February 2014
Intermediate to advanced
360 pages
7h 45m
English
book
Versatile Routing and Services with BGP: Understanding and Implementing BGP in SR-OS
by Alcatel-Lucent, Colin Bookham
Content preview from Versatile Routing and Services with BGP: Understanding and Implementing BGP in SR-OSBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 9
Security
While the use of BGP for delivering services within an Autonomous System has increased, it remains the de facto protocol for inter-AS route exchange, and as such BGP must run on routers that are at the extremity of an Autonomous System or administrative domain.
The point where the Autonomous System connects externally is frequently considered the security perimeter. Regardless of whether that external connection is a customer, a peering partner, a content provider, or something else, securing that perimeter against potential threats or attacks is of paramount importance. A number of mechanisms are in use today to implement security measures at the Autonomous System boundary, some simple and some a little more complex. This chapter looks at how BGP can be used both proactively and reactively to help secure the perimeter.
FlowSpec
BGP Flow Specification (FlowSpec) (RFC 5575) allows for encoding of flow specification information into Multi-Protocol BGP NLRI. A flow specification is an n-tuple consisting of several matching criteria such as source prefix, destination prefix, protocol, or ports that can be applied to IP traffic. Coupled with the flow specification information NLRI, Extended Community attributes provide the capability to define traffic filtering rules for the specified flow specification. The intention is to allow for automated creation of IP Filters to prevent intra-AS and inter-AS DDoS attacks, and to allow for redirection of traffic to other routing ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.