Skip to main content
Home

Main navigation

  • About
  • CNDO
  • BGP for All
  • perfSONAR
  • ScienceDMZ
  • FedIdM
  • Contact Us

BGP for All

Border Gateway Protocol (BGP) is the primary routing protocol used to transfer data and information on the Internet or autonomous systems. BGP is a Path Vector Protocol which maintains paths to different hosts, networks and gateway routers and determines the routing decision based on rules, filtering, weight and community.

Understanding the myriad options for routing can produce efficiencies for institutions and create opportunities for research and education networks to collaborate.

Video Topics

BGP for All

Introduction to Routing

Internet Routing
Routing Protocols
Introduction to IS-IS
IS-IS Levels
IS-IS Adjacencies
Best Configuration Practices for IS-IS on Cisco IOS
IS-IS Authentication, Default Routes and IPv6
Introduction to OSPF
OSPF Areas
OSPF Adjacencies
Best Configuration Practices for OSPF on Cisco IOS
OSPF Authentication, Default Routes and IPv6
Comparing OSPF and IS-IS
Choosing between OSPF and IS-IS
Migrating OSPF to IS-IS
Migration Plan
Finalizing Migration

Introduction to BGP

Introduction to Border Gateway Protocol
Transit and Peering
Autonomous Systems
How BGP works
Supporting Multiple Protocols
IBGP and EBGP
Setting up EBGP
Setting up IBGP
Introducing prefixes into the BGP RIB
How to configure aggregation
Display BGP Status

BGP Attributes

Attributes
AS Path
Next Hop
Origin
Aggregator
Local Preference
Multi Exit Discriminator
Weight
Community
Community Specifics
Path Selection

BGP Policy

Applying Policy
Prefix Filtering
AS Path Filtering
Policy Language
Managing Policy Changes

BGP Scaling Techniques

Introduction
Route Refresh
Cisco Peer Groups & Juniper BGP Groups
Route Reflector Introduction
Route Reflector Deployment
Confederation Overview
Route Flap Damping

BGP Best Practices

Introduction to BGP Best Practices
EBGP Default Behavior
Overview of BGP versus IGP
How to Generate an Aggregate
How to Announce an Aggregate
Keeping IBGP Internal
Efforts to Improve Aggregation (CIDR Report)
Receiving Prefixes from Customers
Receiving Prefixes Peers
Receiving Prefixes from Upstream-Transit Provider
BGP Configuration Tips
InterConnection Best Practices
Internet Routing Registry: Introduction
Internet Routing Registry: Route Object, AS Object and AS Set
InterConnection Best Practices: Summary

Multi-Homing

Why Multi-Home?
Multi-Homing Definition
Multi-Homing Resources
Multi-Homing Policy Tools
Choosing Peering Partners and Transit Providers
Multi-Homing Scenarios
Multiple Sessions between Two ASes
Basic Principles of Multi-Homing
IP Addressing and Multi-Homing
Inbound Traffic Engineering
Two Links to One ISP, Primary and Backup
Two Links to One ISP, Load Balancing
Multiple-Dual-Homed Customers
Two Links to Different ISPs, Primary and Backup
Two Links to Different ISPs, Load Balancing
Outbound Traffic Engineering
One Upstream, One Local Peer
One Upstream, One Local IXP
Upstream Provider Also Peering at the IXP
Two Upstream, Local Peer--Using Defaults
Two Upstream, Local Peer--Using Full Routes
Two Upstream, Local Peer--Using Partial Routes
Summary of Multi-Homing Examples

BGP Case Studies

Peering Priorities
Transit Provider Peering at an IXP
Customer Multihomed between two IXP members
Traffic Engineering for an ISP connected to two IXes
Traffic Engineering for an ISP with two interfaces on one IX LAN
Traffic Engineering and CDNs

Communities

Communities: RFC 1998 Traffic Engineering
Communities: Simplifying Traffic Engineering
How to Apply Communities to Originated Routes
How to Use Communities for Service Identification
How to Use Communities to Scale a Route Reflector
Using Communities for Customer Policy

