CiscoTik

Networking Administration

CiscoTik

Networking Administration

CiscoTik

آموزش شبکه های مبتنی بر سیسکو و میکروتیک و ...

طبقه بندی موضوعی
نویسندگان
  • ۱
  • ۰

حملات DoS چیست ؟

(DoS (Denial of Service: نوعی حمله است که باعث افزایش بار بر روی روتر یا سرور میشود به این معنی که مصرف سی پی یو به 100% میرسد و سرور یا روتر توسط time out از دسترس خارج میشود.یا بطور کل تمام عملیاتهایی که میتونند روی مصرف سی پی یو تاثیر بذارند مثل فایروال و لاگینگ که میتونند باعث overload روتر بشوند اگر تعداد بسیار بالایی packet در ثانیه به روتر برسه.


اهداف
به طور کلی انجام این حمله برای اهداف زیر صورت می‌گیرد:


  1. پایین آوردن سرعت و کیفیت سرویس‌دهی شبکه
  2. از دسترس خارج کردن وب‌سایت مورد نظر
  3. قطع دسترسی تمام وب‌سایت‌ها (با حمله به name serverها)
  4. افزایش تعداد هرزنامه‌ها (که به بمب ایمیلی نیز معروف است)

لازم به ذکر است که این حمله فقط مختص به سرورها نیست و ممکن است یک شبکه و یا حتی روتر نیز مورد حمله قرار گیرد و ممکن است کار بخش عمده‌ای از اینترنت را مختل کند (همانطور که در طول تاریخ ۲بار اینترنت کل دنیا با این حمله مختل شده‌است).


  • ۱
  • ۰
سلام به بینندگان وبلاگم...
امروز در مورد ECMP Failover  مطلبی واستون گذاشتم...


This script demonstrates one method of doing automatic failover using the Netwatch function and using scripting to enable or disable gateways.


ما 2 خط به اینترنت داریم به آدرس های 10.0.0.12 و 10.0.0.13 .
میخواهیم با استفاده از منگل ترافیک های http را مارک کرده و با loadbalancing آنهارا به اینترنت ببریم.
  • ۱
  • ۰

سلام به همه
در میکروتیک چند روش برای load-balancing مطرح شده.انواع و ویژگی های هرکدام را در شکل زیر مشاهده می شود.


یکی از روشها PCC مبیاشد که قرار است در این قسمت توضیح کاملی را بدهم...

  • ۱
  • ۰

load balancing in MikroTik

سلام 

بر طبق شکل ، 2 عدد اینترنت (مثلا ADSL) وجود دارد که ما قرار است برای کاربران داخلی اینترنت را LOADBALANCE کنیم.دو رنج آدرس اینترنتی ما در شکل مشخص هستند.
یکی از روش های موجود در میکروتیک ECMP میباشد که از نوع Round Robin میباشد.
ECMP

  • ۲
  • ۰

تمرین BGP

سلام به شما دوستان عزیز...
امروز یک سناریو آماده کردم که تقریبا تمام مباحث قبلی که توی وبلاگم گذاشته بودم رو در گیر میکنه...
متن سناریو به شرح زیر میباشد...
تمرین BGP




R1 has an EBGP peer to R5 and an IBGP peer to R2.
R2 has an EBGP peer to R4 and IBGP peer to R1.

Ensure that the 15 loopbacks on R1 (131.108.2.0–131.108.16.0/24) are advertised to R5 and that R5 modifies all even networks with a local weight to 1000 and metric (MED) to 100. For all odd networks, set the weight to 2000 and the metric (MED) to 200.


Ensure that R1 advertises a default route to R5 and that R2 advertises a default route to R4. Use a prefix list to accomplish this task.


Ensure that R4 does not accept any networks in the range 131.108.0.0 but does accept a default route only. All other networks must be denied on R4.


Ensure that R3 can reach all BGP-advertised networks using OSPF as the only routing protocol. (That is, redistribution is required on R1/R2).




  • ۲
  • ۰

BGP Dual-Homing

In this scenario, you build upon the IBGP network  and configure EBGP on R1 and R2 and simulate a dual-homing ISP connection. Because most CCNP candidates do not have two ISP connections to configure in a lab environment, you configure two routers and inject default routes along with a large IP routing table to simulate an ISP router.

Configure the routers ISP1 and ISP2 for EBGP and advertise a default route to the internal BGP network along with some routes that simulate an Internet environment.configures ISP1(R6) for EBGP and allows a default route to be advertised to the EBGP peer to R1.


full pic duall-homin

  • ۲
  • ۰

BGP Route-Reflector 1

سلام.
سناریویی آماده کردم در مورد BGP Route Reflector .
.................................................................................

