2

AS132730

InternetRouteFilter

MUMCambodia

PresentedBy:Teav SovandaraDate:24-Apr-2017

3

AS132730

• I’manNOCManageratMaxBITISP• IhaveexperienceworkinginITindustryfor6years

• Certifications• MikroTik:

• Trainer(TR0480)• MTCNA,MTCRE,MTCTCE,MTCWE,MTCUME,MTCINE,MTCIPV6E

• Cisco: CCNA,CCNP• Juniper: JNCIA-Junos

AboutMe

4

AS132730

TheInternetRouting

5

AS132730

AS132730UpstreamProvider

TheInternetRouting

6

AS132730

TheInternetRoutingwork• Internetconsistofmanycomputernetworkcombinetogether.• Eachnetworkidentifybyuniqueautonomus systemnumber(Asn)• ISPadvertisetheirprefixtotheglobalnetworkthroughtransitprovider.• Theyalsoneedtoreceiveallglobalprefixfromtransitprovider• ThereisonlyoneroutingprotocolcalledBGP(BorderGatewayProtocol)canhandletheInternetroute• Let’sseehttp://bgp.he.net/AS132730#_graph4

7

AS132730

TheInternetRoutingworkThearemanyproblemhappenonglobalInternetroutingsuchas,routehijacking,routeleaking,DOSattack

February24,2008:Pakistan'sattempttoblockYouTubeaccesswithintheircountrytakesdownYouTubeentirely.April8,2010:ChineseISPhijackstheInternet- ChinaTelecomoriginated37,000prefixesnotbelongingtothemin15minutes,causingmassiveoutageofservicesglobally.

8

AS132730

TheInternetRoutingHowtobethebestInternetServiceProviderwithquality?Simply,youneedtofindtheshortestpathtothedestination.Butforsomereasonshortestpathisnotalwaysthebestone.Forrecommendation,InternetProvidershouldbemultihome,soyoucandotrafficengineering.

9

AS132730

• RoutefilterisinRouting>Filters• WecanuseroutefilteronOSPF,BGP,RIP…ect• Wecanchangetheattributetotherouteviaroutefilter.Ex:wesetlocalpreferencetoBGProute.• Withroutefilterwecanmanagewhichprefix,weacceptwhichprefixwedon’t• Youcanfilteringrouteintwoways,Incomingandoutgoing

Routefilterintroduction

10

AS132730

• Routefiltermatchfromtoptobottomfollowthesequencenumber• Routefilterisifandthencondition

IfMatcher

thendoaction

• Therearetwofiltertechniques:• Permitsomedenyall• Denysomepermitall

Routefilterintroduction

11

AS132730

Routefilterintroduction

10.1.1.0/2410.1.2.0/2410.1.3.0/2410.1.4.0/24

10.1.1.0/2410.1.2.0/2410.1.3.0/24

Accept

Deny10.1.4.0/24

• Routefiltertofilterunwantedroute.Sotheprefixthatwefilteredwillnotvisibleonroutingtable.

R2 R1

12

AS132730

Changeattributeontheroute

Routefilterintroduction

13

AS132730

Upstream/Transit

AS132730

Customer

Internet

103.224.30.0/24

103.224.31.0/24

ØOutPolicy• Announceonlyownprefixandcustomerprefixtoupstreamandpeering

Ø InPolicy• Acceptdefaultrouteonlyyouneedit• Donotacceptownprefix• Don’tacceptprivate(rfc1918)andcertainspecialuseprefix• Don’tacceptprefixlongerthen/24

RoutefilterimplementationinBGP

14

AS132730

ØOutPolicy• addaction=acceptchain=EBGP-OUTprefix=103.224.30.0/24• addaction=acceptchain=EBGP-OUTprefix=103.224.31.0/24• addaction=discardchain=EBGP-OUT

Ø InPolicy• addaction=discardchain=EBGP-INprefix=103.224.30.0/24• addaction=discardchain=EBGP-INprefix=103.224.31.0/24• addaction=discardchain=EBGP-INprefix=10.0.0.0/8prefix-length=8-32• addaction=discardchain=EBGP-INprefix=172.16.0.0/12prefix-length=12-32• addaction=discardchain=EBGP-INprefix=192.168.0.0/16prefix-length=16-32• addaction=discardchain=EBGP-INprefix=0.0.0.0/0prefix-length=25-32• addaction=acceptchain=EBGP-IN

EBGPfilterontransitlink

RoutefilterimplementationinBGP

15

AS132730

ØOutPolicy

• addaction=discardchain=EBGP-CUS-OUTprefix=103.224.31.0/24• addaction=acceptchain=EBGP-CUS-OUT

Ø InPolicy• addaction=acceptchain=EBGP-INprefix=103.224.31.0/24• addaction=discardchain=EBGP-IN

EBGPfilteroncustom

erlinkRoutefilterimplementationinBGP

16

AS132730

ContactOur– ITConsulting&Support

CompanyinformationNo.229E1,Str.182,Teuk Laak II(12157),Toul Kork,PhnomPenhByPhone24/7Support,CallUsNow!

Mobile:Sales+(855)98495588+(855)99495588|Support+(855)17866550-1l+(855)81252518

Email:sales@maxbit.com.kh|support@maxbit.com.khWebsite:www.maxbit.com.kh

17

AS132730

ThanksforYourAttention