Upload File

janog35_routereflector構成でのrpki動作検証 20150120

  • Home
  • Internet
  • JANOG35_RouteReflector構成でのRPKI動作検証 20150120
24
Copyright © GREE, Inc. All Rights Reserved. Route Reflector構成での RPKIの動作検証 インフラストラクチャ本部 データセンターチーム 河内

Upload: osamu-kurokochi

Post on 22-Jan-2018

198 views

Category:

Internet


0 download

Report

TRANSCRIPT

  1. 1. Copyright GREE, Inc. All Rights Reserved.Copyright GREE, Inc. All Rights Reserved. Route Reector RPKI
  2. 2. Copyright GREE, Inc. All Rights Reserved. Router/SwitchRPKI RPKIRouter Route Reector iBGPRPKI ValidationJuniper Router ReectorJuniper JUNOSeBGPiBGP iBGPValidation
  3. 3. Copyright GREE, Inc. All Rights Reserved.
  4. 4. Copyright GREE, Inc. All Rights Reserved. AS65513(Origin AS) AS65511 AS65514(Origin AS) RouteReecter01(Juniper M7i) 192.168.128.50/24 ROA Server 192.168.128.1/24 Validation 10.14.0.0/1610.13.0.0/16 Router03192.168.128.13/24 Router04192.168.128.14/24 Router02192.168.128.12/24 Router01192.168.128.11/24 RouteReecter01(RR01)RR-ClientCommunity Valid 65535:3 Not-found 65535:2 Invalid 65535:1 Router01,02RR01CommunityLP Valid 150 Not-found 100 Invalid 50 AS65515(Origin AS) 10.15.0.0/24 Router05192.168.128.15/24
  5. 5. Copyright GREE, Inc. All Rights Reserved. VMware ESXi RouterReecter2 (CSR1000v) Router02 (CSR1000v) Router05 (CSR1000v) Router03 (CSR1000v) RouteReecter1(Juniper M7i) ROA Server Router04 (CSR1000v) 192.168.128.0/24 Router01 (CSR1000v) JPNIC OSJuniper M7i : JUNOS 12.3R8.7CSR1000v : IOS-XE 15.4
  6. 6. Copyright GREE, Inc. All Rights Reserved. Prefix MaxLengeth AS-Number 10.12.0.0/16 24 AS65512 10.13.0.0/16 24 AS65513 10.14.0.0/16 24 AS65514 10.15.0.0/16 24 AS65515 ROA IP2AS-Number
  7. 7. Copyright GREE, Inc. All Rights Reserved.
  8. 8. Copyright GREE, Inc. All Rights Reserved. 1(Invalid) AS65512(Mis Originated AS) AS65511 AS65514(Origin AS) Validation 10.14.0.0/16 10.13.0.0/16 MisOriginPrex Router03192.168.128.13/24 Router04192.168.128.14/24 Router02192.168.128.12/24 Router01192.168.128.11/24 AS65512RRValidation RouteReecter01192.168.128.50/24 ROA Server192.168.128.1/24
  9. 9. Copyright GREE, Inc. All Rights Reserved. RouteReflector01Validation Client(Router01,02)LPBestPath
  10. 10. Copyright GREE, Inc. All Rights Reserved. 2(InvalidBest Path Selection) AS65512(Mis Originated AS) AS65511 10.14.0.0/16 10.14.0.0/16 MisOriginPrex Router03192.168.128.13/24 Router04192.168.128.14/24 Router02192.168.128.12/24 Router01192.168.128.11/24 Validation AS65512AS65514RRValidation Router0110.14.0.0/16Best PathAS65514 AS65514(Origin AS) RouteReecter01192.168.128.50/24 ROA Server192.168.128.1/24
  11. 11. Copyright GREE, Inc. All Rights Reserved. RouteReflector01Validation Client(Router01,02)LPBestPath 10.14.0.0/16Nexthop192.168.128.14@AS65514
  12. 12. Copyright GREE, Inc. All Rights Reserved. 3(Longest Match) AS65512(Origin AS) AS65511 AS65514(Origin AS) 10.14.0.0/1610.12.0.0/16 Router03192.168.128.13/24 Router04192.168.128.14/24 Router02192.168.128.12/24 Router01192.168.128.11/24 AS65515(Mis Originated AS) 10.14.0.0/24 MisOriginPrex Router05192.168.128.15/24 RouteReecter01192.168.128.50/24 ROA Server192.168.128.1/24 Validation AS65515AS65514 RR01ValidationRouter01AS65514BestPath
  13. 13. Copyright GREE, Inc. All Rights Reserved. 10.14.0.0/16@AS65514RouteReflector01 Router02BestPath RouteReflector01 Router02LongestMatch 10.14.0.0/24
  14. 14. Copyright GREE, Inc. All Rights Reserved. 4(RR2) AS65512(Mis Originated AS) AS65511 AS65514(Origin AS) RouteReecter01 192.168.128.50/24 ROA Server 192.168.128.1/24 Validation 10.14.0.0/16 10.13.0.0/16 MisOriginPrex Router03192.168.128.13/24 Router04192.168.128.14/24 Router02192.168.128.12/24 Router01192.168.128.11/24 Router ReectorRPKI RouteReecter02 192.168.128.16/24
  15. 15. Copyright GREE, Inc. All Rights Reserved. Router01,02Route Reflector01 ValidationCommunityRoute Reflector02 ASRouteReflector2 Policy
  16. 16. Copyright GREE, Inc. All Rights Reserved.
  17. 17. Copyright GREE, Inc. All Rights Reserved. Route ReectoriBGPValidation iBGPValidationJuniper BGPAS BestPathRouter PathValidRouter Reector ADD-PathBGP-Confederation
  18. 18. Copyright GREE, Inc. All Rights Reserved.
  19. 19. Copyright GREE, Inc. All Rights Reserved. ASBR(eBGP)Validation iBGP RPKI Route Reector
  20. 20. Copyright GREE, Inc. All Rights Reserved. EndASASBR Validation TransitIX ValidationAS IXRoute Server Peering Validation BGP-Community InternetValidation
  21. 21. Copyright GREE, Inc. All Rights Reserved. Route ReectorValidation 1. ASBRRoute Reector ext) 1Router1Transit ASBRBest Path Selection 2. Route ReectoriBGPValidation Juniper Junos iBGPValidation Route ReectorValidation
  22. 22. Copyright GREE, Inc. All Rights Reserved.
  23. 23. Copyright GREE, Inc. All Rights Reserved.
  24. 24. Copyright GREE, Inc. All Rights Reserved.

