SlideShare a Scribd company logo

Secure BGP and Operational Report of Bangladesh

โ€ข
โ€ข
Bangladesh Network Operators Group
Bangladesh Network Operators Group

Secure BGP and Operational Report of Bangladesh

Internet
1 of 16
Download to read offline
www.internetsociety.org Secure BGP and Operational Report of Bangladesh ION Bangladesh and bdNOG 5 Md. Jahangir Hossain Vice Chair, ISOC Bangladesh Chapter EC member, bdNOG
The Internet Society Key Areas ๏‚ง Prefix Filtering ๏‚ง Next-Hop Filtering ๏‚ง BGP TTL security (GTSM) ๏‚ง AS-path filtering ๏‚ง BGP community scrubbing ๏‚ง BGP route flap dampening ๏‚ง Control Plan Protection ๏‚ง Remotely-Triggered Black Hole (RTBH) ๏‚ง Go with ROA in Resource Public Key Infrastructure (RPKI) ๏‚ง RPKI development status in Bangladesh
The Internet Society Prefix Filtering ๏‚ง Filters with customers ๏‚ง Filters with Internet peers ๏‚ง Filters with upstream providers ๏‚ง Bogon prefix ---defined as Martians
The Internet Society Next-Hop Filtering = If we peering on a shared network, like an IXP, BGP can advertise prefixes with a 3rd-party next-hop, thus directing packets not to the peer announcing the prefix but somewhere else. = In direct peerings between ISPs, this is undesirable, as one of the peers could trick the other one to send packets into a black hole (unreachable next-hop) or to an unsuspecting 3rd party who would then have to carry the traffic. = Especially for black-holing, the root cause of the problem is hard to see without inspecting BGP prefixes at the receiving router at the IXP. Therefore, an inbound route policy SHOULD be applied on IXP peerings in order to set the next-hop for accepted prefixes to the BGP peer IP address (belonging to the IXP LAN) that sent the prefix (which is what "next-hop-self" would enforce on the sending side).
The Internet Society BGP TTL security (GTSM) = BGP sessions can be made harder to spoof with the Generalized TTL Security Mechanisms (GTSM, aka TTL security), defined in . Instead of sending TCP packets with TTL value of 1, the BGP speakers send the TCP packets with TTL value of 255 and the receiver checks that the TTL value equals 255. = Since it's impossible to send an IP packet with TTL of 255 to a non-directly- connected IP host, BGP TTL security effectively prevents all spoofing attacks coming from third parties not directly connected to the same subnet as the BGP speaking routers. = Network administrators SHOULD implement TTL security on directly connected BGP peerings. = GTSM could also be applied to multi-hop BGP peering as well.
The Internet Society AS-path filtering = Network administrators SHOULD NOT advertise prefixes with non- empty AS- path unless they intend to be transit for these prefixes. = Network administrators SHOULD NOT accept prefixes with private AS numbers in the AS-path except from customers. Exception: an upstream offering some particular service like black-hole origination based on a private AS number. = Customers should be informed by their upstream in order to put in place ad-hoc policy to use such services. = Network administrators SHOULD NOT accept prefixes when the first AS number in the AS-path is not the one of the peer unless the peering is done toward a BGP route-server (for example on an IXP) with transparent AS path handling. In that case this verification needs to be de-activated as the first AS number will be the one of an IXP member whereas the peer AS number will be the one of the BGP route-server.
The Internet Society BGP community scrubbing = Network administrators SHOULD scrub inbound communities with their number in the high-order bits, and allow only those communities that customers/peers can use as a signaling mechanism. = Networks administrators SHOULD NOT remove other communities applied on received routes (communities not removed after application of previous statement). In particular they SHOULD keep original communities when they apply a community. Customers might need them to communicate with upstream providers. In particular network administrators SHOULD NOT (generally) remove the no-export community as it is usually announced by their peer for a certain purpose.
The Internet Society BGP route flap dampening = The BGP route flap dampening mechanism makes it possible to give penalties to routes each time they change in the BGP routing table. Initially this mechanism was created to protect the entire Internet from multiple events impacting a single network. ๏ƒ˜ Studies have shown that implementations of BGP route flap dampening could cause more harm than they solve problems and therefore RIPE community has in the past recommended not using BGP route flap dampening . ๏ƒ˜ Studies have then been conducted to propose new route flap dampening thresholds in order to make the solution "usable", see RFC 7196
The Internet Society Protection of the BGP Speaker by Control Panel filtering Help to minimize DDOS attack
The Internet Society Remote Triggered Black Hole (RTBH) Remotely-Triggered Black Hole (RTBH) routing is an interesting application of BGP as a security tool within service provider networks. One common use is mitigation of distributed denial of service (DDoS) attacks. http://tools.ietf.org/html/rfc5635
The Internet Society SIDR - Secure Inter-Domain Routing An infrastructure called SIDR (Secure Inter-Domain Routing),has been designed to secure Internet advertisements. = Origin validation, described in seeks to make sure that attributes associated with routes are correct. = Path validation provided by BGPsec seeks to make sure that no one announces fake/wrong BGP paths that would attract traffic for a given destination. Implementing SIDR mechanisms is expected to solve many of the BGP routing security problems in the long term, but it may take time for deployments to be made and objects to become signed. Also, note that the SIDR infrastructure is complementing (not replacing) the security best practices .
The Internet Society Go with ROA ! A ROA or Route Origin Authorization is an attestation of a BGP route announcement. It attests that the origin AS number is authorized to announce the prefix(es). The attestation can be verified cryptographically using RPKI. โ€ข Verify whether an AS is authorized to announce a specific IP prefix โ€ข Minimize common routing errors โ€ข Prevent most accidental hijacks http://www.apnic.net/roa
The Internet Society ROA Example
The Internet Society RPKI Adoption rate in BD
The Internet Society Special Thanks to BCP: 194 J. Durand ,Cisco Systems, Inc. G. Doering ,SpaceNet https://tools.ietf.org/html/bcp194 Jac Kloots SURFnetJac Kloots ,SURFnet http://rpki.surfnet.nl/index.html Internet Society Deploy360 Programme Team http://www.internetsociety.org/deploy360/securing-bgp/ Fakrul Alam APNIC https://www.apnic.net/
www.internetsociety.org Join us today ! Global membership is FREE http://www.internetsociety.org/deploy360/ http://www.isoc.org.bd/dhaka/

