training:riso:development
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| training:riso:development [2019/07/04 21:44] – philip | training:riso:development [2019/07/04 22:06] (current) – [Workshop Development Notes] philip | ||
|---|---|---|---|
| Line 5: | Line 5: | ||
| Needs to cover the following topics. | Needs to cover the following topics. | ||
| - | Setting up IS-IS | + | === Setting up IS-IS === |
| * NSAP address plan | * NSAP address plan | ||
| * setting metrics, level-2, wide metrics | * setting metrics, level-2, wide metrics | ||
| Line 13: | Line 14: | ||
| * **Notes: | * **Notes: | ||
| * **all done in existing IS-IS Lab** | * **all done in existing IS-IS Lab** | ||
| - | | + | |
| - | Securing IS-IS (with OSPF side example) | + | |
| + | === Securing IS-IS (with OSPF side example) | ||
| * neighbour authentication | * neighbour authentication | ||
| * no IS-IS outside ASN | * no IS-IS outside ASN | ||
| Line 21: | Line 23: | ||
| * **need to add OSPF footnote example** | * **need to add OSPF footnote example** | ||
| - | Setting up BGP securely | + | === Setting up BGP securely |
| * RFC8212 - filters in and out on eBGP | * RFC8212 - filters in and out on eBGP | ||
| * passwords on eBGP and iBGP sessions | * passwords on eBGP and iBGP sessions | ||
| Line 30: | Line 32: | ||
| * **the rest all covered in BGP Best Practices slide deck** | * **the rest all covered in BGP Best Practices slide deck** | ||
| - | BGP scalability & stability features | + | === BGP scalability & stability features |
| * iBGP between loopbacks & next-hop-self | * iBGP between loopbacks & next-hop-self | ||
| * route reflector | * route reflector | ||
| Line 38: | Line 40: | ||
| * **Notes:** | * **Notes:** | ||
| * **All done in existing BGP materials & labs** | * **All done in existing BGP materials & labs** | ||
| - | + | ||
| - | BGP security features | + | === BGP security features |
| * maxas-limit | * maxas-limit | ||
| * max-prefix | * max-prefix | ||
| Line 48: | Line 50: | ||
| * **Needs a new lab “Securing BGP Lab”** | * **Needs a new lab “Securing BGP Lab”** | ||
| - | Setting up Communities for BGP scaling | + | === Setting up Communities for BGP scaling |
| * security feature -> consistent policies across the ASN | * security feature -> consistent policies across the ASN | ||
| - | Control plane security | + | === Control plane security |
| * setting up SSH on routers | * setting up SSH on routers | ||
| * protecting VTYs with access filters | * protecting VTYs with access filters | ||
| + | * **Notes:** | ||
| + | * **Needs a new lab “Control Plane Security”** | ||
| - | uRPF | + | === uRPF === |
| * show how to set up on access interfaces | * show how to set up on access interfaces | ||
| + | * **Notes:** | ||
| + | * **Needs a new lab “uRPF”** | ||
| - | RTBH | + | === RTBH === |
| * set up within an AS | * set up within an AS | ||
| * set up between ASNs | * set up between ASNs | ||
| * need to have done communities for this | * need to have done communities for this | ||
| + | * **Notes:** | ||
| + | * **Needs a new lab “Local RTBH”** | ||
| + | * **Needs a new lab “Inter-AS RTBH”** | ||
| - | BGP SEC | + | === BGP SEC === |
| * Creating ROAs (RIR dependent, but explain the process) | * Creating ROAs (RIR dependent, but explain the process) | ||
| * Installing and operating NLnet Labs Routinator | * Installing and operating NLnet Labs Routinator | ||
| Line 71: | Line 80: | ||
| * **Note: Need address space that has been validated** - APNIC offered their blocks, but longer term we should have our own. | * **Note: Need address space that has been validated** - APNIC offered their blocks, but longer term we should have our own. | ||
| * propagating validation state across iBGP | * propagating validation state across iBGP | ||
| - | * standards which vendors aren’t supporting, or DIY? | + | * **Question: |
| - | + | * **Notes:** | |
| - | Troubleshooting BGP Security Operations | + | * **Need Validator Cache lab (install Routinator on VM per group)** |
| + | * **Need RPKI lab (set up router to talk to Cache)** | ||
| + | * **Need ROV lab (propagating state, and acting on ROAs)** | ||
| + | |||
| + | === Troubleshooting BGP Security Operations | ||
| * RouteViews: for analysis, monitoring, troubleshooting | * RouteViews: for analysis, monitoring, troubleshooting | ||
| * Looking Glasses supporting ROA/ROV | * Looking Glasses supporting ROA/ROV | ||
| Line 79: | Line 92: | ||
| * HE BGP Tool: bgp.he.net | * HE BGP Tool: bgp.he.net | ||
| * RIPE NCC: bgpplay | * RIPE NCC: bgpplay | ||
| + | * **Notes:** | ||
| + | * **Use Routeviews User presentation** | ||
| + | * **Need Looking Glass lab - user experimentation only** | ||
| + | * **Need Troubleshooting Security Presentation - distil out of Troubleshooting BGP tutorial perhaps?** | ||
| - | MANRS | + | === MANRS === |
| * conclude with summary of MANRS and what it is about | * conclude with summary of MANRS and what it is about | ||
| + | * **Notes:** | ||
| + | * **Already exists as part of BGP Origin Validation presentation** | ||
| + | |||
| + | === Lab topology === | ||
| + | * **To Do:** | ||
| + | * **Add a “customer PC” to the customer router in each group** | ||
| + | * **Upgrade MacMini to 16.04 - use latest LXD code (compiled from source)** | ||
training/riso/development.1562240646.txt.gz · Last modified: 2019/07/04 21:44 by philip