Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Welcome to Day One

 

This book is part of the Day One library, produced and published by Juniper Networks Books.

Day One books cover the Junos OS and Juniper Networks networking essentials with straightforward explanations, step-by-step instructions, and practical examples that are easy to follow. You can obtain the books from various sources:

  • Download a free PDF edition at http://www.juniper.net/dayone.

  • Many of the library’s books are available on the Juniper app: Junos Genius.

  • Get the ebook edition for iPhones and iPads from the iBooks Store. Search for Juniper Networks Books or the title of this book.

  • Get the ebook edition for any device that runs the Kindle app (Android, Kindle, iPad, PC, or Mac) by opening your device’s Kindle app and going to the Amazon Kindle Store. Search for Juniper Networks Books or the title of this book.

  • Purchase the paper edition at Vervante Corporation (www.vervante.com) for between $15-$40, depending on page length.

  • Note that most mobile devices can also view PDF files.

Target Audience

This book is intended for network administrators running BGP on Juniper Networks routers in the default free zone (DFZ). It provides field-tested device and protocol configurations for creating a secure and stable network, as well as the brief background information needed to understand and deploy these solutions in your own environment. While many network administrators may find the contents of this book interesting, its real value is to those running a BGP network without having a default route present in their network (or accepting such a route from their upstream provider): the DFZ.

Note

Most techniques described in this book do not apply to networks that accept a default route. Why? Well, if you use default routes in your network, most routing security methods like resource public key infrastructure (RPKI —we’ll get to that) simply won’t work.

What You Need to Know Before Reading This Book

You should be familiar with the basic administrative functions of Junos OS, including the ability to work with operational commands, and to read, understand, and change configurations. There are several books in the Day One library on learning Junos, found at http://www.juniper.net/dayone.

This book assumes that you, the reader, have intermediate level knowledge of:

  • Junos OS and its command-line interface (CLI).

  • General BGP protocol usage in Internet service provider (ISP) networks.

  • General troubleshooting techniques for ISP networks running the Junos OS.

  • The configuration of basic BGP connectivity in the Junos OS, including configuring neighbors and routing policy.

  • Basic Junos OS network and system operation.

  • Basic (Regional Internet Registry) RIR working knowledge (https://en.wikipedia.org/wiki/Regional_ Internet_registry).

What You Will Learn by Reading This Book

This book will help you to:

  • Understand the relevance of filtering routes as you learn them from your customers, peers, and transits.

  • Understand what portion of BGP-received routes should be rejected for securing your routing table.

  • Implement routing policies that reject invalid routing information.

  • Understand and implement redundant RPKI validators and use them to filter RPKI invalid routes.

  • Verify your configuration and support your network using basic troubleshooting commands.

  • Use RIR tools to make sure your routes and prefixes are accepted by other ISPs who filter and/or have deployed RPKI.

Additional Resources

Now that you have a secure routing table, the next step can be to express to customers and partners that you are taking responsibility for a safer and more stable Internet.

One way to express this is to join MANRS (Mutually Agreed Norms for Routing Security). MANRS is a global initiative, supported by the Internet Society, that provides crucial fixes to reduce the most common routing threats. More information is available on their website at: https://www.manrs.org/.

In addition, you can maximize the security of your routing table by discarding invalid or unusable routing information. In order to get your customers to announce valid, usable information to you, you may have to help them to fix their announcements, IRR registrations, or RPKI ROAs. The more networks that join, the more secure the Internet becomes!