Transit peer 2: 65520 •DE-CIX route server 1: 48793 •Customer 1: 65530 <==> 10.200.172.0/22 We will use private ASN/IPv4 prefixes for this presentation. The shown filters are a very simply configuration for didactic purposes. In real environment, we will need a complex filter configuration to avoid network problems: Own prefixes filtering, bogons filtering, and so on.
IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501 •Transit peers: default outgoing traffic when no other preferred. •Peering: Preferred outgoing traffic. •Lower latency. •Lower cost. How to modulate the preference for incoming routes? •LOCAL_PREF •SHORTEST AS_PATH •MED •OLDEST PATH vs YOUNGER PATH FILTERS
IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501 •LOCAL_PREF: internal attribute assigned into our network domain. •Higher values, preferred routes. •Will propagate along our network domain (iBGP), but will not propagate for external peers (eBGP). •MED: Multi Exit Discriminator, can be learned from BGP neighboors. •Lower values are for preferred networks. •Can be propagated for eBGP peers if they don’t set their own values.
IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501 •Local Pref: higher for neutral IX •BGP MED: lower for neutral IX •Our outgoing traffic will prefer the IX door. Why are we using communities? Transit Carrier DE-CIX neutral IX
IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501 •We will assign communities over imported routes to ‘mark’ the routes for each provider. •It will be useful to provide transit, IX or both routes to our customers, for example. •In this case: •Transit routes will be set with: 65501:100 - 65501:109 •IX routes will be set with: 65501:110 - 65501:119 •In other cases, we can use communities for: •Geo id, router that originates the prefix… •To do more complex filters and avoid transit over our network from transit 1 to transit n. •Propagate attacked IP address to blackhole servers… Why are we using communities?
IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501
EXPORT ROUTES ==> INCOMING TRAFFIC ASN 65501 •Introduce de networks into the BGP world. •Network size will be used to define if we want to split the aggregate network or not. •Advantage: traffic control •Disadvantage: more routes in the world. •The final control will be made by routing filters. •Optionally, we can create blackhole routes in our routing table.
EXPORT ROUTES ==> INCOMING TRAFFIC ASN 65501 •Attributes aggregation. •Avoid looping.
EXPORT ROUTES ==> INCOMING TRAFFIC ASN 65501
EXPORT ROUTES ==> INCOMING TRAFFIC TRANSIT 1 POINT OF VIEW
EXPORT ROUTES ==> INCOMING TRAFFIC TRANSIT 2 POINT OF VIEW
EXPORT ROUTES ==> INCOMING TRAFFIC DECIX POINT OF VIEW
IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22 Carrier 1 Carrier 2 Carrier n OwnCustomer 1 Network
IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22 COMMUNITIES: 65501:201—> Announce for transit. 65501:202—> Announce for IX.
IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22
IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22
IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22 ??
TRANSIT, IX AND CUSTOMERS CONNECTED IS ANYMORE FOR US?
OTHER USEFUL USES FOR COMMUNITIES •Propagate black holing prefixes detected by DDoS detection tools. We are Fast Netmon Partners, and we can introduce this tool in your network.
IP: 185.X.Y.Z Attack uuid: 4cce6e17-b7df-4b69-88c7-718562377d07 Attack severity: middle Attack type: udp_flood Initial attack power: 100029 packets per second Peak attack power: 100029 packets per second Attack direction: incoming Attack protocol: udp Detection source: automatic Host network: 185.X.Y.Z/22 Protocol version: IPv4 Total incoming traffic: 919 mbps Total outgoing traffic: 0 mbps Total incoming pps: 100029 packets per second Total outgoing pps: 92 packets per second Incoming udp pps: 99988 packets per second Outgoing udp pps: 0 packets per second TRAFFIC FLOW Analysis + Permanent BGP Session DDoS mitigation Fast Netmon will publish a /32 prefix + Community: 65501:666 If Attack…
Recomended Values for incoming filters Localpref Internal 999 Customer overweight 200 Customer Default 190 Customer Underweight 180 Peering overweight 140 Peering Default 130 Peering underweight 120 Transit Default 100 Transit underweight 90 MED (metric) Internal 0 Customer prefixes 0 for default Peering prefixes 10 for best 20 for worst Transit prefixes 40 for default Up to 50 for worst Outgoing Traffic
What about incoming traffic? • Set the metric of the sent prefixes to zero. It could be OK if the other party has not set it. • Try to set some AS prepends on the link you do not want to be used. If the other party decides on the basis of localpref, it doesn’t matter how much you enlarge the AS path. • Be in touch with the other side to try the route definition together.
Acknowledgments Thanks to DE-CIX. They allowed us to use their name, logo and peering guides information for this presentation. https://www.de-cix.net Ms. Theresa Bobis: theresa.bobis@de-cix.net Mr. Da Costa: darwin.costa@de-cix.net
924 11 11 28 info@codisats.es www.codisats.es Badajoz - Spain NETWORK ENGINEERING TECHNICAL SUPPORT TRAINING INTERNET ACCESS

