SlideShare una empresa de Scribd logo
1 de 25
Descargar para leer sin conexión
COMMERCIAL–IN-CO NFI DENCECOMMERCIAL–IN-CO NFI DENCE
SEACOM’s Experience
Deploying RPKI
COMMERCIAL–IN-CO NFI DENCE
RPKI
• Resource Public Key Infrastructure.
• Certify IP resources.
• Validate route origination.
• Phase 2 is to validate path.
• Let’s talk about the steps (AFRINIC region).
COMMERCIAL–IN-CO NFI DENCE
Create BPKI
COMMERCIAL–IN-CO NFI DENCE
AuthorizedBPKI Profiles
COMMERCIAL–IN-CO NFI DENCE
Resource Certification
COMMERCIAL–IN-CO NFI DENCE
Create ROA’s
COMMERCIAL–IN-CO NFI DENCE
View CreatedROA’s
COMMERCIAL–IN-CO NFI DENCE
Download& Install RPKI Project (… was our choice)
http://rpki.net/wiki/doc/RPKI/Installation
COMMERCIAL–IN-CO NFI DENCE
Router Setup – IOS & IOS XE
router bgp ASN
bgp rpki server tcp 2001:DB8::1 port 43779 refresh 300
bgp rpki server tcp 2001:DB8::2 port 43779 refresh 300
bgp rpki server tcp 192.0.2.1 port 43779 refresh 300
bgp rpki server tcp 192.0.2.2 port 43779 refresh 300
COMMERCIAL–IN-CO NFI DENCE
Router Setup – IOS XR
router bgp ASN
rpki server 192.0.2.1
transport tcp port 43779
refresh-time 300
!
rpki server 192.0.2.2
transport tcp port 43779
refresh-time 300
!
rpki server 2001:db8::1
transport tcp port 43779
refresh-time 300
!
rpki server 2001:db8::2
transport tcp port 43779
refresh-time 300
!
COMMERCIAL–IN-CO NFI DENCE
Router Setup – Junos
tinka@lab# show routing-options validation
group rpki-validation-caches {
session 192.0.2.1 {
refresh-time 300;
port 43779;
local-address 192.0.2.254;
}
session 192.0.2.2 {
refresh-time 300;
port 43779;
local-address 192.0.2.254;
}
}
group rpki-validation-caches6 {
session 2001:db8::1 {
refresh-time 300;
port 43779;
local-address 2001:db8::254;
}
session 2001:db8::2 {
refresh-time 300;
port 43779;
local-address 2001:db8::254;
}
}
{master}[edit]
tinka@lab#
COMMERCIAL–IN-CO NFI DENCE
Verifying(… IOS & IOS XE example)
lg-01-jnb.za>sh ip bgp 105.16.0.0
BGP routing table entry for 105.16.0.0/12, version 70256714
Paths: (2 available, best #2, table default)
Not advertised to any peer
Refresh Epoch 1
37100
105.22.32.1 from 105.22.32.1 (105.16.0.163)
Origin IGP, metric 0, localpref 100, valid, external
Community: 37100:1000
path 0F87C714 RPKI State valid
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
37100
105.22.40.1 from 105.22.40.1 (105.16.0.162)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: 37100:1000
path 1B430634 RPKI State valid
rx pathid: 0, tx pathid: 0x0
lg-01-jnb.za>
COMMERCIAL–IN-CO NFI DENCE
Verifying(… IOS & IOS XE example)
lg-01-jnb.za>sh bgp ipv6 unicast 2c0f:feb0::/32
BGP routing table entry for 2C0F:FEB0::/32, version 19272326
Paths: (2 available, best #2, table default)
Not advertised to any peer
Refresh Epoch 1
37100
2C0F:FEB0:B:2::1 (FE80::86B5:9C00:15FC:2400) from 2C0F:FEB0:B:2::1 (105.16.0.163)
Origin IGP, metric 0, localpref 100, valid, external
Community: 37100:1000
path 2BEDB1FC RPKI State valid
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
37100
2C0F:FEB0:B:3::1 (FE80::86B5:9C00:15F5:7C00) from 2C0F:FEB0:B:3::1 (105.16.0.162)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: 37100:1000
path 2A2AC60C RPKI State valid
rx pathid: 0, tx pathid: 0x0
lg-01-jnb.za>
COMMERCIAL–IN-CO NFI DENCE
Verifying(… IOS & IOS XE example)
lg-01-jnb.za#sh ip bgp rpki table
14946 BGP sovc network entries using 1315248 bytes of memory
15543 BGP sovc record entries using 310860 bytes of memory
Network Maxlen Origin-AS Source Neighbor