Value of Peering

Peering Definitions
Types of Peering
ISP Goals
Role of the IXP
Local versus Regional Exchange Point

IXP Design and Implementation

IXP History
Basic Principles of an IXP
IXP Design
"Layer 3 Exchanges?"
IXP Design Considerations
Routing Policies at IXPs
Internet Resources required for an IXP
Choosing IXP Hardware
Charging at IXPs
Services at IXPs
Route Collectors
Route Servers
What Can Go Wrong
IXP Further Considerations

BGP for NRENs

Research and Education Network Ecosystem
NREN Model Implications for Campuses
Dual Homed Campuses

Routing Security

Routing Infrastructure Security
Route Authentication
Credential Management
Credential Security
Security Practice Considerations
DDoS and Remotely Triggered Black Hole
DDoS Mitigation and RTBH
Unicast Reverse Path Forwarding (uRPF)
Route Origin Validation: Quick Introduction

Route Origin Validation

Validating BGP Route Announcements
Resource Public Key Infrastructure (RPKI)
Route Origin Authorisation: Background
Route Origin Authorisation: Creating ROAs
Route Origin Validation: Introduction
Route Origin Validation: AS0
Route Origin Validation: Vendor Support & Validator Caches
Validator Cache Deployment
Configuring Routers to use Validator Caches
RPKI Status Checking
Deploying RPKI within an AS
Propagating Validation State within an AS
Route Origin Validation: Statistics & Summary

MANRS

MANRS Overview
MANRS - 1 - Prefix Filtering
MANRS - 2 - BCP38 and uRPF
MANRS - 3 - NOC to NOC Communication
MANRS - 4 - RPKI and ROA
MANRS Summary

perfSONAR

Intro & Installation

What is perfSONAR?
perfSONAR Deployment Plan
How to Select Hardware for perfSONAR
Install perfSONAR NEW
How to Secure a perfSONAR node
Interpreting Performance Behind Firewalls
Understanding TCP Buffer-Size

Configuration

How to Configure the Toolkit
How to Configure Enabled Services
How to Configure NTP Services NEW
How to Configure Testing Policies
How to Find Other perfSONAR Nodes NEW

Regular Testing

Regular BWCTL
Latency-Ping

Using Metrics

Metrics Traceroute
Metrics Delay
Metrics Jitter
Metrics Throughput

Network Measurements

pScheduler NEW in pS4.0
BWPing
BWCTL
TCP Buffer-Size
BW Traceroute

Using MaDDash

MaDDash Overview
MaDDash Configuration File
Install MaDDash
Install MaDDash Mesh Configuration
Configuring Test Hosts with MaDDash

ScienceDMZ

Background and Structure

Science DMZ Overview
Science DMZ Examples
Science DMZ Security

Specific Designs

Minimal Science DMZ
Multiple Science DMZs
DMZ Multiple Data Transfer Nodes
Science DMZ in a Supercomputer Center Network
Science DMZ Big Data Site

Techniques & Technology

Science DMZ TCP Performance
perfSONAR in the Science DMZ
Science DMZ Firewall Limits
Science DMZ Backplane Limits
Science DMZ for Software Defined Networks
Science DMZ Data Transfer Nodes versus Enterprise Security
Science DMZ as A Customer

FedIdM

Campus Identity

eduroam and Identity Services
Introduction to Identity on Campus
Identity and the Campus Network
Identity and Cloud Services
Defining Users

Federated Identity

Introduction to Identity Federations
Identity and Access Management for Researchers
Identity Federation for Service Providers

Identity and Business Models

Value Proposition and Business Models
Risk Management and Identity

Campus Network Design & Ops

National Research & Education Networks

Research and Education Network Ecosystem
NREN Model Implications for Campuses
Dual Homed Campuses

