Now let's look at the border router and what filtering we require there. Border router is the first line of defense for the campus. It handles all the routing with the NREN. It runs OSPF or IS-IS if you prefer with the core router. More advanced campus networks will also use BGP with the NREN and also internally to the campus core router. The border router will also connect to the science demarcation zone if you have one and this is where you implement your packet filtering inbound and outbound as required. As mentioned in the campus security overview presentation there is minimal need to block incoming ports. Campuses do need to pay close attention to certain assets and certain types of services which are only used on campus. So the two examples i'm going to show you: one is a simple example with minimal filtering, the other one is a complex example more commonly used in enterprise networks that need significant ongoing maintenance. And for these examples we're just going to use 100.64 16 as the campus IPv4 address block.

© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.

Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.