2.0.0.0/16 16 3215 0 105.16.160.2/43779
2.0.0.0/16 16 3215 0 2C0F:FEB0:B:1::2/43779
2.0.0.0/16 16 3215 0 2C0F:FEB0:2:1::2/43779
2.0.0.0/16 16 3215 0 105.16.112.2/43779
2.0.0.0/12 16 3215 0 105.16.160.2/43779
2.0.0.0/12 16 3215 0 2C0F:FEB0:B:1::2/43779
2.1.0.0/16 16 3215 0 105.16.160.2/43779
2.1.0.0/16 16 3215 0 2C0F:FEB0:B:1::2/43779
2.1.0.0/16 16 3215 0 2C0F:FEB0:2:1::2/43779
2.1.0.0/16 16 3215 0 105.16.112.2/43779
<snip>
…
lg-01-jnb.za#
COMMERCIAL–IN-CO NFI DENCE
Verifying(… IOS & IOS XE example)
lg-01-jnb.za#sh bgp ipv6 unicast rpki table
2217 BGP sovc network entries using 248304 bytes of memory
2309 BGP sovc record entries using 46180 bytes of memory
Network Maxlen Origin-AS Source Neighbor
2001:500:4::/48 48 10745 0 105.16.160.2/43779
2001:500:4::/48 48 10745 0 2C0F:FEB0:B:1::2/43779
2001:500:4::/48 48 10745 0 2C0F:FEB0:2:1::2/43779
2001:500:4::/48 48 10745 0 105.16.112.2/43779
2001:500:13::/48 48 393225 0 105.16.160.2/43779
2001:500:13::/48 48 393225 0 2C0F:FEB0:B:1::2/43779
2001:500:13::/48 48 393225 0 2C0F:FEB0:2:1::2/43779
2001:500:13::/48 48 393225 0 105.16.112.2/43779
2001:500:30::/48 48 10745 0 105.16.160.2/43779
2001:500:30::/48 48 10745 0 2C0F:FEB0:B:1::2/43779
<snip>
…
lg-01-jnb.za#
COMMERCIAL–IN-CO NFI DENCE
Verifying(… IOS & IOS XE example)
lg-01-jnb.za#sh ip bgp
BGP table version is 100925789, local router ID is 105.22.40.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
N* 1.0.0.0/24 105.22.32.1 0 0 37100 15169 i
N*> 105.22.40.1 0 0 37100 15169 i
N* 1.0.4.0/24 105.22.32.1 0 0 37100 6939 4826 38803 56203 i
N*> 105.22.40.1 0 0 37100 6939 4826 38803 56203 i
N* 1.0.5.0/24 105.22.32.1 0 0 37100 6939 4826 38803 56203 i
N*> 105.22.40.1 0 0 37100 6939 4826 38803 56203 i
N* 1.0.6.0/24 105.22.32.1 0 0 37100 6939 4826 38803 56203 56203 56203 i
N*> 105.22.40.1 0 0 37100 6939 4826 38803 56203 56203 56203 i
N* 1.0.64.0/18 105.22.32.1 0 0 37100 2497 7670 7670 18144 i
N*> 105.22.40.1 0 0 37100 2497 7670 7670 18144 i
N*> 1.0.128.0/18 105.22.32.1 0 0 37100 2914 38040 9737 i
N* 105.22.40.1 0 0 37100 2914 38040 9737 i
N*> 1.0.128.0/17 105.22.32.1 0 0 37100 2914 38040 9737 i
N* 105.22.40.1 0 0 37100 2914 38040 9737 i
N* 1.0.129.0/24 105.22.32.1 0 0 37100 4651 9737 23969 i
N*> 105.22.40.1 0 0 37100 4651 9737 23969 i
N* 1.0.130.0/24 105.22.32.1 0 0 37100 4651 9737 23969 I
<snip>
…
lg-01-jnb.za#
COMMERCIAL–IN-CO NFI DENCE
Verifying(… IOS & IOS XE example)
lg-01-jnb.za#sh bgp ipv6 unicast
BGP table version is 22720683, local router ID is 105.22.40.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
N* 2001::/32 2C0F:FEB0:B:2::1
0 0 37100 6939 i
N*> 2C0F:FEB0:B:3::1
0 0 37100 6939 i
N*> 2001:4:112::/48 2C0F:FEB0:B:3::1
0 0 37100 112 i
N* 2C0F:FEB0:B:2::1
0 0 37100 112 i
N*> 2001:200::/32 2C0F:FEB0:B:3::1
0 0 37100 2914 2500 i
N* 2C0F:FEB0:B:2::1
0 0 37100 2914 2500 i
N* 2001:200:900::/40
2C0F:FEB0:B:2::1
0 0 37100 6939 2516 7660 i
N*> 2C0F:FEB0:B:3::1
0 0 37100 6939 2516 7660 i
<snip>
…
lg-01-jnb.za#
COMMERCIAL–IN-CO NFI DENCE
Verifying(… pretty GUI’s,HE example)
COMMERCIAL–IN-CO NFI DENCE
Verifying(… pretty GUI’s,HE example)
COMMERCIAL–IN-CO NFI DENCE
Issues – Bad IOS XE Bug!
COMMERCIAL–IN-CO NFI DENCE
Issues – Bad IOS XE Bug!
COMMERCIAL–IN-CO NFI DENCE
Issues – IOS & IOS XE RFC 6811 Violation!
COMMERCIAL–IN-CO NFI DENCE
Issues – IOS & IOS XE RFC 6811 Violation!
COMMERCIAL–IN-CO NFI DENCE
MyNOG-6
• For MyNOG-6, will report on CA services for downstream customers.
COMMERCIAL–IN-CO NFI DENCE
Thank You
Q&A
mark.tinka@seacom.mu
25