Recommended

Application of local Internet content
Application of local Internet content Application of local Internet content
Application of local Internet content Bangladesh Network Operators Group
ย 
BDIX BOF
BDIX BOFBDIX BOF
BDIX BOFBangladesh Network Operators Group
ย 
Community tools to fight against DDoS
Community tools to fight against DDoSCommunity tools to fight against DDoS
Community tools to fight against DDoSFakrul Alam
ย 
Software Defined Networking: Primer
Software Defined Networking: Primer Software Defined Networking: Primer
Software Defined Networking: Primer Bangladesh Network Operators Group
ย 
MyIX Updates
MyIX UpdatesMyIX Updates
MyIX UpdatesMyNOG
ย 
DPI BOX: deep packet inspection for ISP traffic management
DPI BOX: deep packet inspection for ISP traffic managementDPI BOX: deep packet inspection for ISP traffic management
DPI BOX: deep packet inspection for ISP traffic managementIlya Mikov
ย 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsMyNOG
ย 
Social CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel DiscussionSocial CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel DiscussionBangladesh Network Operators Group
ย 

Recommended

Application of local Internet content
Application of local Internet content Application of local Internet content
Application of local Internet content Bangladesh Network Operators Group
ย 
BDIX BOF
BDIX BOFBDIX BOF
BDIX BOFBangladesh Network Operators Group
ย 
Community tools to fight against DDoS
Community tools to fight against DDoSCommunity tools to fight against DDoS
Community tools to fight against DDoSFakrul Alam
ย 
Software Defined Networking: Primer
Software Defined Networking: Primer Software Defined Networking: Primer
Software Defined Networking: Primer Bangladesh Network Operators Group
ย 
MyIX Updates
MyIX UpdatesMyIX Updates
MyIX UpdatesMyNOG
ย 
DPI BOX: deep packet inspection for ISP traffic management
DPI BOX: deep packet inspection for ISP traffic managementDPI BOX: deep packet inspection for ISP traffic management
DPI BOX: deep packet inspection for ISP traffic managementIlya Mikov
ย 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsMyNOG
ย 
Social CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel DiscussionSocial CDN Business : Paid or Free - bdNOG12 Panel Discussion
Social CDN Business : Paid or Free - bdNOG12 Panel DiscussionBangladesh Network Operators Group
ย 
Deep Packet Inspection technology evolution
Deep Packet Inspection technology evolutionDeep Packet Inspection technology evolution
Deep Packet Inspection technology evolutionDaniel Vinyar
ย 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27APNIC
ย 
Introduction to sandvine dpi
Introduction to sandvine dpiIntroduction to sandvine dpi
Introduction to sandvine dpiMohammed Abdallah
ย 
Protocols for IoT
Protocols for IoTProtocols for IoT
Protocols for IoTAravindhan G K
ย 
IoT Communication Protocols
IoT Communication ProtocolsIoT Communication Protocols
IoT Communication ProtocolsPradeep Kumar TS
ย 
Next Gen Monitoring with INT
Next Gen Monitoring with INTNext Gen Monitoring with INT
Next Gen Monitoring with INTMyNOG
ย 
Netflow slides
Netflow slidesNetflow slides
Netflow slidesJose Manuel Vega Monroy
ย 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRBangladesh Network Operators Group
ย 
Introduction to BRAS
Introduction to BRASIntroduction to BRAS
Introduction to BRASKHNOG
ย 
BKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSBKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSAPNIC
ย 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMOpen Networking Summit
ย 
Low Sost Secure VPN SSTP - MUM ID 2012
Low Sost Secure VPN SSTP - MUM ID 2012Low Sost Secure VPN SSTP - MUM ID 2012
Low Sost Secure VPN SSTP - MUM ID 2012Faisal Reza
ย 
Protocols for internet of things
Protocols for internet of thingsProtocols for internet of things
Protocols for internet of thingsCharles Gibbons
ย 
Introduction to wireless application protocol (wap)ogi
Introduction to wireless application protocol (wap)ogiIntroduction to wireless application protocol (wap)ogi
Introduction to wireless application protocol (wap)ogiSenthil Kanth
ย 
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PROIDEA
ย 
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...SolarWinds
ย 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
ย 
Wireless Application Protocol ppt
Wireless Application Protocol pptWireless Application Protocol ppt
Wireless Application Protocol pptgo2project
ย 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & TroubleshootingAPNIC
ย 
15.) cloud (opex, capex or hybrid)
15.) cloud (opex, capex or hybrid)15.) cloud (opex, capex or hybrid)
15.) cloud (opex, capex or hybrid)Jeff Green
ย 
Misused top ASNs
Misused top ASNsMisused top ASNs
Misused top ASNsBangladesh Network Operators Group
ย 
Local Solution with Global Potential
Local Solution with Global PotentialLocal Solution with Global Potential
Local Solution with Global PotentialBangladesh Network Operators Group
ย 

