Day One: Deploying BGP Routing Security

Melchior Aelmans and Niels Raijer

Day One: Deploying BGP Routing Security

Secure, field-tested, device and protocol configurations for running Junos® OS routers in the BGP default-free zone.

This book is intended for network administrators running Junos OS routers in the BGP default-free zone. It provides field-tested device and protocol configurations for creating a secure and stable network, as well as brief background information needed to understand and deploy these solutions in your own environment. While many network administrators may find the contents of this book interesting, its real value is to those running a BGP network without having a default route present in their network (or accepting such a route from their upstream provider) – the default-free zone.

“High-quality Internet services require a global routing table of equally high quality and in this very practical book the authors show how you can improve that global table using the tools available today. It’s easy to read, with detailed tutorials, and even includes copy and paste Junos configuration examples. Whether you have just started working with Internet routing or have done so for many years, this book will show you how to do it better.” – Torunn Narvestad, Senior IP Network Architect, Telenor Norway

“Melchior and Niels have done a fantastic job consolidating a ton of tribal knowledge and disparate information sources into an easy-to-read RPKI Origin Validation deployment guide. This book will help lower the barrier to run a secure and robust network!” – Job Snijders, Internet Architect, NTT Communications

IT’S DAY ONE AND YOU HAVE A JOB TO DO, SO LEARN HOW TO:
  • Understand the relevance of filtering routes as you learn them from your customers, peers, and transits.
  • Understand what portion of via BGP received routes should be rejected for securing your routing table.
  • Implement routing policies that reject invalid routing information.
  • Understand and implement redundant Resource Public Key Infrastructure (RPKI) validators.
  • Verify your configuration and support your network using basic troubleshooting commands.
  • How to use RIR tools to make sure your routes and prefixes are accepted by other ISPs who filter and/or have deployed RPKI.

About the Authors

Melchior Aelmans is a Senior Systems Engineer at Juniper Networks, where he has been working with many operators on the design, security, and evolution of their networks. He has over 10 years of experience in various operations, engineering, and sales engineering positions with enterprises, data centers and Service Provider. Before joining Juniper Networks, he worked with eBay, LGI, KPN, etc. Melchior enjoys evangelizing and discussing topics like BGP, peering, routing security, and Internet routing. He also participates in IETF and is a board member of the NLNOG foundation. In his spare time, he enjoys spending time outdoors hiking with his girlfriend and dog and climbing mountains.

Niels Raijer was introduced to e-mail, Gopher and USENET in 1993 as part of his Chemical Engineering education at the University of Amsterdam, and decided that they were what all businesses in the world would need. After graduation he founded Fusix Networks in 1997. Having worked for Demon Internet and other ISPs since then, he is now CTO of Fusix Networks, responsible for providing network consultancy and connectivity services where the keywords are security, stability, and speed. Niels is also the founder of both Coloclue and NLNOG. He is married, has two children, and likes to pretend he is still a fairly decent competitive swimmer.

Price: $16.00
Pages: 68
Date Published: February 5, 2019
Author: Melchior Aelmans and Niels Raijer
Part Number: V4081806403
Ships in 3-5 days
Why Vervante?

© 2019 Vervante Corporation. All rights reserved.