Recommended

Large BGP Communities
Large BGP CommunitiesLarge BGP Communities
Large BGP CommunitiesAPNIC
 
BGP filtering - Zagreb 2013
BGP filtering - Zagreb 2013 BGP filtering - Zagreb 2013
BGP filtering - Zagreb 2013 Wardner Maia
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotikAchmad Mardiansyah
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Cisco Canada
 
OSPF Basics
OSPF BasicsOSPF Basics
OSPF BasicsMartin Bratina
 
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USASegment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USAJose Liste
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab Cisco Canada
 
Ospf area types
Ospf area typesOspf area types
Ospf area typesRoger Perkin
 

Recommended

Large BGP Communities
Large BGP CommunitiesLarge BGP Communities
Large BGP CommunitiesAPNIC
 
BGP filtering - Zagreb 2013
BGP filtering - Zagreb 2013 BGP filtering - Zagreb 2013
BGP filtering - Zagreb 2013 Wardner Maia
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotikAchmad Mardiansyah
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Cisco Canada
 
OSPF Basics
OSPF BasicsOSPF Basics
OSPF BasicsMartin Bratina
 
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USASegment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USAJose Liste
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab Cisco Canada
 
Ospf area types
Ospf area typesOspf area types
Ospf area typesRoger Perkin
 
BGP Techniques for Network Operators
BGP Techniques for Network OperatorsBGP Techniques for Network Operators
BGP Techniques for Network OperatorsAPNIC
 
Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotikAchmad Mardiansyah
 
BGP filter with mikrotik
BGP filter with mikrotikBGP filter with mikrotik
BGP filter with mikrotikAchmad Mardiansyah
 
MPLS on Router OS V7 - Part 1
MPLS on Router OS V7 - Part 1MPLS on Router OS V7 - Part 1
MPLS on Router OS V7 - Part 1GLC Networks
 
GoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdGoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdPavel Odintsov
 
Segment Routing: Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business ModelsSegment Routing: Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business ModelsCisco Service Provider
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
 
Segment Routing: A Tutorial
Segment Routing: A TutorialSegment Routing: A Tutorial
Segment Routing: A TutorialAPNIC
 
OSPF On Router OS7
OSPF On Router OS7OSPF On Router OS7
OSPF On Router OS7GLC Networks
 
Segment Routing
Segment RoutingSegment Routing
Segment RoutingAPNIC
 
MENOG-Segment Routing Introduction
MENOG-Segment Routing IntroductionMENOG-Segment Routing Introduction
MENOG-Segment Routing IntroductionRasoul Mesghali, CCIE RS
 
Segment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use CasesSegment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use CasesCisco Canada
 
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMANMUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMANGLC Networks
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming TechniquesAPNIC
 
Using BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsUsing BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsRowell Dionicio
 
BGP vs OSPF on Mikrotik
BGP vs OSPF on MikrotikBGP vs OSPF on Mikrotik
BGP vs OSPF on MikrotikGLC Networks
 
ISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPGLC Networks
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 
Using mikrotik with radius
Using mikrotik with radiusUsing mikrotik with radius
Using mikrotik with radiusAchmad Mardiansyah
 
BGP Graceful Shutdown - IOS XR
BGP Graceful Shutdown - IOS XR BGP Graceful Shutdown - IOS XR
BGP Graceful Shutdown - IOS XR Bertrand Duvivier
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 