3137 東証マザーズ - 証券リサーチセンター

上場ETF(管理会社:野村アセットマネジメント)に関する …...1 1617 東証 2 1618 東証 3 1619 東証 4 1620 東証 5 1621 東証 6 1622 東証 7 1623 東証

Kroonnuuskn 20150120

Introduccion a RPKI - Certificacion de Recursos de Internet

Diario Resumen 20150120

RPKI – Resource Public Key Infrastructure Validación de ...slides.lacnic.net/.../lunes/rpki-basico-gc.pdf · • RPKI (Resource Public Key Infrastructure) permite la validación

JANOG35_RPKIやってみませんか? 20150120

Todays Libre 20150120

Profil_Siberia 20150120

JPRSサーバー証明書 (ドメイン認証型) 認証局証 …JPRS サーバー証明書(ドメイン認証型)認証局証明書ポリシー(Certificate Policy) Version

FeversHC 20150120

JPRSサーバー証明書 認証局証明書ポリシー … › pubcert › info › repository › JPRS-CP.pdfJPRS サーバー証明書認証局証明書ポリシー(Certificate

Magdalena Andersson presentation av ekonomiska läget 20150120

Directrices – Eliminación de documentosmgd.redrta.org/mgd/site/artic/20150120/asocfile/...Documentación electrónica 4. Contratación externa 5. Cuadro de compromisos de cumplimiento

RPKI – Segurança nos recursos de numeração da Internet ... · Recursos de Numeração da Internet ... Fonte: . Demonstração. Cenário. Limitações. Estamos seguros agora?

12thwocs 発表資料20150120

20150120 Jahresbericht 2014 - bls.info · Seite 3 BLS – Südtirols Standortagentur Den Standort für Unternehmen in Südtirol sichern und weiterentwickeln, Südtirol als attraktiven

T6 RPKI/ROAの国際動向 ~どんなときに使える!? · • RPKIのテスト環境を希望者向けに提供中 • RPKIシステムを開発中(~12月予定) • IPアドレスの移転や運用ミスの影響に配慮するための実験や

CampusUA Lite ご提案書 - si.mitani-corp.co.jpƒ€ウンロード資料... · ADFS. 生体認証. 声紋認証. 虹彩認証. 顔認証. 指紋認証. 合言葉認証. 多要素認証

Informe Técnico Sobre RPKI BGP Con XR7 (Cisco8000)

20150120 白俄罗斯留学介绍 ppt

Planificacion 2015 Septiembre Lenguaje y Comunicacion 4 Basico 38546 20151103 20150120 160115

RPKI – Validación de Origen en BGP...RPKI •Todos los objetos firmados de RPKI se listan en repositorios públicos •Luego de ser verificados, estos objetos pueden ser usados

Guía de Implementación Operacional – Control físico y ...mgd.redrta.org/mgd/site/artic/20150120/asocfile/20150120143215/g... · del MGD, tanto a nivel gerencial como operacional,

有有有有有価価価価価証証証証証券券券券券報報報 …有有有有有価価価価価証証証証証券券券券券報報報報報告告告告告書書書書書 事業年度

RPKI (Resource Public Key Infrastructure)

RPKI Tutorial

20150120 guia canaverosa

Mendeley guide (20150120)

Implementación RPKI RIPE Validator, Huawei y Mikrotik

7777---4444))))実証試験実証試験~~サイトサイト ...((((7777---4444))))実証試験実証試験~~サイトサイトサイト2222~~

UpDown RPKI LACNIC

ネット認証ライセンスセンターのセットアップ ネット認証 ...-1- ネット認証ライセンスセンターのセットアップ ネット認証ライセンス(占有)

RPKI PRÁCTICO - LACNIC

20150120 第一次iPad分享課程