mum internet route filter - mikrotik · • juniper: jncia-junos about me. 4 as132730 the internet...
TRANSCRIPT
3
AS132730
• I’manNOCManageratMaxBITISP• IhaveexperienceworkinginITindustryfor6years
• Certifications• MikroTik:
• Trainer(TR0480)• MTCNA,MTCRE,MTCTCE,MTCWE,MTCUME,MTCINE,MTCIPV6E
• Cisco: CCNA,CCNP• Juniper: JNCIA-Junos
AboutMe
6
AS132730
TheInternetRoutingwork• Internetconsistofmanycomputernetworkcombinetogether.• Eachnetworkidentifybyuniqueautonomus systemnumber(Asn)• ISPadvertisetheirprefixtotheglobalnetworkthroughtransitprovider.• Theyalsoneedtoreceiveallglobalprefixfromtransitprovider• ThereisonlyoneroutingprotocolcalledBGP(BorderGatewayProtocol)canhandletheInternetroute• Let’sseehttp://bgp.he.net/AS132730#_graph4
7
AS132730
TheInternetRoutingworkThearemanyproblemhappenonglobalInternetroutingsuchas,routehijacking,routeleaking,DOSattack
February24,2008:Pakistan'sattempttoblockYouTubeaccesswithintheircountrytakesdownYouTubeentirely.April8,2010:ChineseISPhijackstheInternet- ChinaTelecomoriginated37,000prefixesnotbelongingtothemin15minutes,causingmassiveoutageofservicesglobally.
8
AS132730
TheInternetRoutingHowtobethebestInternetServiceProviderwithquality?Simply,youneedtofindtheshortestpathtothedestination.Butforsomereasonshortestpathisnotalwaysthebestone.Forrecommendation,InternetProvidershouldbemultihome,soyoucandotrafficengineering.
9
AS132730
• RoutefilterisinRouting>Filters• WecanuseroutefilteronOSPF,BGP,RIP…ect• Wecanchangetheattributetotherouteviaroutefilter.Ex:wesetlocalpreferencetoBGProute.• Withroutefilterwecanmanagewhichprefix,weacceptwhichprefixwedon’t• Youcanfilteringrouteintwoways,Incomingandoutgoing
Routefilterintroduction
10
AS132730
• Routefiltermatchfromtoptobottomfollowthesequencenumber• Routefilterisifandthencondition
IfMatcher
thendoaction
• Therearetwofiltertechniques:• Permitsomedenyall• Denysomepermitall
Routefilterintroduction
11
AS132730
Routefilterintroduction
10.1.1.0/2410.1.2.0/2410.1.3.0/2410.1.4.0/24
10.1.1.0/2410.1.2.0/2410.1.3.0/24
Accept
Deny10.1.4.0/24
• Routefiltertofilterunwantedroute.Sotheprefixthatwefilteredwillnotvisibleonroutingtable.
R2 R1
13
AS132730
Upstream/Transit
AS132730
Customer
Internet
103.224.30.0/24
103.224.31.0/24
ØOutPolicy• Announceonlyownprefixandcustomerprefixtoupstreamandpeering
Ø InPolicy• Acceptdefaultrouteonlyyouneedit• Donotacceptownprefix• Don’tacceptprivate(rfc1918)andcertainspecialuseprefix• Don’tacceptprefixlongerthen/24
RoutefilterimplementationinBGP
14
AS132730
ØOutPolicy• addaction=acceptchain=EBGP-OUTprefix=103.224.30.0/24• addaction=acceptchain=EBGP-OUTprefix=103.224.31.0/24• addaction=discardchain=EBGP-OUT
Ø InPolicy• addaction=discardchain=EBGP-INprefix=103.224.30.0/24• addaction=discardchain=EBGP-INprefix=103.224.31.0/24• addaction=discardchain=EBGP-INprefix=10.0.0.0/8prefix-length=8-32• addaction=discardchain=EBGP-INprefix=172.16.0.0/12prefix-length=12-32• addaction=discardchain=EBGP-INprefix=192.168.0.0/16prefix-length=16-32• addaction=discardchain=EBGP-INprefix=0.0.0.0/0prefix-length=25-32• addaction=acceptchain=EBGP-IN
EBGPfilterontransitlink
RoutefilterimplementationinBGP
15
AS132730
ØOutPolicy
• addaction=discardchain=EBGP-CUS-OUTprefix=103.224.31.0/24• addaction=acceptchain=EBGP-CUS-OUT
Ø InPolicy• addaction=acceptchain=EBGP-INprefix=103.224.31.0/24• addaction=discardchain=EBGP-IN
EBGPfilteroncustom
erlinkRoutefilterimplementationinBGP
16
AS132730
ContactOur– ITConsulting&Support
CompanyinformationNo.229E1,Str.182,Teuk Laak II(12157),Toul Kork,PhnomPenhByPhone24/7Support,CallUsNow!
Mobile:Sales+(855)98495588+(855)99495588|Support+(855)17866550-1l+(855)81252518
Email:[email protected]|[email protected]:www.maxbit.com.kh