Layer 1, 2 and 3 Refresher

The OSI Model
Layer 1: Physical
Building Networks at Layer 1
Layer 2: Link
MAC Address Learning
Building Networks at Layer 2
Layer 3: Network
Building Networks at Layer 3
Layer 4: Transport
Layers 5, 6, 7
OSI versus TCP/IP
Encapsulation in Action
Traceroute
Debugging Layers

Campus Network Design Principles

Campus Network Challenges
Campus Network Rules
Edge Networks
Core Network Design
Switches, Servers and Firewalls
Science DMZ and Border Router

Campus Network Cabling Best Practices

Structured Cabling Systems: Introduction
Unshielded Twisted Pair Cabling
Fiber Optic Cabling
Fiber Optic Cost and Distance
Fiber Optic Costs: Practical Examples
Fiber Optic Summary

Cabling Installation Tips

Cabling Installation Hints
Underground Conduit Planning
Outdoor Conduit Installation
Fiber Optic Cabling Installation
Fiber Optic Connectors
Network Racks

IPv4 and IPv6 Addressing

IPv4 Addresses
Network Prefixes
Netmasks
Subnetting
IPv6 Addresses
Hierarchical Address Allocation
Designing an IPv4 Address Plan
Designing an IPv6 Address Plan

Cisco Configuration Essentials

Cisco Configuration Introduction
Verifying and Troubleshooting Configuration
Replacing Poor Defaults

Switching Architectures

Switching Loops and Broadcast Storms
Spanning Tree Definition
Spanning Tree Protocol
Spanning Tree in Practice
Spanning Tree Protocol: Design Guidelines
Spanning Tree Protocol: Sample Configuration
Spanning Tree: Practical Demonstration
Virtual LANs: Introduction
VLANs: Practical Demonstration
Routing Inter-VLAN Traffic
VLANs Multi-Vendor Configuration
Multi-Vendor VLANs: Practical Demonstration

Switching Architectures: Advanced L2

Link Aggregation
Rapid Spanning Tree
Multiple Spanning Tree
Switch Configuration for Network Management

Routing and Forwarding Basics

Routing Basics
Routing versus Forwarding
Routing Terminology
How Routing Works
Routing Protocols

L3 Switches

Adding Routing Capability to an Ethernet Switch
Deploying a Layer 3 Switch in a Campus

Migrating a Campus Network from Flat to Routed

Migrating a Campus Network: DHCP
DHCP Relay
DHCP Configuration
Migrating a Campus Network: Planning
Migrating a Campus Network: Example
Migrating a Campus Network: Other Hints

Choosing Campus Devices

Choosing Campus Devices: Introduction
Choosing Campus Devices: Minimum Switch Requirements
Choosing Edge Switches
Choosing Distribution Switches
Choosing a Core Router
Choosing a Border Router
Choosing Routers: Summary

Campus Operations Best Practices

Best Current Practices: Introduction
Best Current Practices: DNS
Best Current Practices: DHCP
Best Current Practices: NTP
Best Current Practices: Authentication Servers
Best Current Practices: Miscellaneous

Campus Network Security

Campus Network Security: Introduction
Policy Framework
Network Monitoring and Management
Encryption and Two-Factor Authentication
Virus Protection
Authentication and Authorization
Blocking Traffic
Campus Network Architecture
Campus Security Summary and Resources

Campus Security Configuration

Campus Security Configuration: Introduction
Securing Campus Devices
Securing Switches and Wireless Access Points
Securing Campus Servers
Campus Jumphost
Border Router Filtering: Introduction
Simple Border Router Filter
Complex Border Router Filter

Building a Wireless Campus or Community Network

Building a Wireless Campus or Community Network
Overview of 802.11 Standards
Wi-Fi 6E Adoption
Choosing Wi-Fi Equipment
Channel Management
Planning Access Point Placement
Physical Deployment of Access Points
Antenna Optimization Examples
Users per Access Point
Wireless at Layer 2: SSIDs
SSID Recommendations
eduroam
Wireless at Layer 3
Wireless Network Authentication