More Related Content

What's hot

Deep Packet Inspection technology evolution
Deep Packet Inspection technology evolutionDeep Packet Inspection technology evolution
Deep Packet Inspection technology evolutionDaniel Vinyar
ย 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27APNIC
ย 
Introduction to sandvine dpi
Introduction to sandvine dpiIntroduction to sandvine dpi
Introduction to sandvine dpiMohammed Abdallah
ย 
Protocols for IoT
Protocols for IoTProtocols for IoT
Protocols for IoTAravindhan G K
ย 
IoT Communication Protocols
IoT Communication ProtocolsIoT Communication Protocols
IoT Communication ProtocolsPradeep Kumar TS
ย 
Next Gen Monitoring with INT
Next Gen Monitoring with INTNext Gen Monitoring with INT
Next Gen Monitoring with INTMyNOG
ย 
Introduction to BRAS
Introduction to BRASIntroduction to BRAS
Introduction to BRASKHNOG
ย 
BKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSBKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSAPNIC
ย 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMOpen Networking Summit
ย 
Low Sost Secure VPN SSTP - MUM ID 2012
Low Sost Secure VPN SSTP - MUM ID 2012Low Sost Secure VPN SSTP - MUM ID 2012
Low Sost Secure VPN SSTP - MUM ID 2012Faisal Reza
ย 
Protocols for internet of things
Protocols for internet of thingsProtocols for internet of things
Protocols for internet of thingsCharles Gibbons
ย 
Introduction to wireless application protocol (wap)ogi
Introduction to wireless application protocol (wap)ogiIntroduction to wireless application protocol (wap)ogi
Introduction to wireless application protocol (wap)ogiSenthil Kanth
ย 
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PROIDEA
ย 
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...SolarWinds
ย 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
ย 
Wireless Application Protocol ppt
Wireless Application Protocol pptWireless Application Protocol ppt
Wireless Application Protocol pptgo2project
ย 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & TroubleshootingAPNIC
ย 
15.) cloud (opex, capex or hybrid)
15.) cloud (opex, capex or hybrid)15.) cloud (opex, capex or hybrid)
15.) cloud (opex, capex or hybrid)Jeff Green
ย 

What's hot (20)

Deep Packet Inspection technology evolution
Deep Packet Inspection technology evolutionDeep Packet Inspection technology evolution
Deep Packet Inspection technology evolution
ย 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27
ย 
Introduction to sandvine dpi
Introduction to sandvine dpiIntroduction to sandvine dpi
Introduction to sandvine dpi
ย 
Protocols for IoT
Protocols for IoTProtocols for IoT
Protocols for IoT
ย 
IoT Communication Protocols
IoT Communication ProtocolsIoT Communication Protocols
IoT Communication Protocols
ย 
Next Gen Monitoring with INT
Next Gen Monitoring with INTNext Gen Monitoring with INT
Next Gen Monitoring with INT
ย 
Netflow slides
Netflow slidesNetflow slides
Netflow slides
ย 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRR
ย 
Introduction to BRAS
Introduction to BRASIntroduction to BRAS
Introduction to BRAS
ย 
BKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSBKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoS
ย 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
ย 
Low Sost Secure VPN SSTP - MUM ID 2012
Low Sost Secure VPN SSTP - MUM ID 2012Low Sost Secure VPN SSTP - MUM ID 2012
Low Sost Secure VPN SSTP - MUM ID 2012
ย 
Protocols for internet of things
Protocols for internet of thingsProtocols for internet of things
Protocols for internet of things
ย 
Introduction to wireless application protocol (wap)ogi
Introduction to wireless application protocol (wap)ogiIntroduction to wireless application protocol (wap)ogi
Introduction to wireless application protocol (wap)ogi
ย 
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
ย 
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network ...
ย 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
ย 
Wireless Application Protocol ppt
Wireless Application Protocol pptWireless Application Protocol ppt
Wireless Application Protocol ppt
ย 
Network State Awareness & Troubleshooting
Network State Awareness & TroubleshootingNetwork State Awareness & Troubleshooting
Network State Awareness & Troubleshooting
ย 
15.) cloud (opex, capex or hybrid)
15.) cloud (opex, capex or hybrid)15.) cloud (opex, capex or hybrid)
15.) cloud (opex, capex or hybrid)
ย 

