MUM Internet Route Filter - MikroTik .• Juniper: JNCIA-Junos About Me. 4 AS132730 The Internet

  • View
    214

  • Download
    0

Embed Size (px)

Text of MUM Internet Route Filter - MikroTik .• Juniper: JNCIA-Junos About Me. 4 AS132730...

  • 2

    AS132730

    InternetRouteFilter

    MUMCambodia

    PresentedBy:Teav SovandaraDate:24-Apr-2017

  • 3

    AS132730

    ImanNOCManageratMaxBITISP IhaveexperienceworkinginITindustryfor6years

    Certifications MikroTik:

    Trainer(TR0480) MTCNA,MTCRE,MTCTCE,MTCWE,MTCUME,MTCINE,MTCIPV6E

    Cisco: CCNA,CCNP Juniper: JNCIA-Junos

    AboutMe

  • 4

    AS132730

    TheInternetRouting

  • 5

    AS132730

    AS132730UpstreamProvider

    TheInternetRouting

  • 6

    AS132730

    TheInternetRoutingwork Internetconsistofmanycomputernetworkcombinetogether. Eachnetworkidentifybyuniqueautonomus systemnumber(Asn) ISPadvertisetheirprefixtotheglobalnetworkthroughtransitprovider. Theyalsoneedtoreceiveallglobalprefixfromtransitprovider ThereisonlyoneroutingprotocolcalledBGP(BorderGatewayProtocol)canhandletheInternetroute Letsseehttp://bgp.he.net/AS132730#_graph4

  • 7

    AS132730

    TheInternetRoutingworkThearemanyproblemhappenonglobalInternetroutingsuchas,routehijacking,routeleaking,DOSattack

    February24,2008:Pakistan'sattempttoblockYouTubeaccesswithintheircountrytakesdownYouTubeentirely.April8,2010:ChineseISPhijackstheInternet- ChinaTelecomoriginated37,000prefixesnotbelongingtothemin15minutes,causingmassiveoutageofservicesglobally.

  • 8

    AS132730

    TheInternetRoutingHowtobethebestInternetServiceProviderwithquality?Simply,youneedtofindtheshortestpathtothedestination.Butforsomereasonshortestpathisnotalwaysthebestone.Forrecommendation,InternetProvidershouldbemultihome,soyoucandotrafficengineering.

  • 9

    AS132730

    RoutefilterisinRouting>Filters WecanuseroutefilteronOSPF,BGP,RIPect Wecanchangetheattributetotherouteviaroutefilter.Ex:wesetlocalpreferencetoBGProute. Withroutefilterwecanmanagewhichprefix,weacceptwhichprefixwedont Youcanfilteringrouteintwoways,Incomingandoutgoing

    Routefilterintroduction

  • 10

    AS132730

    Routefiltermatchfromtoptobottomfollowthesequencenumber Routefilterisifandthencondition

    IfMatcher

    thendoaction

    Therearetwofiltertechniques: Permitsomedenyall Denysomepermitall

    Routefilterintroduction

  • 11

    AS132730

    Routefilterintroduction

    10.1.1.0/2410.1.2.0/2410.1.3.0/2410.1.4.0/24

    10.1.1.0/2410.1.2.0/2410.1.3.0/24

    Accept

    Deny10.1.4.0/24

    Routefiltertofilterunwantedroute.Sotheprefixthatwefilteredwillnotvisibleonroutingtable.

    R2 R1

  • 12

    AS132730

    Changeattributeontheroute

    Routefilterintroduction

  • 13

    AS132730

    Upstream/Transit

    AS132730

    Customer

    Internet

    103.224.30.0/24

    103.224.31.0/24

    OutPolicy Announceonlyownprefixandcustomerprefixtoupstreamandpeering

    InPolicy Acceptdefaultrouteonlyyouneedit Donotacceptownprefix Dontacceptprivate(rfc1918)andcertainspecialuseprefix Dontacceptprefixlongerthen/24

    RoutefilterimplementationinBGP

  • 14

    AS132730

    OutPolicy addaction=acceptchain=EBGP-OUTprefix=103.224.30.0/24 addaction=acceptchain=EBGP-OUTprefix=103.224.31.0/24 addaction=discardchain=EBGP-OUT

    InPolicy addaction=discardchain=EBGP-INprefix=103.224.30.0/24 addaction=discardchain=EBGP-INprefix=103.224.31.0/24 addaction=discardchain=EBGP-INprefix=10.0.0.0/8prefix-length=8-32 addaction=discardchain=EBGP-INprefix=172.16.0.0/12prefix-length=12-32 addaction=discardchain=EBGP-INprefix=192.168.0.0/16prefix-length=16-32 addaction=discardchain=EBGP-INprefix=0.0.0.0/0prefix-length=25-32 addaction=acceptchain=EBGP-IN

    EBGPfilterontransitlink

    RoutefilterimplementationinBGP

  • 15

    AS132730

    OutPolicy

    addaction=discardchain=EBGP-CUS-OUTprefix=103.224.31.0/24 addaction=acceptchain=EBGP-CUS-OUT

    InPolicy addaction=acceptchain=EBGP-INprefix=103.224.31.0/24 addaction=discardchain=EBGP-IN

    EBGPfilteroncustom

    erlinkRoutefilterimplementationinBGP

  • 16

    AS132730

    ContactOur ITConsulting&Support

    CompanyinformationNo.229E1,Str.182,Teuk Laak II(12157),Toul Kork,PhnomPenhByPhone24/7Support,CallUsNow!

    Mobile:Sales+(855)98495588+(855)99495588|Support+(855)17866550-1l+(855)81252518

    Email:sales@maxbit.com.kh|support@maxbit.com.khWebsite:www.maxbit.com.kh

  • 17

    AS132730

    ThanksforYourAttention