More Related Content

What's hot

BGP Techniques for Network Operators
BGP Techniques for Network OperatorsBGP Techniques for Network Operators
BGP Techniques for Network OperatorsAPNIC
 
Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotikAchmad Mardiansyah
 
MPLS on Router OS V7 - Part 1
MPLS on Router OS V7 - Part 1MPLS on Router OS V7 - Part 1
MPLS on Router OS V7 - Part 1GLC Networks
 
GoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdGoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdPavel Odintsov
 
Segment Routing: Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business ModelsSegment Routing: Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business ModelsCisco Service Provider
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
 
Segment Routing: A Tutorial
Segment Routing: A TutorialSegment Routing: A Tutorial
Segment Routing: A TutorialAPNIC
 
OSPF On Router OS7
OSPF On Router OS7OSPF On Router OS7
OSPF On Router OS7GLC Networks
 
Segment Routing
Segment RoutingSegment Routing
Segment RoutingAPNIC
 
Segment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use CasesSegment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use CasesCisco Canada
 
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMANMUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMANGLC Networks
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming TechniquesAPNIC
 
Using BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsUsing BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsRowell Dionicio
 
BGP vs OSPF on Mikrotik
BGP vs OSPF on MikrotikBGP vs OSPF on Mikrotik
BGP vs OSPF on MikrotikGLC Networks
 
ISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPGLC Networks
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 
BGP Graceful Shutdown - IOS XR
BGP Graceful Shutdown - IOS XR BGP Graceful Shutdown - IOS XR
BGP Graceful Shutdown - IOS XR Bertrand Duvivier
 

What's hot (20)

BGP Techniques for Network Operators
BGP Techniques for Network OperatorsBGP Techniques for Network Operators
BGP Techniques for Network Operators
 
Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotik
 
BGP filter with mikrotik
BGP filter with mikrotikBGP filter with mikrotik
BGP filter with mikrotik
 
MPLS on Router OS V7 - Part 1
MPLS on Router OS V7 - Part 1MPLS on Router OS V7 - Part 1
MPLS on Router OS V7 - Part 1
 
GoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdGoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPd
 
Segment Routing: Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business ModelsSegment Routing: Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business Models
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
 
Segment Routing: A Tutorial
Segment Routing: A TutorialSegment Routing: A Tutorial
Segment Routing: A Tutorial
 
OSPF On Router OS7
OSPF On Router OS7OSPF On Router OS7
OSPF On Router OS7
 
Segment Routing
Segment RoutingSegment Routing
Segment Routing
 
MENOG-Segment Routing Introduction
MENOG-Segment Routing IntroductionMENOG-Segment Routing Introduction
MENOG-Segment Routing Introduction
 
Segment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use CasesSegment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use Cases
 
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMANMUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming Techniques
 
Using BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsUsing BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet Connections
 
BGP vs OSPF on Mikrotik
BGP vs OSPF on MikrotikBGP vs OSPF on Mikrotik
BGP vs OSPF on Mikrotik
 
ISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMP
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigation
 
Using mikrotik with radius
Using mikrotik with radiusUsing mikrotik with radius
Using mikrotik with radius
 
BGP Graceful Shutdown - IOS XR
BGP Graceful Shutdown - IOS XR BGP Graceful Shutdown - IOS XR
BGP Graceful Shutdown - IOS XR
 

Similar to Using MikroTik routers for BGP transit and IX points

DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...Muhammad Moinur Rahman
 
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...APNIC
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolPavel Odintsov
 
Хакеры хотят ваш банк больше, чем ваших клиентов
Хакеры хотят ваш банк больше, чем ваших клиентовХакеры хотят ваш банк больше, чем ваших клиентов
Хакеры хотят ваш банк больше, чем ваших клиентовPositive Hack Days
 
[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and ITSite24x7
 
DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and moreInternet Society
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Jiunn-Jer Sun
 
Vsat day-2008-idirect
Vsat day-2008-idirectVsat day-2008-idirect
Vsat day-2008-idirectSSPI Brasil
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasuresdkaya
 
Selective blackholing - how to use & implement
Selective blackholing - how to use & implementSelective blackholing - how to use & implement
Selective blackholing - how to use & implementAPNIC
 
DDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet FilteringDDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet FilteringQrator Labs
 
Interoute VDC: Education from the cloud
Interoute VDC: Education from the cloudInteroute VDC: Education from the cloud
Interoute VDC: Education from the cloudjon_graham1977
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationJerod Brennen
 
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPROIDEA
 
PLNOG16: Jak zbudować Punkt Wymiany Ruchu używając urządzeń Junipera, Aleksan...
PLNOG16: Jak zbudować Punkt Wymiany Ruchu używając urządzeń Junipera, Aleksan...PLNOG16: Jak zbudować Punkt Wymiany Ruchu używając urządzeń Junipera, Aleksan...
PLNOG16: Jak zbudować Punkt Wymiany Ruchu używając urządzeń Junipera, Aleksan...PROIDEA
 
Cubro subprocessor appliance in nic format
Cubro subprocessor appliance in nic formatCubro subprocessor appliance in nic format
Cubro subprocessor appliance in nic formatChristian Ferenz
 

Similar to Using MikroTik routers for BGP transit and IX points (20)

DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
 
Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...Practical Implementation of Large BGP communities with Geotags and Traffic En...
Practical Implementation of Large BGP communities with Geotags and Traffic En...
 
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection tool
 
Хакеры хотят ваш банк больше, чем ваших клиентов
Хакеры хотят ваш банк больше, чем ваших клиентовХакеры хотят ваш банк больше, чем ваших клиентов
Хакеры хотят ваш банк больше, чем ваших клиентов
 
[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT
 
DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and more
 
Publishing Microservices Applications
Publishing Microservices ApplicationsPublishing Microservices Applications
Publishing Microservices Applications
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and Techniques
 
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
 
Vsat day-2008-idirect
Vsat day-2008-idirectVsat day-2008-idirect
Vsat day-2008-idirect
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasures
 
Selective blackholing - how to use & implement
Selective blackholing - how to use & implementSelective blackholing - how to use & implement
Selective blackholing - how to use & implement
 
DDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet FilteringDDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet Filtering
 
Interoute VDC: Education from the cloud
Interoute VDC: Education from the cloudInteroute VDC: Education from the cloud
Interoute VDC: Education from the cloud
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and Mitigation
 
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
 
PLNOG16: Jak zbudować Punkt Wymiany Ruchu używając urządzeń Junipera, Aleksan...
PLNOG16: Jak zbudować Punkt Wymiany Ruchu używając urządzeń Junipera, Aleksan...PLNOG16: Jak zbudować Punkt Wymiany Ruchu używając urządzeń Junipera, Aleksan...
PLNOG16: Jak zbudować Punkt Wymiany Ruchu używając urządzeń Junipera, Aleksan...
 
Cubro subprocessor appliance in nic format
Cubro subprocessor appliance in nic formatCubro subprocessor appliance in nic format
Cubro subprocessor appliance in nic format
 

More from Pavel Odintsov

DDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentDDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentPavel Odintsov
 
Network telemetry for DDoS detection presentation
Network telemetry for DDoS detection presentationNetwork telemetry for DDoS detection presentation
Network telemetry for DDoS detection presentationPavel Odintsov
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsPavel Odintsov
 
VietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedVietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedPavel Odintsov
 
DDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresPavel Odintsov
 
Flowspec contre les attaques DDoS : l'expérience danoise
Flowspec contre les attaques DDoS : l'expérience danoiseFlowspec contre les attaques DDoS : l'expérience danoise
Flowspec contre les attaques DDoS : l'expérience danoisePavel Odintsov
 
Detectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOSDetectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOSPavel Odintsov
 
DeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSDeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSPavel Odintsov
 
Lekker weer nlnog_nlnog_ddos_fl
Lekker weer nlnog_nlnog_ddos_flLekker weer nlnog_nlnog_ddos_fl
Lekker weer nlnog_nlnog_ddos_flPavel Odintsov
 
Lekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routersLekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routersPavel Odintsov
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiJanog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiPavel Odintsov
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaDetecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaPavel Odintsov
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossPavel Odintsov
 
DDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaDDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaPavel Odintsov
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationPavel Odintsov
 