Viewers also liked

เฆฌเฆพเฆ‚เฆฒเฆพเฆฏเฆผ เฆจเง‡เฆŸเฆ“เงŸเฆพเฆฐเงเฆ•เฆฟเฆ‚ เฆธเงเฆฌเฆพเฆฆ!
เฆฌเฆพเฆ‚เฆฒเฆพเฆฏเฆผ เฆจเง‡เฆŸเฆ“เงŸเฆพเฆฐเงเฆ•เฆฟเฆ‚ เฆธเงเฆฌเฆพเฆฆ!เฆฌเฆพเฆ‚เฆฒเฆพเฆฏเฆผ เฆจเง‡เฆŸเฆ“เงŸเฆพเฆฐเงเฆ•เฆฟเฆ‚ เฆธเงเฆฌเฆพเฆฆ!
เฆฌเฆพเฆ‚เฆฒเฆพเฆฏเฆผ เฆจเง‡เฆŸเฆ“เงŸเฆพเฆฐเงเฆ•เฆฟเฆ‚ เฆธเงเฆฌเฆพเฆฆ!Bangladesh Network Operators Group
ย 
Mobile Internet Optimization: An effective tool for operators
Mobile Internet Optimization: An effective tool for operatorsMobile Internet Optimization: An effective tool for operators
Mobile Internet Optimization: An effective tool for operatorsBangladesh Network Operators Group
ย 

Viewers also liked (20)

Misused top ASNs
Misused top ASNsMisused top ASNs
Misused top ASNs
ย 
Local Solution with Global Potential
Local Solution with Global PotentialLocal Solution with Global Potential
Local Solution with Global Potential
ย 
Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How
ย 
APNIC Service Improvements 2015
APNIC Service Improvements 2015APNIC Service Improvements 2015
APNIC Service Improvements 2015
ย 
Case study of Bangladesh IPv6 deployment
Case study of Bangladesh IPv6 deployment Case study of Bangladesh IPv6 deployment
Case study of Bangladesh IPv6 deployment
ย 
Go with the Flow
Go with the Flow Go with the Flow
Go with the Flow
ย 
Apnic update
Apnic updateApnic update
Apnic update
ย 
bdNOG Report
bdNOG ReportbdNOG Report
bdNOG Report
ย 
VoLTE: New horizon for voice revenue
VoLTE: New horizon for voice revenueVoLTE: New horizon for voice revenue
VoLTE: New horizon for voice revenue
ย 
RTT matters
RTT mattersRTT matters
RTT matters
ย 
เฆฌเฆพเฆ‚เฆฒเฆพเฆฏเฆผ เฆจเง‡เฆŸเฆ“เงŸเฆพเฆฐเงเฆ•เฆฟเฆ‚ เฆธเงเฆฌเฆพเฆฆ!
เฆฌเฆพเฆ‚เฆฒเฆพเฆฏเฆผ เฆจเง‡เฆŸเฆ“เงŸเฆพเฆฐเงเฆ•เฆฟเฆ‚ เฆธเงเฆฌเฆพเฆฆ!เฆฌเฆพเฆ‚เฆฒเฆพเฆฏเฆผ เฆจเง‡เฆŸเฆ“เงŸเฆพเฆฐเงเฆ•เฆฟเฆ‚ เฆธเงเฆฌเฆพเฆฆ!
เฆฌเฆพเฆ‚เฆฒเฆพเฆฏเฆผ เฆจเง‡เฆŸเฆ“เงŸเฆพเฆฐเงเฆ•เฆฟเฆ‚ เฆธเงเฆฌเฆพเฆฆ!
ย 
The Future of SIP in WebRTC
The Future of SIP in WebRTCThe Future of SIP in WebRTC
The Future of SIP in WebRTC
ย 
ISP status in Bangladesh 2016
ISP status in Bangladesh 2016ISP status in Bangladesh 2016
ISP status in Bangladesh 2016
ย 
Onboard Automation with EEM
Onboard Automation with EEM Onboard Automation with EEM
Onboard Automation with EEM
ย 
Mobile Internet Optimization: An effective tool for operators
Mobile Internet Optimization: An effective tool for operatorsMobile Internet Optimization: An effective tool for operators
Mobile Internet Optimization: An effective tool for operators
ย 
Holistic view of 802.1x integration & optimization
Holistic view of 802.1x integration & optimizationHolistic view of 802.1x integration & optimization
Holistic view of 802.1x integration & optimization
ย 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
ย 
Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet?
ย 
History and Evolution of Bangladesh Internet
History and Evolution of Bangladesh Internet History and Evolution of Bangladesh Internet
History and Evolution of Bangladesh Internet
ย 
Building REN in BD
Building REN in BD Building REN in BD
Building REN in BD
ย 