Network Address Translation

Network Address Translation: Introduction
NAT Simple Campus Use Case and Cisco Configuration
NAT Simple Campus Use Case and Juniper Configuration
Campus Use Case: Per Subnet NAT
NAT Summary
NAT Issues

Network Monitoring & Management

Configurable versus Static Network Monitoring Tools
Traditional versus Scalable NMM
Netflow: Introduction
Netflow: Generating and Exporting Flow Records
Netflow: Configuring Cisco Flows
Netflow: Nfdump and NfSen
Netflow: References and Appendices
Introduction to Smokeping

Wireless Connectivity for Hard to Reach Areas

Wireless Connectivity: Overview
Wireless Connectivity: Physics
Wireless Connectivity: Wireless for Communication
Wireless Connectivity: Antenna Properties
Wireless Connectivity: Antenna Types
Propagation and Interference
Link Budget and Decibels
Selecting Wireless Gear
Wireless Connectivity: Summary

Building Wireless Infrastructure on a Small Budget

Building Wireless Infrastructure on a Budget: Introduction
Making Your Own Antennas
Three DIY Antenna Projects
Summary for DIY Antennas and DIY Wireless

Campus Security Conversations

Campus Security Introduction
Campus Security Program and Roles
Evolution of Campus Security Operations
Central Identity Management Tool
Viruses, Patching and Vulnerabilities
Network Management and Security Foundations
Investing in Security
Does Security Ever Finish?
Firewalls versus Training

Introduction to Routing

  • Internet Routing
  • Routing Protocols
  • Introduction to IS-IS
  • IS-IS Levels
  • IS-IS Adjacencies
  • Best Configuration Practices for IS-IS on Cisco IOS
  • IS-IS Authentication, Default Routes and IPv6
  • Introduction to OSPF
  • OSPF Areas
  • OSPF Adjacencies
  • Best Configuration Practices for OSPF on Cisco IOS
  • OSPF Authentication, Default Routes and IPv6
  • Comparing OSPF and IS-IS
  • Choosing between OSPF and IS-IS
  • Migrating from OSPF to IS-IS
  • Migration Plan
  • Finalizing Migration

Introduction to BGP

  • Introduction to Border Gateway Protocol
  • Transit and Peering
  • Autonomous Systems
  • How BGP works
  • Supporting Multiple Protocols
  • IBGP versus EBGP
  • Setting up EBGP
  • Setting up IBGP
  • Introducing prefixes into the BGP RIB
  • How to configure aggregation
  • Display BGP Status

BGP Attributes

  • What is a BGP attribute
  • AS Path
  • Next Hop
  • Origin
  • Aggregator
  • Local Preference
  • Multi Exit Discriminator
  • Weight
  • Community
  • Community Specifics
  • Path Selection

BGP Policy

  • Applying Policy with BGP
  • Prefix Filtering
  • AS Path Filtering
  • Policy Language
  • Managing Policy Changes

BGP Scaling Techniques

  • Introduction
  • Route Refresh
  • Cisco Peer Groups and Juniper BGP Groups NEW
  • Route Reflector Introduction
  • Route Reflector Deployment
  • Confederation Overview
  • Route Flap Damping

BGP Best Practices

  • Introduction to BGP Best Practices
  • EBGP Default Behavior
  • Overview of BGP versus IGP
  • How to Generate an Aggregate UPDATED
  • How to Announce an Aggregate UPDATED
  • Keeping IBGP Internal
  • Efforts to Improve Aggregation (CIDR Report)
  • Receiving Prefixes from Customers
  • Receiving Prefixes from Peers
  • Receiving Prefixes from Upstream-Transit Provider
  • BGP Configuration Tips
  • InterConnection Best Practices
  • Internet Routing Registry: Introduction NEW
  • IRR Route Object, AS Object and AS Set
  • InterConnection Best Practices: Summary