More from Pavel Odintsov (20)

DDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentDDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environment
 
Network telemetry for DDoS detection presentation
Network telemetry for DDoS detection presentationNetwork telemetry for DDoS detection presentation
Network telemetry for DDoS detection presentation
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developments
 
VietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedVietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume Based
 
DDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP Infrastructures
 
Flowspec contre les attaques DDoS : l'expérience danoise
Flowspec contre les attaques DDoS : l'expérience danoiseFlowspec contre les attaques DDoS : l'expérience danoise
Flowspec contre les attaques DDoS : l'expérience danoise
 
Detectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOSDetectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOS
 
DeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSDeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPS
 
Lekker weer nlnog_nlnog_ddos_fl
Lekker weer nlnog_nlnog_ddos_flLekker weer nlnog_nlnog_ddos_fl
Lekker weer nlnog_nlnog_ddos_fl
 
Lekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routersLekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routers
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit network
 
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiJanog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka Ishizaki
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simple
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 
Jon Nield FastNetMon
Jon Nield FastNetMonJon Nield FastNetMon
Jon Nield FastNetMon
 
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaDetecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_voss
 
SIG-NOC Tools Survey
SIG-NOC Tools SurveySIG-NOC Tools Survey
SIG-NOC Tools Survey
 
DDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaDDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner Maia
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And Mitigation
 

Recently uploaded

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Using MikroTik routers for BGP transit and IX points