Similar to Secure BGP and Operational Report of Bangladesh

BGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkBGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkIT Tech
ย 
Securing Routing Protocol BGP
Securing Routing Protocol BGPSecuring Routing Protocol BGP
Securing Routing Protocol BGPIRJET Journal
ย 
T4 Handout3
T4 Handout3T4 Handout3
T4 Handout3gobed
ย 
BGP Overview
BGP OverviewBGP Overview
BGP OverviewMatt Bynum
ย 
Manrs 7_sept__indonesia
Manrs 7_sept__indonesiaManrs 7_sept__indonesia
Manrs 7_sept__indonesiaNaveenLakshman
ย 
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEYA NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEYIJNSA Journal
ย 
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEYA NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEYIJNSA Journal
ย 
LKNOG3-Keynote
LKNOG3-KeynoteLKNOG3-Keynote
LKNOG3-KeynoteLKNOG
ย 
LkNOG 3: Strengthening the Internet infrastructure in Sri Lanka
LkNOG 3: Strengthening the Internet infrastructure in Sri LankaLkNOG 3: Strengthening the Internet infrastructure in Sri Lanka
LkNOG 3: Strengthening the Internet infrastructure in Sri LankaAPNIC
ย 
routing Protocols and Virtual private network
routing Protocols and Virtual private networkrouting Protocols and Virtual private network
routing Protocols and Virtual private networkhayenas
ย 
Border Gateway Protocol
Border Gateway ProtocolBorder Gateway Protocol
Border Gateway ProtocolKashif Latif
ย 
bgp protocol
bgp protocol bgp protocol
bgp protocolSukanya Sanyal
ย 
Routing Protocols
Routing ProtocolsRouting Protocols
Routing Protocolselgraini
ย 
The benefit of BGP for every service provider
The benefit of BGP for every service providerThe benefit of BGP for every service provider
The benefit of BGP for every service providerThomas Mangin
ย 

Similar to Secure BGP and Operational Report of Bangladesh (20)

Part1
Part1Part1
Part1
ย 
BGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkBGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet Work
ย 
Securing Routing Protocol BGP
Securing Routing Protocol BGPSecuring Routing Protocol BGP
Securing Routing Protocol BGP
ย 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
ย 
Bigbgp
BigbgpBigbgp
Bigbgp
ย 
T4 Handout3
T4 Handout3T4 Handout3
T4 Handout3
ย 
BGP Overview
BGP OverviewBGP Overview
BGP Overview
ย 
Presentation1
Presentation1Presentation1
Presentation1
ย 
Manrs 7_sept__indonesia
Manrs 7_sept__indonesiaManrs 7_sept__indonesia
Manrs 7_sept__indonesia
ย 
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEYA NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
ย 
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEYA NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEY
ย 
LKNOG3-Keynote
LKNOG3-KeynoteLKNOG3-Keynote
LKNOG3-Keynote
ย 
LkNOG 3: Strengthening the Internet infrastructure in Sri Lanka
LkNOG 3: Strengthening the Internet infrastructure in Sri LankaLkNOG 3: Strengthening the Internet infrastructure in Sri Lanka
LkNOG 3: Strengthening the Internet infrastructure in Sri Lanka
ย 
routing Protocols and Virtual private network
routing Protocols and Virtual private networkrouting Protocols and Virtual private network
routing Protocols and Virtual private network
ย 
Border Gateway Protocol
Border Gateway ProtocolBorder Gateway Protocol
Border Gateway Protocol
ย 
bgp protocol
bgp protocol bgp protocol
bgp protocol
ย 
Routing Protocols
Routing ProtocolsRouting Protocols
Routing Protocols
ย 
Arun project-Final
Arun project-FinalArun project-Final
Arun project-Final
ย 
The benefit of BGP for every service provider
The benefit of BGP for every service providerThe benefit of BGP for every service provider
The benefit of BGP for every service provider
ย 
PACE-IT: Introduction to Routing Protocols - N10 006
PACE-IT: Introduction to Routing Protocols - N10 006PACE-IT: Introduction to Routing Protocols - N10 006
PACE-IT: Introduction to Routing Protocols - N10 006
ย 