Más contenido relacionado

La actualidad más candente

Bgp multihoming
Bgp multihomingBgp multihoming
Bgp multihomingee38sp
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesFebrian ‎
 
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USASegment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USAJose Liste
 
BGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerBGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerAPNIC
 
TechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the DatacenterTechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the DatacenterRobb Boyd
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceBertrand Duvivier
 
Route Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for OperatorsRoute Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for OperatorsBangladesh Network Operators Group
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersSolarWinds
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNsUS-Ignite
 
WAN SDN meet Segment Routing
WAN SDN meet Segment RoutingWAN SDN meet Segment Routing
WAN SDN meet Segment RoutingAPNIC
 
Segment Routing: Prepare Your Network For New Business Models
Segment Routing:  Prepare Your Network For New Business ModelsSegment Routing:  Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business ModelsCisco Service Provider
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGPDuane Bodle
 
Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)Juniper Networks
 
BGP Prime
BGP Prime BGP Prime
BGP Prime KHNOG
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab Cisco Canada
 
Traffic Engineering for CDNs
Traffic Engineering for CDNsTraffic Engineering for CDNs
Traffic Engineering for CDNsMyNOG
 

La actualidad más candente (20)

Bgp multihoming
Bgp multihomingBgp multihoming
Bgp multihoming
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & James
 
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USASegment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
 
BGP persistence
BGP persistenceBGP persistence
BGP persistence
 
BGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerBGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN Controller
 
TechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the DatacenterTechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the Datacenter
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advance
 
Route Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for OperatorsRoute Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for Operators
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco Routers
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNs
 
WAN SDN meet Segment Routing
WAN SDN meet Segment RoutingWAN SDN meet Segment Routing
WAN SDN meet Segment Routing
 
Segment Routing: Prepare Your Network For New Business Models
Segment Routing:  Prepare Your Network For New Business ModelsSegment Routing:  Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business Models
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGP
 
Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)
 
BGP Prime
BGP Prime BGP Prime
BGP Prime
 
MENOG-Segment Routing Introduction
MENOG-Segment Routing IntroductionMENOG-Segment Routing Introduction
MENOG-Segment Routing Introduction
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISP
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab
 
Traffic Engineering for CDNs
Traffic Engineering for CDNsTraffic Engineering for CDNs
Traffic Engineering for CDNs
 

Destacado (11)

Ost Invitation
Ost InvitationOst Invitation
Ost Invitation
 
XIAO PING LIU CV
XIAO PING LIU CVXIAO PING LIU CV
XIAO PING LIU CV
 
081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0
081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0
081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0
 
8.QAI-CMMI Dev-V1.3
8.QAI-CMMI Dev-V1.38.QAI-CMMI Dev-V1.3
8.QAI-CMMI Dev-V1.3
 
Class session 2.2.16
Class session 2.2.16Class session 2.2.16
Class session 2.2.16
 
