Scribd
Upload
20 views10 pages

Connecting To Upstream Isps Using BGP Slides

The document discusses connecting to upstream ISPs using BGP, highlighting routing strategies such as routing 'to' versus 'through' and the importance of BGP/OSPF redistribution. It covers OSPF default route origination and IP anti-spoofing techniques using Unicast Reverse Path Forwarding (URPF). Additionally, it includes demonstrations on BGP aggregation, OSPF integration, and securing ISP uplinks.

Uploaded by

Mario Verdigialli
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views10 pages

Connecting To Upstream Isps Using BGP Slides

The document discusses connecting to upstream ISPs using BGP, highlighting routing strategies such as routing 'to' versus 'through' and the importance of BGP/OSPF redistribution. It covers OSPF default route origination and IP anti-spoofing techniques using Unicast Reverse Path Forwarding (URPF). Additionally, it includes demonstrations on BGP aggregation, OSPF integration, and securing ISP uplinks.

Uploaded by

Mario Verdigialli
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Connecting to Upstream ISPs

Using BGP

Nick Russo
NETWORK ENGINEER

@nickrusso42518 [Link]
Agenda Routing "to" versus routing "through"
BGP/OSPF redistribution + aggregation
OSPF default route origination
IP anti-spoofing with URPF
Routing "To" Versus Routing "Through"
[Link]/0 (backup)
100.64.x.x Ingress eBGP:
[Link]/25 - R2 primary for 203.0.113.x
R18
R12 - R1 backup for 203.0.113.x
ISP A
R1
[Link]/24
R20
OSPF
Internet
[Link]/25
R2 [Link]/25
R13
R19

[Link]/25 ISP B Egress OSPF:


- R1 primary for 100.64.x.x
[Link]/0 (primary - R2 primary default when
and conditional) BGP is up
- R1 backup default
Demo

BGP aggregation and upstream routing


Demo

Redistributing from BGP into OSPF


Demo

OSPF default route origination


Spoof Prevention with URPF
R1 routing table:
[Link]/24 via R18
[Link]/32 via local
[Link]/32 via R6
(etc.)
[Link]/32 [Link]/32 [Link]/32

R6 R1 R18
ISP A
ICMP Echo reply ICMP Echo
src=[Link] src=[Link]
dest=[Link] dest=[Link]

Dropped ICMP Echo


by URPF! src=[Link]
dest=[Link]
A More Relaxed URPF Mode

Strict Loose
ICMP Echo ICMP Echo
src=[Link] Dropped src=[Link]
dest=[Link] by URPF! dest=[Link]

[Link]/32 [Link]/32
R1 R1
R6 R6

R7 R7

R1 routing table: R1 routing table:


[Link]/32 via R6 [Link]/32 via R6
[Link]/32 via R7 [Link]/32 [Link]/32 via R7
[Link]/32
(etc.) (etc.)

interface Ethernet0/0 interface Ethernet0/0


ip verify unicast source reachable-via rx ip verify unicast source reachable-via any
Demo

Securing ISP uplinks with unicast RPF


Summary
Upstream ISP connectivity
Conditional default route origination
Unicast RPF for uplink security

You might also like