More from Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephBangladesh Network Operators Group
ย 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductBangladesh Network Operators Group
ย 
A plenarily integrated SIEM solution and itโ€™s Deployment
A plenarily integrated SIEM solution and itโ€™s DeploymentA plenarily integrated SIEM solution and itโ€™s Deployment
A plenarily integrated SIEM solution and itโ€™s DeploymentBangladesh Network Operators Group
ย 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceBangladesh Network Operators Group
ย 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaBangladesh Network Operators Group
ย 
Measuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create ValueMeasuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create ValueBangladesh Network Operators Group
ย 

More from Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
ย 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
ย 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
ย 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
ย 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
ย 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
ย 
A plenarily integrated SIEM solution and itโ€™s Deployment
A plenarily integrated SIEM solution and itโ€™s DeploymentA plenarily integrated SIEM solution and itโ€™s Deployment
A plenarily integrated SIEM solution and itโ€™s Deployment
ย 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
ย 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
ย 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
ย 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
ย 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
ย 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
ย 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
ย 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
ย 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
ย 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
ย 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
ย 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
ย 
Measuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create ValueMeasuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create Value
ย 

Recently uploaded

WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)
WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)
WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
ย 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...SUHANI PANDEY
ย 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
ย 
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...SUHANI PANDEY
ย 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdfMatthew Sinclair
ย 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...SUHANI PANDEY
ย 
โžฅ๐Ÿ” 7737669865 ๐Ÿ”โ–ป mehsana Call-girls in Women Seeking Men ๐Ÿ”mehsana๐Ÿ” Escorts...
โžฅ๐Ÿ” 7737669865 ๐Ÿ”โ–ป mehsana Call-girls in Women Seeking Men ๐Ÿ”mehsana๐Ÿ” Escorts...โžฅ๐Ÿ” 7737669865 ๐Ÿ”โ–ป mehsana Call-girls in Women Seeking Men ๐Ÿ”mehsana๐Ÿ” Escorts...
โžฅ๐Ÿ” 7737669865 ๐Ÿ”โ–ป mehsana Call-girls in Women Seeking Men ๐Ÿ”mehsana๐Ÿ” Escorts...nirzagarg
ย 
๐Ÿ“ฑDehradun Call Girls Service ๐Ÿ“ฑโ˜Ž๏ธ +91'905,3900,678 โ˜Ž๏ธ๐Ÿ“ฑ Call Girls In Dehradun ๐Ÿ“ฑ
๐Ÿ“ฑDehradun Call Girls Service ๐Ÿ“ฑโ˜Ž๏ธ +91'905,3900,678 โ˜Ž๏ธ๐Ÿ“ฑ Call Girls In Dehradun ๐Ÿ“ฑ๐Ÿ“ฑDehradun Call Girls Service ๐Ÿ“ฑโ˜Ž๏ธ +91'905,3900,678 โ˜Ž๏ธ๐Ÿ“ฑ Call Girls In Dehradun ๐Ÿ“ฑ
๐Ÿ“ฑDehradun Call Girls Service ๐Ÿ“ฑโ˜Ž๏ธ +91'905,3900,678 โ˜Ž๏ธ๐Ÿ“ฑ Call Girls In Dehradun ๐Ÿ“ฑ@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
ย 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
ย 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
ย 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
ย 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
ย 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
ย 
All Time Service Available Call Girls Mg Road ๐Ÿ‘Œ โญ๏ธ 6378878445
All Time Service Available Call Girls Mg Road ๐Ÿ‘Œ โญ๏ธ 6378878445All Time Service Available Call Girls Mg Road ๐Ÿ‘Œ โญ๏ธ 6378878445
All Time Service Available Call Girls Mg Road ๐Ÿ‘Œ โญ๏ธ 6378878445ruhi
ย 
๐Ÿ’š๐Ÿ˜‹ Salem Escort Service Call Girls, 9352852248 โ‚น5000 To 25K With AC๐Ÿ’š๐Ÿ˜‹
๐Ÿ’š๐Ÿ˜‹ Salem Escort Service Call Girls, 9352852248 โ‚น5000 To 25K With AC๐Ÿ’š๐Ÿ˜‹๐Ÿ’š๐Ÿ˜‹ Salem Escort Service Call Girls, 9352852248 โ‚น5000 To 25K With AC๐Ÿ’š๐Ÿ˜‹
๐Ÿ’š๐Ÿ˜‹ Salem Escort Service Call Girls, 9352852248 โ‚น5000 To 25K With AC๐Ÿ’š๐Ÿ˜‹nirzagarg
ย 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
ย 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
ย 
๐“€คCall On 7877925207 ๐“€ค Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
๐“€คCall On 7877925207 ๐“€ค Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...๐“€คCall On 7877925207 ๐“€ค Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
๐“€คCall On 7877925207 ๐“€ค Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
ย 

Recently uploaded (20)

WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)
WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)
WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)
ย 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
ย 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
ย 
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
ย 
Thalassery Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Thalassery Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call G...Thalassery Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Thalassery Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call G...
ย 
valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
ย 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
ย 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
ย 
โžฅ๐Ÿ” 7737669865 ๐Ÿ”โ–ป mehsana Call-girls in Women Seeking Men ๐Ÿ”mehsana๐Ÿ” Escorts...
โžฅ๐Ÿ” 7737669865 ๐Ÿ”โ–ป mehsana Call-girls in Women Seeking Men ๐Ÿ”mehsana๐Ÿ” Escorts...โžฅ๐Ÿ” 7737669865 ๐Ÿ”โ–ป mehsana Call-girls in Women Seeking Men ๐Ÿ”mehsana๐Ÿ” Escorts...
โžฅ๐Ÿ” 7737669865 ๐Ÿ”โ–ป mehsana Call-girls in Women Seeking Men ๐Ÿ”mehsana๐Ÿ” Escorts...
ย 
๐Ÿ“ฑDehradun Call Girls Service ๐Ÿ“ฑโ˜Ž๏ธ +91'905,3900,678 โ˜Ž๏ธ๐Ÿ“ฑ Call Girls In Dehradun ๐Ÿ“ฑ
๐Ÿ“ฑDehradun Call Girls Service ๐Ÿ“ฑโ˜Ž๏ธ +91'905,3900,678 โ˜Ž๏ธ๐Ÿ“ฑ Call Girls In Dehradun ๐Ÿ“ฑ๐Ÿ“ฑDehradun Call Girls Service ๐Ÿ“ฑโ˜Ž๏ธ +91'905,3900,678 โ˜Ž๏ธ๐Ÿ“ฑ Call Girls In Dehradun ๐Ÿ“ฑ
๐Ÿ“ฑDehradun Call Girls Service ๐Ÿ“ฑโ˜Ž๏ธ +91'905,3900,678 โ˜Ž๏ธ๐Ÿ“ฑ Call Girls In Dehradun ๐Ÿ“ฑ
ย 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
ย 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
ย 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
ย 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
ย 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
ย 
All Time Service Available Call Girls Mg Road ๐Ÿ‘Œ โญ๏ธ 6378878445
All Time Service Available Call Girls Mg Road ๐Ÿ‘Œ โญ๏ธ 6378878445All Time Service Available Call Girls Mg Road ๐Ÿ‘Œ โญ๏ธ 6378878445
All Time Service Available Call Girls Mg Road ๐Ÿ‘Œ โญ๏ธ 6378878445
ย 
๐Ÿ’š๐Ÿ˜‹ Salem Escort Service Call Girls, 9352852248 โ‚น5000 To 25K With AC๐Ÿ’š๐Ÿ˜‹
๐Ÿ’š๐Ÿ˜‹ Salem Escort Service Call Girls, 9352852248 โ‚น5000 To 25K With AC๐Ÿ’š๐Ÿ˜‹๐Ÿ’š๐Ÿ˜‹ Salem Escort Service Call Girls, 9352852248 โ‚น5000 To 25K With AC๐Ÿ’š๐Ÿ˜‹
๐Ÿ’š๐Ÿ˜‹ Salem Escort Service Call Girls, 9352852248 โ‚น5000 To 25K With AC๐Ÿ’š๐Ÿ˜‹
ย 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
ย 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
ย 
๐“€คCall On 7877925207 ๐“€ค Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
๐“€คCall On 7877925207 ๐“€ค Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...๐“€คCall On 7877925207 ๐“€ค Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
๐“€คCall On 7877925207 ๐“€ค Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
ย 