Brochure E&G Davao
Brochure E&G DavaoBrochure E&G Davao
Brochure E&G Davao
 
Xoodax price protection2016
Xoodax price protection2016Xoodax price protection2016
Xoodax price protection2016
 
Impact of Ground Effect on Circulation Controlled Cylindrical Surfaces
Impact of Ground Effect on Circulation Controlled Cylindrical SurfacesImpact of Ground Effect on Circulation Controlled Cylindrical Surfaces
Impact of Ground Effect on Circulation Controlled Cylindrical Surfaces
 
Real-Time Status Commands
Real-Time Status CommandsReal-Time Status Commands
Real-Time Status Commands
 
Classroom Activities - Chapter 2
Classroom Activities - Chapter 2Classroom Activities - Chapter 2
Classroom Activities - Chapter 2
 
Language Curriculum Design - Chapter 9
Language Curriculum Design - Chapter 9Language Curriculum Design - Chapter 9
Language Curriculum Design - Chapter 9
 

Similar a RPKI: An Operator’s Implementation

BGP Route Aggregation Lab WorkBook
BGP Route Aggregation Lab WorkBookBGP Route Aggregation Lab WorkBook
BGP Route Aggregation Lab WorkBookRHC Technologies
 
Ccnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to heroCcnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to heroSagarR24
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRoutingFaisal Reza
 
ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, nes...
ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, nes...ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, nes...
ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, nes...SilvioDias29
 
Watching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficWatching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficJosiah Ritchie
 
보안위협 관리통제
보안위협 관리통제보안위협 관리통제
보안위협 관리통제Munkyeonggu
 
6th floorsharingsession ep 1 - networking - arp v 1.0
6th floorsharingsession ep 1 - networking - arp v 1.06th floorsharingsession ep 1 - networking - arp v 1.0
6th floorsharingsession ep 1 - networking - arp v 1.0A Achyar Nur
 
managing your network environment
managing your network environmentmanaging your network environment
managing your network environmentscooby_doo
 
Networking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP ConfigurationNetworking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP Configuration3Anetwork com
 
[AKIBA.AWS] VPN接続とルーティングの基礎
[AKIBA.AWS] VPN接続とルーティングの基礎[AKIBA.AWS] VPN接続とルーティングの基礎
[AKIBA.AWS] VPN接続とルーティングの基礎Shuji Kikuchi
 
Triển khai vpn client to site qua router gpon
Triển khai vpn client to site qua router gponTriển khai vpn client to site qua router gpon
Triển khai vpn client to site qua router gponlaonap166
 
Lab routing protocols eigrp
Lab routing protocols eigrpLab routing protocols eigrp
Lab routing protocols eigrpzafar85
 
Cisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA  with tracking  configurationCisco CCNA IP SLA  with tracking  configuration
Cisco CCNA IP SLA with tracking configurationHamed Moghaddam
 
Segment Routing for Dummies
Segment Routing for DummiesSegment Routing for Dummies
Segment Routing for DummiesGary Jan
 

Similar a RPKI: An Operator’s Implementation (20)

BGP Route Aggregation Lab WorkBook
BGP Route Aggregation Lab WorkBookBGP Route Aggregation Lab WorkBook
BGP Route Aggregation Lab WorkBook
 
Ccnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to heroCcnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to hero
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRouting
 
ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, nes...
ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, nes...ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, nes...
ENCOR SA Scenario Especifica o algoritmo de hashing de senha a ser usado, nes...
 
Watching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficWatching And Manipulating Your Network Traffic
Watching And Manipulating Your Network Traffic
 
보안위협 관리통제
보안위협 관리통제보안위협 관리통제
보안위협 관리통제
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140)
 
6th floorsharingsession ep 1 - networking - arp v 1.0
6th floorsharingsession ep 1 - networking - arp v 1.06th floorsharingsession ep 1 - networking - arp v 1.0
6th floorsharingsession ep 1 - networking - arp v 1.0
 
BGP Next-hop-self
BGP Next-hop-selfBGP Next-hop-self
BGP Next-hop-self
 
managing your network environment
managing your network environmentmanaging your network environment
managing your network environment
 
Network Docs
Network DocsNetwork Docs
Network Docs
 
Networking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP ConfigurationNetworking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP Configuration
 
