training:riso:development
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
training:riso:development [2019/07/04 21:44] – philip | training:riso:development [2019/07/04 22:05] – philip | ||
---|---|---|---|
Line 5: | Line 5: | ||
Needs to cover the following topics. | Needs to cover the following topics. | ||
- | Setting up IS-IS | + | === Setting up IS-IS === |
* NSAP address plan | * NSAP address plan | ||
* setting metrics, level-2, wide metrics | * setting metrics, level-2, wide metrics | ||
Line 13: | Line 14: | ||
* **Notes: | * **Notes: | ||
* **all done in existing IS-IS Lab** | * **all done in existing IS-IS Lab** | ||
- | | + | |
- | Securing IS-IS (with OSPF side example) | + | |
+ | === Securing IS-IS (with OSPF side example) | ||
* neighbour authentication | * neighbour authentication | ||
* no IS-IS outside ASN | * no IS-IS outside ASN | ||
Line 21: | Line 23: | ||
* **need to add OSPF footnote example** | * **need to add OSPF footnote example** | ||
- | Setting up BGP securely | + | === Setting up BGP securely |
* RFC8212 - filters in and out on eBGP | * RFC8212 - filters in and out on eBGP | ||
* passwords on eBGP and iBGP sessions | * passwords on eBGP and iBGP sessions | ||
Line 30: | Line 32: | ||
* **the rest all covered in BGP Best Practices slide deck** | * **the rest all covered in BGP Best Practices slide deck** | ||
- | BGP scalability & stability features | + | === BGP scalability & stability features |
* iBGP between loopbacks & next-hop-self | * iBGP between loopbacks & next-hop-self | ||
* route reflector | * route reflector | ||
Line 38: | Line 40: | ||
* **Notes:** | * **Notes:** | ||
* **All done in existing BGP materials & labs** | * **All done in existing BGP materials & labs** | ||
- | + | ||
- | BGP security features | + | === BGP security features |
* maxas-limit | * maxas-limit | ||
* max-prefix | * max-prefix | ||
Line 48: | Line 50: | ||
* **Needs a new lab “Securing BGP Lab”** | * **Needs a new lab “Securing BGP Lab”** | ||
- | Setting up Communities for BGP scaling | + | === Setting up Communities for BGP scaling |
* security feature -> consistent policies across the ASN | * security feature -> consistent policies across the ASN | ||
- | Control plane security | + | === Control plane security |
* setting up SSH on routers | * setting up SSH on routers | ||
* protecting VTYs with access filters | * protecting VTYs with access filters | ||
+ | * **Notes:** | ||
+ | * **Needs a new lab “Control Plane Security”** | ||
- | uRPF | + | === uRPF === |
* show how to set up on access interfaces | * show how to set up on access interfaces | ||
+ | * **Notes:** | ||
+ | * **Needs a new lab “uRPF”** | ||
- | RTBH | + | === RTBH === |
* set up within an AS | * set up within an AS | ||
* set up between ASNs | * set up between ASNs | ||
* need to have done communities for this | * need to have done communities for this | ||
+ | * **Notes:** | ||
+ | * **Needs a new lab “Local RTBH”** | ||
+ | * **Needs a new lab “Inter-AS RTBH”** | ||
- | BGP SEC | + | === BGP SEC === |
* Creating ROAs (RIR dependent, but explain the process) | * Creating ROAs (RIR dependent, but explain the process) | ||
* Installing and operating NLnet Labs Routinator | * Installing and operating NLnet Labs Routinator | ||
Line 71: | Line 80: | ||
* **Note: Need address space that has been validated** - APNIC offered their blocks, but longer term we should have our own. | * **Note: Need address space that has been validated** - APNIC offered their blocks, but longer term we should have our own. | ||
* propagating validation state across iBGP | * propagating validation state across iBGP | ||
- | * standards which vendors aren’t supporting, or DIY? | + | * **Question: |
- | + | * **Notes:** | |
- | Troubleshooting BGP Security Operations | + | * **Need Validator Cache lab (install Routinator on VM per group)** |
+ | * **Need RPKI lab (set up router to talk to Cache)** | ||
+ | * **Need ROV lab (propagating state, and acting on ROAs)** | ||
+ | |||
+ | === Troubleshooting BGP Security Operations | ||
* RouteViews: for analysis, monitoring, troubleshooting | * RouteViews: for analysis, monitoring, troubleshooting | ||
* Looking Glasses supporting ROA/ROV | * Looking Glasses supporting ROA/ROV | ||
Line 79: | Line 92: | ||
* HE BGP Tool: bgp.he.net | * HE BGP Tool: bgp.he.net | ||
* RIPE NCC: bgpplay | * RIPE NCC: bgpplay | ||
+ | * **Notes:** | ||
+ | * **Use Routeviews User presentation** | ||
+ | * **Need Looking Glass lab - user experimentation only** | ||
+ | * **Need Troubleshooting Security Presentation - distil out of Troubleshooting BGP tutorial perhaps?** | ||
- | MANRS | + | === MANRS === |
* conclude with summary of MANRS and what it is about | * conclude with summary of MANRS and what it is about | ||
+ | * Notes: | ||
+ | * Already exists as part of BGP Origin Validation presentation | ||
+ | |||
+ | === Lab topology === | ||
+ | * To Do: | ||
+ | * Add a “customer PC” to the customer router in each group | ||
training/riso/development.txt · Last modified: 2019/07/04 22:06 by philip