Consider a network consisting of 100 routers. Having this many routers leads to alarge number of TCP BGP peers. In fact, you can easily calculate the number of peers by using the formula n(n-1)/2, where n is the number of BGP routers.
NOTE

To avoid routing loops, BGP only propagates updates learned from IBGP connections to other IBGP sessions that are fully meshed. Fully meshed networks contain a BGP peer to every BGP speaker in the network. For a 100-router network, there are 100(100-1)/2 = 100(99)/2 = 4950 TCP peers.
IBGP works well in small networks, and as the network grows even to just 100 routers, the scalability and administration of BGP becomes a task you must carefully consider.
BGP deals with large BGP networks using two methods:
· Route reflectors
· Confederations (advanced form of route reflectors; confederations are beyond the scope of this chapter.)

شرح ، توضیحات و پیکربندی به شرح زیر میباشد.

..............................................................................

the Routers R1–R5 are part of a large company and route reflectors are configured on R1 and R2 for redundancy purposes.Enable OSPF on the IGP routers by enabling all interfaces in area 0, so you can take advantage of loopbacks for the source and destination address for all IBGP peer sessions.

onfigure IBGP on R1 and use the loopback addresses as the next hop addresses because as long as you have IP connectivity, BGP should remain active. In
fact, good IBGP design always uses loopbacks so that one routing failure does not result in loss (TCP fails) of IBGP connectivity.

lo 0 for all routers : 131.108.254.x (x is number of each routers)

ospf configs on all router : R1-R5:

R1(config)#router ospf 1
R1(config-router)# network 0.0.0.0 255.255.255.255 area 0


The reason that OSPF is chosen for the preferred path is that OSPF has a lower nadministrative distance of 110, compared to 200 for IBGP.

if EBGP is configured between two routers and OSPF is the interior routing protocol, EBGP administrative distance is 20, far lower than OSPF (AD is 110). By default, a lower AD is always preferred; therefore, the next hop address is the EBGP
314 connection.

To change this default behavior without the changing AD values, use the network <network subnet-mask> backdoor command. Specifying the network allows the router to choose OSPF as the preferred path rather than the EBGP discovered path.
Changing the administrative distance is not always the most desirable method because all routers typically need modification, as in this scenario.




  • ۲
  • ۰

eBGP

باسلام

امروز یک سناریو دیگه رو آماده کردم

شرح سناریو

..............................................................

You will notice that all the IP addressing schemes are /24, except for the serial link between R1 and R2. The serial link contains a mask, 255.255.255.252 or /30. BGP has no issues with VLSM. The 16 loopbacks on R1 are advertised to R2 using the redistribute connected command. The no-auto summary command ensures that R2 sees all 16 individual routes. The access list on R2 must be set with a mask of 0.0.254.255, or all even networks match these criteria. The dual-path connections between R1 and R2 allow redundancy. There are two EBGP sessions between R1 and R2; therefore, the route map on R2 is applied to both EBGP peers in case of link failure.


شکل شبیه سازی شده سناریوی




sho ip bgp on R2

  • ۲
  • ۰

BGP community

سلام

شرح سناریو

..........................................................................

R1 is configured for EBGP and IBGP. The EBGP connection to the remote peer address, 141.199.2.2, is the Internet gateway. Therefore, you must send the
community to the remote peer and apply an outbound route map, so the Internetrouters do not use R1 as a transit path. You have yet to apply the route map named setcommunity (arbitrary name).  Apply the well-known community no-export, which informs the neighboring router not to use R1 for any traffic not destined for the network 131.108.0.0/16.

configure the four routers, R1–R4, for IBGP, and set the same policies on all four routers.



comunity






ensure that R1 does not receive any default routes from R2, R3, or R4 (sets the next-hop-self attribut. Ensure that R1 sets the community to the value 2000.


R1(config)#route-map setcommunity
R1(config-route-map)#set community no-export
R1(config-router)#neighbor 141.199.2.2 route-map setcommunity out
یعنی مسیرهایی که با این مقدار دریافت میشوند،دیگر به همسایه های eBGP تبلیغ نشوند.یعنی به روتر 5 هیچ مسیری از AS1 تبلیغ نشود.
  • ۲
  • ۰

سناریو BGP

All routers have a loopback 0 interface X.X.X.X/32 where X is the number of the router.
Configure OSPF on R1, R2, R3 and advertise 10.10.12.0/24, 10.10.13.0/24 and loopback 0 subnets
Configure OSPF on R4, R5 and advertise 150.45.45.0/26 and loopback 0 subnets
Configure full iBGP mesh in AS 123, use loopback 0 interface for peering
Configure iBGP in AS 45, use loopback 0 interface for peering
Configure eBGP between AS 123 and AS 45
Advertise R1 loopback 0 and 150.45.45.0/26 in BGP
Ensure AS 123 will use the link between R3-R5 towards network 150.45.45.0/26. Use MED attribute only.
Ensure AS 45 will use the link between R3-R5 towards network 1.1.1.1/32. Use MED attribute only.

bgp-1 pic