  • 1. Using MikroTik routers for BGP transit and IX points Juan Miguel Gallardo, MikroTik Trainer and Consultant. Lisbon, on September 20, 2019.
  • 2. ENGINEERING AND PROJECTS The engine for your ideas • QUALITY. • CUSTOMER DEFENSE. • SINGULAR PROJECTS. • WHITE BRAND FOR COLABORATORS
  • 3. GLOBAL SUPPORT FOR COMMUNICATION NETWORKS •PROACTIVE SUPPORT. •MULTI BRAND SUPPORT. •CERTIFIED SUPPORT TECHNICIAMS. •TRANSPARENCY FOR INCIDENTS AND CONFIGURATIONS. The best technical support for ISP and Industries.
  • 4. MIKROTIK TRAINING COURSES •MIKROTIK CERTIFIED EXAMS. •REAL LABS. •OWN HANDBOOKS. •SCHEDULED AND ON DEMAND. •BASED ON EXPERIENCE. A singular training.
  • 5. DEDICATED IP TRANSIT FOR ISP •Direct circuits. •Virtual tunnels. •Backup sceneries. And others
  • 7. OWN NETWORKS ASN 65501 •ASN <=> OWN DOMAIN ==> 65501 (example). •eBGP <=> Border Gateway Protocol with other ASNs. •Own networks <=> 10.100.0.0/22, 10.200.0.0/22. •BGP peers: •Transit peer 1: 65510 •Transit peer 2: 65520 •DE-CIX route server 1: 48793 •Customer 1: 65530 <==> 10.200.172.0/22 We will use private ASN/IPv4 prefixes for this presentation. The shown filters are a very simply configuration for didactic purposes. In real environment, we will need a complex filter configuration to avoid network problems: Own prefixes filtering, bogons filtering, and so on.
  • 8. IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501 •Transit peers: default outgoing traffic when no other preferred. •Peering: Preferred outgoing traffic. •Lower latency. •Lower cost. How to modulate the preference for incoming routes? •LOCAL_PREF •SHORTEST AS_PATH •MED •OLDEST PATH vs YOUNGER PATH FILTERS
  • 9. IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501 •LOCAL_PREF: internal attribute assigned into our network domain. •Higher values, preferred routes. •Will propagate along our network domain (iBGP), but will not propagate for external peers (eBGP). •MED: Multi Exit Discriminator, can be learned from BGP neighboors. •Lower values are for preferred networks. •Can be propagated for eBGP peers if they don’t set their own values.
  • 10. IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501 •Local Pref: higher for neutral IX •BGP MED: lower for neutral IX •Our outgoing traffic will prefer the IX door. Why are we using communities? Transit Carrier DE-CIX neutral IX
  • 11. IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501 •We will assign communities over imported routes to ‘mark’ the routes for each provider. •It will be useful to provide transit, IX or both routes to our customers, for example. •In this case: •Transit routes will be set with: 65501:100 - 65501:109 •IX routes will be set with: 65501:110 - 65501:119 •In other cases, we can use communities for: •Geo id, router that originates the prefix… •To do more complex filters and avoid transit over our network from transit 1 to transit n. •Propagate attacked IP address to blackhole servers… Why are we using communities?
  • 12. IMPORT ROUTES ==> OUTGOING TRAFFIC ASN 65501
  • 13. EXPORT ROUTES ==> INCOMING TRAFFIC ASN 65501 •Introduce de networks into the BGP world. •Network size will be used to define if we want to split the aggregate network or not. •Advantage: traffic control •Disadvantage: more routes in the world. •The final control will be made by routing filters. •Optionally, we can create blackhole routes in our routing table.
  • 14. EXPORT ROUTES ==> INCOMING TRAFFIC ASN 65501 •Attributes aggregation. •Avoid looping.
  • 15. EXPORT ROUTES ==> INCOMING TRAFFIC ASN 65501
  • 16. EXPORT ROUTES ==> INCOMING TRAFFIC TRANSIT 1 POINT OF VIEW
  • 17. EXPORT ROUTES ==> INCOMING TRAFFIC TRANSIT 2 POINT OF VIEW
  • 18. EXPORT ROUTES ==> INCOMING TRAFFIC DECIX POINT OF VIEW
  • 19. IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22 Carrier 1 Carrier 2 Carrier n OwnCustomer 1 Network
  • 20. IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22 COMMUNITIES: 65501:201—> Announce for transit. 65501:202—> Announce for IX.
  • 21. IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22
  • 22. IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22
  • 23. IMPORT // EXPORT CUSTOMER ROUTES ASN 65530 PREFIX: 10.200.172.0/22 ??
  • 24. TRANSIT, IX AND CUSTOMERS CONNECTED IS ANYMORE FOR US?
  • 25. OTHER USEFUL USES FOR COMMUNITIES •Propagate black holing prefixes detected by DDoS detection tools. We are Fast Netmon Partners, and we can introduce this tool in your network.
  • 26. IP: 185.X.Y.Z Attack uuid: 4cce6e17-b7df-4b69-88c7-718562377d07 Attack severity: middle Attack type: udp_flood Initial attack power: 100029 packets per second Peak attack power: 100029 packets per second Attack direction: incoming Attack protocol: udp Detection source: automatic Host network: 185.X.Y.Z/22 Protocol version: IPv4 Total incoming traffic: 919 mbps Total outgoing traffic: 0 mbps Total incoming pps: 100029 packets per second Total outgoing pps: 92 packets per second Incoming udp pps: 99988 packets per second Outgoing udp pps: 0 packets per second TRAFFIC FLOW Analysis + Permanent BGP Session DDoS mitigation Fast Netmon will publish a /32 prefix + Community: 65501:666 If Attack…
  • 27. Recomended Values for incoming filters Localpref Internal 999 Customer overweight 200 Customer Default 190 Customer Underweight 180 Peering overweight 140 Peering Default 130 Peering underweight 120 Transit Default 100 Transit underweight 90 MED (metric) Internal 0 Customer prefixes 0 for default Peering prefixes 10 for best 20 for worst Transit prefixes 40 for default Up to 50 for worst Outgoing Traffic
  • 28. What about incoming traffic? • Set the metric of the sent prefixes to zero. It could be OK if the other party has not set it. • Try to set some AS prepends on the link you do not want to be used. If the other party decides on the basis of localpref, it doesn’t matter how much you enlarge the AS path. • Be in touch with the other side to try the route definition together.
  • 29. Acknowledgments Thanks to DE-CIX. They allowed us to use their name, logo and peering guides information for this presentation. https://www.de-cix.net Ms. Theresa Bobis: theresa.bobis@de-cix.net Mr. Da Costa: darwin.costa@de-cix.net
  • 30. 924 11 11 28 info@codisats.es www.codisats.es Badajoz - Spain NETWORK ENGINEERING TECHNICAL SUPPORT TRAINING INTERNET ACCESS