MPLS LAB Practice Vol.1.pdf
MPLS LAB Practice Vol.1.pdfMPLS LAB Practice Vol.1.pdf
MPLS LAB Practice Vol.1.pdf
 
[AKIBA.AWS] VPN接続とルーティングの基礎
[AKIBA.AWS] VPN接続とルーティングの基礎[AKIBA.AWS] VPN接続とルーティングの基礎
[AKIBA.AWS] VPN接続とルーティングの基礎
 
Triển khai vpn client to site qua router gpon
Triển khai vpn client to site qua router gponTriển khai vpn client to site qua router gpon
Triển khai vpn client to site qua router gpon
 
Lab routing protocols eigrp
Lab routing protocols eigrpLab routing protocols eigrp
Lab routing protocols eigrp
 
OSPF 3
OSPF 3OSPF 3
OSPF 3
 
OSPF 3
OSPF 3OSPF 3
OSPF 3
 
Cisco CCNA IP SLA with tracking configuration
Cisco CCNA IP SLA  with tracking  configurationCisco CCNA IP SLA  with tracking  configuration
Cisco CCNA IP SLA with tracking configuration
 
Segment Routing for Dummies
Segment Routing for DummiesSegment Routing for Dummies
Segment Routing for Dummies
 

Más de MyNOG

Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10MyNOG
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023MyNOG
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksMyNOG
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersMyNOG
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureMyNOG
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network ControllerMyNOG
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformMyNOG
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalidsMyNOG
 
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXMyNOG
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in KubernetesMyNOG
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKIMyNOG
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmMyNOG
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEMyNOG
 
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...MyNOG
 
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveMyNOG
 
Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...MyNOG
 
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...MyNOG
 
MyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyNOG
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...MyNOG
 
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearQuick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearMyNOG
 

Más de MyNOG (20)

Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier Networks
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New Frontiers
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native Infrastructure
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network Controller
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalids
 
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIX
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in Kubernetes
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKI
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable Paradigm
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
 
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
Malaysia Data Center Landscape, Where is the next hotspot to place your fiber...
 
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity PerspectiveFUTURE-PROOFING DATA CENTRES from Connectivity Perspective
FUTURE-PROOFING DATA CENTRES from Connectivity Perspective
 
Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...Keep Ukraine Connected: A project from the community – for the community by R...
Keep Ukraine Connected: A project from the community – for the community by R...
 
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
Solving Civilization’s Long Term Communication Needs by Dinesh Kummaran, Tran...
 
MyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIXMyIX Updates by Raja Mohan Marappan, MyIX
MyIX Updates by Raja Mohan Marappan, MyIX
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
 
Quick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, OpengearQuick wins in the NetOps Journey by Vincent Boon, Opengear
Quick wins in the NetOps Journey by Vincent Boon, Opengear
 

Último

Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Shubham Pant
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxnaveenithkrishnan
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilitiesalihassaah1994
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteMavein
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfmchristianalwyn
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024Jan Löffler
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdfShreedeep Rayamajhi
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpressssuser166378
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsRoxana Stingu
 

Último (12)

Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilities
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
 