Multi-Homing

  • Why Multi-Home?
  • Multi-Homing Definition
  • Multi-Homing Resources
  • Multi-Homing Policy Tools
  • Choosing Peering Partners and Transit Providers
  • Multi-Homing Scenarios
  • Multiple Sessions between Two ASes
  • Basic Principles of Multi-Homing
  • IP Addressing and Multi-Homing
  • Inbound Traffic Engineering
  • Two Links to One ISP, Primary and Backup
  • Two Links to One ISP, Load Balancing
  • Multiple-Dual-Homed Customers
  • Two Links to Different ISPs, Primary and Backup
  • Two Links to Different ISPs, Load Balancing
  • Outbound Traffic Engineering
  • One Upstream, One Local Peer
  • One Upstream, One Local IXP
  • Upstream Provider Also Peering at the IXP
  • Two Upstream, Local Peer--Using Defaults
  • Two Upstream, Local Peer--Using Full Routes
  • Two Upstream, Local Peer--Using Partial Routes
  • Summary of Multi-Homing Examples

BGP Case Studies

  • Peering Priorities
  • Transit Provider Peering at an IXP
  • Customer Multihomed between two IXP members
  • Traffic Engineering for an ISP connected to two IXes
  • Traffic Engineering for an ISP with two interfaces on one IX LAN
  • Traffic Engineering and CDNs

Communities

  • Communities: RFC 1998 Traffic Engineering
  • Communities: Simplifying Traffic Engineering
  • How to Apply Communities to Originated Routes
  • How to Use Communities for Service Identification
  • How to Use Communities to Scale a Route Reflector
  • Using Communities for Customer Policy

Value of Peering

  • Peering Definitions
  • Types of Peering
  • ISP Goals
  • Role of the IXP
  • Local versus Regional Exchange Point

IXP Design and Implementation

  • IXP History
  • Basic Principles of an IXP
  • IXP Design
  • "Layer 3 Exchanges?"
  • IXP Design Consideration
  • Routing Policies at IXPs
  • Internet Resources Required for an IXP
  • Choosing IXP Hardware
  • Charging at IXPs
  • Services at IXPs
  • Route Collectors
  • Route Servers
  • What Can Go Wrong
  • IXP Further Considerations

BGP for NRENS

  • Research and Education Network Ecosystem
  • NREN Model Implications for Campuses
  • Dual Homed Campuses

Routing Security

  • Routing Infrastructure Security
  • Route Authentication
  • Credential Management
  • Credential Security
  • Security Practice Considerations
  • DDoS and Remotely Triggered Black Hole
  • DDoS Mitigation and RTBH
  • Unicast Reverse Path Forwarding (uRPF) NEW
  • Route Origin Validation: Quick Introduction NEW

Route Origin Validation

  • Validating BGP Route Announcements
  • Resource Public Key Infrastructure (RPKI)
  • Route Origin Authorisation: Background
  • Route Origin Authorisation: Creating ROAs
  • Route Origin Validation: Introduction
  • Route Origin Validation: AS0
  • Route Origin Validation: Vendor Support & Validator Caches
  • Validator Cache Deployment
  • Configuring Routers to use Validator Caches
  • RPKI Status Checking
  • Deploying RPKI within an AS
  • Propagating Validation State within an AS
  • Route Origin Validation: Statistics & Summary

MANRS

  • MANRS Overview NEW
  • MANRS - 1 - Prefix Filtering NEW
  • MANRS - 2 - BCP38 and uRPF NEW
  • MANRS - 3 - NOC to NOC Communication NEW
  • MANRS - 4 - RPKI and ROA NEW
  • MANRS Summary NEW

Acknowledgments

This collection of educational materials originates from the erstwhile Cisco ISP/IXP Workshop series. Since the 1990s many network engineers, operators, and routing experts from across the global Internet have contributed their knowledge and operational expertise of industry best practices to make this content what it is today.

Google Logo
ICANN Logo
ISOC Logo
MANRS Logo
National
Network
Network Startup Resource Center on Facebook Network Startup Resource Center on Twitter Network Startup Resource Center on YouTube Network Startup Resource Center on Instagram

Home About Contact