Secure BGP and Operational Report of Bangladesh

  • 1. www.internetsociety.org Secure BGP and Operational Report of Bangladesh ION Bangladesh and bdNOG 5 Md. Jahangir Hossain Vice Chair, ISOC Bangladesh Chapter EC member, bdNOG
  • 2. The Internet Society Key Areas ๏‚ง Prefix Filtering ๏‚ง Next-Hop Filtering ๏‚ง BGP TTL security (GTSM) ๏‚ง AS-path filtering ๏‚ง BGP community scrubbing ๏‚ง BGP route flap dampening ๏‚ง Control Plan Protection ๏‚ง Remotely-Triggered Black Hole (RTBH) ๏‚ง Go with ROA in Resource Public Key Infrastructure (RPKI) ๏‚ง RPKI development status in Bangladesh
  • 3. The Internet Society Prefix Filtering ๏‚ง Filters with customers ๏‚ง Filters with Internet peers ๏‚ง Filters with upstream providers ๏‚ง Bogon prefix ---defined as Martians
  • 4. The Internet Society Next-Hop Filtering = If we peering on a shared network, like an IXP, BGP can advertise prefixes with a 3rd-party next-hop, thus directing packets not to the peer announcing the prefix but somewhere else. = In direct peerings between ISPs, this is undesirable, as one of the peers could trick the other one to send packets into a black hole (unreachable next-hop) or to an unsuspecting 3rd party who would then have to carry the traffic. = Especially for black-holing, the root cause of the problem is hard to see without inspecting BGP prefixes at the receiving router at the IXP. Therefore, an inbound route policy SHOULD be applied on IXP peerings in order to set the next-hop for accepted prefixes to the BGP peer IP address (belonging to the IXP LAN) that sent the prefix (which is what "next-hop-self" would enforce on the sending side).
  • 5. The Internet Society BGP TTL security (GTSM) = BGP sessions can be made harder to spoof with the Generalized TTL Security Mechanisms (GTSM, aka TTL security), defined in . Instead of sending TCP packets with TTL value of 1, the BGP speakers send the TCP packets with TTL value of 255 and the receiver checks that the TTL value equals 255. = Since it's impossible to send an IP packet with TTL of 255 to a non-directly- connected IP host, BGP TTL security effectively prevents all spoofing attacks coming from third parties not directly connected to the same subnet as the BGP speaking routers. = Network administrators SHOULD implement TTL security on directly connected BGP peerings. = GTSM could also be applied to multi-hop BGP peering as well.
  • 6. The Internet Society AS-path filtering = Network administrators SHOULD NOT advertise prefixes with non- empty AS- path unless they intend to be transit for these prefixes. = Network administrators SHOULD NOT accept prefixes with private AS numbers in the AS-path except from customers. Exception: an upstream offering some particular service like black-hole origination based on a private AS number. = Customers should be informed by their upstream in order to put in place ad-hoc policy to use such services. = Network administrators SHOULD NOT accept prefixes when the first AS number in the AS-path is not the one of the peer unless the peering is done toward a BGP route-server (for example on an IXP) with transparent AS path handling. In that case this verification needs to be de-activated as the first AS number will be the one of an IXP member whereas the peer AS number will be the one of the BGP route-server.
  • 7. The Internet Society BGP community scrubbing = Network administrators SHOULD scrub inbound communities with their number in the high-order bits, and allow only those communities that customers/peers can use as a signaling mechanism. = Networks administrators SHOULD NOT remove other communities applied on received routes (communities not removed after application of previous statement). In particular they SHOULD keep original communities when they apply a community. Customers might need them to communicate with upstream providers. In particular network administrators SHOULD NOT (generally) remove the no-export community as it is usually announced by their peer for a certain purpose.
  • 8. The Internet Society BGP route flap dampening = The BGP route flap dampening mechanism makes it possible to give penalties to routes each time they change in the BGP routing table. Initially this mechanism was created to protect the entire Internet from multiple events impacting a single network. ๏ƒ˜ Studies have shown that implementations of BGP route flap dampening could cause more harm than they solve problems and therefore RIPE community has in the past recommended not using BGP route flap dampening . ๏ƒ˜ Studies have then been conducted to propose new route flap dampening thresholds in order to make the solution "usable", see RFC 7196
  • 9. The Internet Society Protection of the BGP Speaker by Control Panel filtering Help to minimize DDOS attack
  • 10. The Internet Society Remote Triggered Black Hole (RTBH) Remotely-Triggered Black Hole (RTBH) routing is an interesting application of BGP as a security tool within service provider networks. One common use is mitigation of distributed denial of service (DDoS) attacks. http://tools.ietf.org/html/rfc5635
  • 11. The Internet Society SIDR - Secure Inter-Domain Routing An infrastructure called SIDR (Secure Inter-Domain Routing),has been designed to secure Internet advertisements. = Origin validation, described in seeks to make sure that attributes associated with routes are correct. = Path validation provided by BGPsec seeks to make sure that no one announces fake/wrong BGP paths that would attract traffic for a given destination. Implementing SIDR mechanisms is expected to solve many of the BGP routing security problems in the long term, but it may take time for deployments to be made and objects to become signed. Also, note that the SIDR infrastructure is complementing (not replacing) the security best practices .
  • 12. The Internet Society Go with ROA ! A ROA or Route Origin Authorization is an attestation of a BGP route announcement. It attests that the origin AS number is authorized to announce the prefix(es). The attestation can be verified cryptographically using RPKI. โ€ข Verify whether an AS is authorized to announce a specific IP prefix โ€ข Minimize common routing errors โ€ข Prevent most accidental hijacks http://www.apnic.net/roa
  • 14. The Internet Society RPKI Adoption rate in BD
  • 15. The Internet Society Special Thanks to BCP: 194 J. Durand ,Cisco Systems, Inc. G. Doering ,SpaceNet https://tools.ietf.org/html/bcp194 Jac Kloots SURFnetJac Kloots ,SURFnet http://rpki.surfnet.nl/index.html Internet Society Deploy360 Programme Team http://www.internetsociety.org/deploy360/securing-bgp/ Fakrul Alam APNIC https://www.apnic.net/
  • 16. www.internetsociety.org Join us today ! Global membership is FREE http://www.internetsociety.org/deploy360/ http://www.isoc.org.bd/dhaka/