RPKI: An Operator’s Implementation

  • 1. COMMERCIAL–IN-CO NFI DENCECOMMERCIAL–IN-CO NFI DENCE SEACOM’s Experience Deploying RPKI
  • 2. COMMERCIAL–IN-CO NFI DENCE RPKI • Resource Public Key Infrastructure. • Certify IP resources. • Validate route origination. • Phase 2 is to validate path. • Let’s talk about the steps (AFRINIC region).
  • 8. COMMERCIAL–IN-CO NFI DENCE Download& Install RPKI Project (… was our choice) http://rpki.net/wiki/doc/RPKI/Installation
  • 9. COMMERCIAL–IN-CO NFI DENCE Router Setup – IOS & IOS XE router bgp ASN bgp rpki server tcp 2001:DB8::1 port 43779 refresh 300 bgp rpki server tcp 2001:DB8::2 port 43779 refresh 300 bgp rpki server tcp 192.0.2.1 port 43779 refresh 300 bgp rpki server tcp 192.0.2.2 port 43779 refresh 300
  • 10. COMMERCIAL–IN-CO NFI DENCE Router Setup – IOS XR router bgp ASN rpki server 192.0.2.1 transport tcp port 43779 refresh-time 300 ! rpki server 192.0.2.2 transport tcp port 43779 refresh-time 300 ! rpki server 2001:db8::1 transport tcp port 43779 refresh-time 300 ! rpki server 2001:db8::2 transport tcp port 43779 refresh-time 300 !
  • 11. COMMERCIAL–IN-CO NFI DENCE Router Setup – Junos tinka@lab# show routing-options validation group rpki-validation-caches { session 192.0.2.1 { refresh-time 300; port 43779; local-address 192.0.2.254; } session 192.0.2.2 { refresh-time 300; port 43779; local-address 192.0.2.254; } } group rpki-validation-caches6 { session 2001:db8::1 { refresh-time 300; port 43779; local-address 2001:db8::254; } session 2001:db8::2 { refresh-time 300; port 43779; local-address 2001:db8::254; } } {master}[edit] tinka@lab#
  • 12. COMMERCIAL–IN-CO NFI DENCE Verifying(… IOS & IOS XE example) lg-01-jnb.za>sh ip bgp 105.16.0.0 BGP routing table entry for 105.16.0.0/12, version 70256714 Paths: (2 available, best #2, table default) Not advertised to any peer Refresh Epoch 1 37100 105.22.32.1 from 105.22.32.1 (105.16.0.163) Origin IGP, metric 0, localpref 100, valid, external Community: 37100:1000 path 0F87C714 RPKI State valid rx pathid: 0, tx pathid: 0 Refresh Epoch 1 37100 105.22.40.1 from 105.22.40.1 (105.16.0.162) Origin IGP, metric 0, localpref 100, valid, external, best Community: 37100:1000 path 1B430634 RPKI State valid rx pathid: 0, tx pathid: 0x0 lg-01-jnb.za>
  • 13. COMMERCIAL–IN-CO NFI DENCE Verifying(… IOS & IOS XE example) lg-01-jnb.za>sh bgp ipv6 unicast 2c0f:feb0::/32 BGP routing table entry for 2C0F:FEB0::/32, version 19272326 Paths: (2 available, best #2, table default) Not advertised to any peer Refresh Epoch 1 37100 2C0F:FEB0:B:2::1 (FE80::86B5:9C00:15FC:2400) from 2C0F:FEB0:B:2::1 (105.16.0.163) Origin IGP, metric 0, localpref 100, valid, external Community: 37100:1000 path 2BEDB1FC RPKI State valid rx pathid: 0, tx pathid: 0 Refresh Epoch 1 37100 2C0F:FEB0:B:3::1 (FE80::86B5:9C00:15F5:7C00) from 2C0F:FEB0:B:3::1 (105.16.0.162) Origin IGP, metric 0, localpref 100, valid, external, best Community: 37100:1000 path 2A2AC60C RPKI State valid rx pathid: 0, tx pathid: 0x0 lg-01-jnb.za>
  • 14. COMMERCIAL–IN-CO NFI DENCE Verifying(… IOS & IOS XE example) lg-01-jnb.za#sh ip bgp rpki table 14946 BGP sovc network entries using 1315248 bytes of memory 15543 BGP sovc record entries using 310860 bytes of memory Network Maxlen Origin-AS Source Neighbor 2.0.0.0/16 16 3215 0 105.16.160.2/43779 2.0.0.0/16 16 3215 0 2C0F:FEB0:B:1::2/43779 2.0.0.0/16 16 3215 0 2C0F:FEB0:2:1::2/43779 2.0.0.0/16 16 3215 0 105.16.112.2/43779 2.0.0.0/12 16 3215 0 105.16.160.2/43779 2.0.0.0/12 16 3215 0 2C0F:FEB0:B:1::2/43779 2.1.0.0/16 16 3215 0 105.16.160.2/43779 2.1.0.0/16 16 3215 0 2C0F:FEB0:B:1::2/43779 2.1.0.0/16 16 3215 0 2C0F:FEB0:2:1::2/43779 2.1.0.0/16 16 3215 0 105.16.112.2/43779 <snip> … lg-01-jnb.za#
