DAY ONE: Securing the Routing Engine on M, MX, and T SeriesS
The routing engine on Junos routers performs many different functions, from processing routing protocol updates, to driving the command-line interface (CLI). Given that the routing engine is critical to the operation of the device and its network, you need to protect the routing engine from unwanted traffic by allowing only essential permitted traffic. Unwanted traffic can come in many different forms: malicious traffic seeking to gain unauthorized access, unintentional routing protocol updates from neighboring devices, or even legitimate traffic that exceeds a given bandwidth limit.
This Day One book shows you how to secure the routing engine step-by-step. Learn how, learn why, then follow along as you build a modular firewall filter and apply it.
ďAn indispensable resource for anyone who needs to protect their Internet connected routers.Ē Matt Hite, Network engineer, Zynga
ITíS DAY ONE AND YOU HAVE A JOB TO DO, SO LEARN HOW TO:
About the Authors
- Secure the routing engine with a modular framework of firewall policies and policers.
- Understand how firewall filters work and how they are applied to the routing engine.
- Create a modular framework by chaining together firewall filters.
- Describe how firewall logs are managed and view firewall logs in detail.
- Understand how firewall counters work and view firewall counters.
- Write detailed firewall policies to permit specific traffic to the routing engine.
- Build dynamic prefix-lists based off the Junos configuration using apply-path.
- Rate-limit and police certain types of traffic to the routing engine.
- Create filter-specific and term-specific policers.
Douglas Hanks Jr. is a Sr. Systems Engineer with Juniper Networks. He is certified in Juniper Networks as JNCIP-M/T #1441, JNCIS-ER, and JNCIS-SEC. Douglasí interests are network engineering and architecture for both Enterprise and Service Provider routing and switching.