training:riso:development
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
| training:riso:development [2019/07/04 22:00] – philip | training:riso:development [2019/07/04 22:04] – philip | ||
|---|---|---|---|
| Line 15: | Line 15: | ||
| * **all done in existing IS-IS Lab** | * **all done in existing IS-IS Lab** | ||
| | | ||
| - | Securing IS-IS (with OSPF side example) | + | === Securing IS-IS (with OSPF side example) |
| * neighbour authentication | * neighbour authentication | ||
| * no IS-IS outside ASN | * no IS-IS outside ASN | ||
| Line 22: | Line 22: | ||
| * **need to add OSPF footnote example** | * **need to add OSPF footnote example** | ||
| - | Setting up BGP securely | + | === Setting up BGP securely |
| * RFC8212 - filters in and out on eBGP | * RFC8212 - filters in and out on eBGP | ||
| * passwords on eBGP and iBGP sessions | * passwords on eBGP and iBGP sessions | ||
| Line 31: | Line 31: | ||
| * **the rest all covered in BGP Best Practices slide deck** | * **the rest all covered in BGP Best Practices slide deck** | ||
| - | BGP scalability & stability features | + | === BGP scalability & stability features |
| * iBGP between loopbacks & next-hop-self | * iBGP between loopbacks & next-hop-self | ||
| * route reflector | * route reflector | ||
| Line 40: | Line 40: | ||
| * **All done in existing BGP materials & labs** | * **All done in existing BGP materials & labs** | ||
| - | BGP security features | + | === BGP security features |
| * maxas-limit | * maxas-limit | ||
| * max-prefix | * max-prefix | ||
| Line 49: | Line 49: | ||
| * **Needs a new lab “Securing BGP Lab”** | * **Needs a new lab “Securing BGP Lab”** | ||
| - | Setting up Communities for BGP scaling | + | === Setting up Communities for BGP scaling |
| * security feature -> consistent policies across the ASN | * security feature -> consistent policies across the ASN | ||
| - | Control plane security | + | === Control plane security |
| * setting up SSH on routers | * setting up SSH on routers | ||
| * protecting VTYs with access filters | * protecting VTYs with access filters | ||
| + | * **Notes:** | ||
| + | * **Needs a new lab “Control Plane Security”** | ||
| - | uRPF | + | === uRPF === |
| * show how to set up on access interfaces | * show how to set up on access interfaces | ||
| + | * **Notes:** | ||
| + | * **Needs a new lab “uRPF”** | ||
| - | RTBH | + | |
| + | === RTBH === | ||
| * set up within an AS | * set up within an AS | ||
| * set up between ASNs | * set up between ASNs | ||
| * need to have done communities for this | * need to have done communities for this | ||
| + | * **Notes:** | ||
| + | * **Needs a new lab “Local RTBH”** | ||
| + | * **Needs a new lab “Inter-AS RTBH”** | ||
| - | BGP SEC | + | === BGP SEC === |
| * Creating ROAs (RIR dependent, but explain the process) | * Creating ROAs (RIR dependent, but explain the process) | ||
| * Installing and operating NLnet Labs Routinator | * Installing and operating NLnet Labs Routinator | ||
| Line 72: | Line 80: | ||
| * **Note: Need address space that has been validated** - APNIC offered their blocks, but longer term we should have our own. | * **Note: Need address space that has been validated** - APNIC offered their blocks, but longer term we should have our own. | ||
| * propagating validation state across iBGP | * propagating validation state across iBGP | ||
| - | * standards which vendors aren’t supporting, or DIY? | + | * **Question: |
| + | * **Notes: | ||
| + | * **Need Validator Cache lab (install Routinator on VM per group)** | ||
| + | * **Need RPKI lab (set up router to talk to Cache)** | ||
| + | * **Need ROV lab (propagating state, and acting on ROAs)** | ||
| | | ||
| - | Troubleshooting BGP Security Operations | + | === Troubleshooting BGP Security Operations |
| * RouteViews: for analysis, monitoring, troubleshooting | * RouteViews: for analysis, monitoring, troubleshooting | ||
| * Looking Glasses supporting ROA/ROV | * Looking Glasses supporting ROA/ROV | ||
| Line 80: | Line 92: | ||
| * HE BGP Tool: bgp.he.net | * HE BGP Tool: bgp.he.net | ||
| * RIPE NCC: bgpplay | * RIPE NCC: bgpplay | ||
| + | * **Notes:** | ||
| + | * **Use Routeviews User presentation** | ||
| + | * **Need Looking Glass lab - user experimentation only** | ||
| + | * **Need Troubleshooting Security Presentation - distil out of Troubleshooting BGP tutorial perhaps?** | ||
| - | MANRS | + | === MANRS === |
| * conclude with summary of MANRS and what it is about | * conclude with summary of MANRS and what it is about | ||
| + | * Notes: | ||
| + | * Already exists as part of BGP Origin Validation presentation | ||
| + | |||
| + | === Lab topology === | ||
| + | * To Do: | ||
| + | * Add a “customer PC” to the customer router in each group | ||
training/riso/development.txt · Last modified: 2019/07/04 22:06 by philip