  • 15. COMMERCIAL–IN-CO NFI DENCE Verifying(… IOS & IOS XE example) lg-01-jnb.za#sh bgp ipv6 unicast rpki table 2217 BGP sovc network entries using 248304 bytes of memory 2309 BGP sovc record entries using 46180 bytes of memory Network Maxlen Origin-AS Source Neighbor 2001:500:4::/48 48 10745 0 105.16.160.2/43779 2001:500:4::/48 48 10745 0 2C0F:FEB0:B:1::2/43779 2001:500:4::/48 48 10745 0 2C0F:FEB0:2:1::2/43779 2001:500:4::/48 48 10745 0 105.16.112.2/43779 2001:500:13::/48 48 393225 0 105.16.160.2/43779 2001:500:13::/48 48 393225 0 2C0F:FEB0:B:1::2/43779 2001:500:13::/48 48 393225 0 2C0F:FEB0:2:1::2/43779 2001:500:13::/48 48 393225 0 105.16.112.2/43779 2001:500:30::/48 48 10745 0 105.16.160.2/43779 2001:500:30::/48 48 10745 0 2C0F:FEB0:B:1::2/43779 <snip> … lg-01-jnb.za#
  • 16. COMMERCIAL–IN-CO NFI DENCE Verifying(… IOS & IOS XE example) lg-01-jnb.za#sh ip bgp BGP table version is 100925789, local router ID is 105.22.40.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path N* 1.0.0.0/24 105.22.32.1 0 0 37100 15169 i N*> 105.22.40.1 0 0 37100 15169 i N* 1.0.4.0/24 105.22.32.1 0 0 37100 6939 4826 38803 56203 i N*> 105.22.40.1 0 0 37100 6939 4826 38803 56203 i N* 1.0.5.0/24 105.22.32.1 0 0 37100 6939 4826 38803 56203 i N*> 105.22.40.1 0 0 37100 6939 4826 38803 56203 i N* 1.0.6.0/24 105.22.32.1 0 0 37100 6939 4826 38803 56203 56203 56203 i N*> 105.22.40.1 0 0 37100 6939 4826 38803 56203 56203 56203 i N* 1.0.64.0/18 105.22.32.1 0 0 37100 2497 7670 7670 18144 i N*> 105.22.40.1 0 0 37100 2497 7670 7670 18144 i N*> 1.0.128.0/18 105.22.32.1 0 0 37100 2914 38040 9737 i N* 105.22.40.1 0 0 37100 2914 38040 9737 i N*> 1.0.128.0/17 105.22.32.1 0 0 37100 2914 38040 9737 i N* 105.22.40.1 0 0 37100 2914 38040 9737 i N* 1.0.129.0/24 105.22.32.1 0 0 37100 4651 9737 23969 i N*> 105.22.40.1 0 0 37100 4651 9737 23969 i N* 1.0.130.0/24 105.22.32.1 0 0 37100 4651 9737 23969 I <snip> … lg-01-jnb.za#
  • 17. COMMERCIAL–IN-CO NFI DENCE Verifying(… IOS & IOS XE example) lg-01-jnb.za#sh bgp ipv6 unicast BGP table version is 22720683, local router ID is 105.22.40.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path N* 2001::/32 2C0F:FEB0:B:2::1 0 0 37100 6939 i N*> 2C0F:FEB0:B:3::1 0 0 37100 6939 i N*> 2001:4:112::/48 2C0F:FEB0:B:3::1 0 0 37100 112 i N* 2C0F:FEB0:B:2::1 0 0 37100 112 i N*> 2001:200::/32 2C0F:FEB0:B:3::1 0 0 37100 2914 2500 i N* 2C0F:FEB0:B:2::1 0 0 37100 2914 2500 i N* 2001:200:900::/40 2C0F:FEB0:B:2::1 0 0 37100 6939 2516 7660 i N*> 2C0F:FEB0:B:3::1 0 0 37100 6939 2516 7660 i <snip> … lg-01-jnb.za#
  • 18. COMMERCIAL–IN-CO NFI DENCE Verifying(… pretty GUI’s,HE example)
  • 19. COMMERCIAL–IN-CO NFI DENCE Verifying(… pretty GUI’s,HE example)
  • 20. COMMERCIAL–IN-CO NFI DENCE Issues – Bad IOS XE Bug!
  • 21. COMMERCIAL–IN-CO NFI DENCE Issues – Bad IOS XE Bug!
  • 22. COMMERCIAL–IN-CO NFI DENCE Issues – IOS & IOS XE RFC 6811 Violation!
  • 23. COMMERCIAL–IN-CO NFI DENCE Issues – IOS & IOS XE RFC 6811 Violation!
  • 24. COMMERCIAL–IN-CO NFI DENCE MyNOG-6 • For MyNOG-6, will report on CA services for downstream customers.
  • 25. COMMERCIAL–IN-CO NFI DENCE Thank You Q&A mark.tinka@seacom.mu 25