AfNOG 2008 Workshop on Network Technology

Track SI-E — Scalable Network Infrastructure

Detailed Course Outline

Day organisation

The workshop runs from Monday to Friday.

Each day is divided into four slots of approximately two hours each. Classes start promptly at 08:45 and end at around 18:15 daily. There will be a one-hour break for lunch at around 13:00, and 15-minute breaks in mid-morning and mid-afternoon. There may be optional evening sessions from 20:00 to 22:00 on some days.

In summary, the classes will use approximately the following time slots. These times are not exact.

• 08:45–10:45 — Morning session 1
• 11:00–13:00 — Morning session 2
• 14:15–16:15 — Afternoon session 1
• 16:30–18:30 — Afternoon session 2
• 18:30–19:30 — Optional evening sessions

Related documents

In addition to this detailed course outline, there is a summary timetable showing the entire course at a glance.

The Track SI-E main page will also be of interest.

Monday morning

• Introduction and logistics [APB]
  • Presentation in Powerpoint, PDF.
• IP and networking basics [APB]
  • Topics include:
    • the protocol stack
    • hop by hop forwarding
    • IP addresses
    • netmasks
    • CIDR prefix notation
    • ethernet ARP
    • binary arithmetic
  • Students will be able to:
    • recognise the ISO OSI seven-layer model
    • recognise the TCP/IP "hourglass" model
    • understand the relationship between the TCP/IP model and the ISO model
    • describe the unifying effect of the network later
    • describe how IP addresses are constructed: network part, host part
    • understand old classful networking terminology: class A, B, C
    • understand modern classless networking terminology: CIDR, prefix length, VLSM
    • convert between prefix length and netmask notation
    • identify network and broadcast addresses
    • find lowest/highest possible IP address in a prefix
    • subdivide prefixes
    • understand the concepts of subnetting and supernetting
    • distinguish between different network types: broadcast, point-to-point, NBMA
    • explain the purpose of ARP
    • describe the forwarding process and `longest match' rules
  • Presentation, in Powerpoint, PDF.
  • Additional material:
    • binary/decimal/hexadecimal conversion table, in plain text, HTML, PostScript, PDF.
    • netmask table, in plain text, HTML, PostScript, PDF.

Monday afternoon

• Cisco router configuration basics [IJ]
  • Topics include:
    • RAM, NVRAM, Flash
    • Logging in
    • Running versus startup configurations, what they do, how they can be displayed, how to change them
    • Configuring interfaces
    • Configuring static routes
    • How to set passwords
  • Students will be able to:
    • use FreeBSD as serial console (/etc/remote, tip)
    • login to a cisco router
    • perform basic commands
    • show the running and stored configuration files
    • make configuration changes
    • change the IP address of an interface on a Cisco router
    • add a static default route to a cisco router
    • add other static routes to a cisco router
  • Presentation, in Powerpoint, PDF.
• Static routing exercise using Unix and Cisco equipment [IJ]
  • Students will configure static routes on their Unix systems and routers in order to have reachability to the rest of the lab.
  • Topics include:
    • Configuring IP addresses on interfaces of Unix host and cisco router
    • Configuring static default route on Unix host
    • Configuring static routes on Cisco router
    • Troubleshooting using ping and traceroute
  • Students will be able to:
    • configure FreeBSD as IP client (/etc/rc.conf)
    • change the IP address of an interface on a Unix system (ifconfig)
    • add static routes to a Unix system (route, netstat)
    • use FreeBSD as serial console (/etc/remote, tip)
    • erase configuration of a Cisco router (write erase)
    • configure IP forwarding on Cisco
    • change the IP address of an interface on a Cisco router
    • add static routes to a Cisco router
    • perform basic network troubleshooting tasks such as ping and traceroute
    • explain what a default route is
  • Presentation, in Powerpoint, PDF.
• OSPF "magic" exercise [IJ]
  • This simple exercise consists of the following steps:
    • Keep the topology and numbering unchanged from the preceding static routing exercise.
    • Keep the PC configuration unchanged (with a static default route to the cisco router.
    • Remove all static routes from the cisco routers.
    • Enable OSPF on all cisco routers, by entering a few commands without understanding their meaning.
    • Observe that OSPF soon learns the routes, as if by magic.
  • This exercise uses quick and dirty techniques that are not recommended in practice.
  • If time permits after the exercise, instructors should provide external connectivity by injecting an OSPF default route at the classroom border gateway. Students can then read email, or browse the web until the classroom is closed.
  • Instructions in Powerpoint, PDF.
• Cisco router TFTP exercise [IJ]
  • Topics include:
    • Updating IOS
    • TFTPing configuration files
  • Students will be able to:
    • show the running and stored configuration files
    • make configuration changes
    • TFTP configuration files to and from a cisco router
    • install a different software version on a cisco router
  • Presentation, in Powerpoint, PDF.

Monday evening — Optional sessions

• IPv6 Introduction [PFS]
  • Students will be able to:
    • ...
  • Students will be introduced to and be able to understand the following problems:
    • ...
  • Presentation, in Powerpoint, PDF.

Tuesday morning

• Dynamic routing protocols [PFS]
  • Students will be able to:
    • explain when to use an IGP, and when not
    • list advantages of OSPF over RIP and static routing (fast convergence, scalability, equal-cost multipath, authentication, bandwidth, classless!)
    • list the main differences between OSPF, EIGRP and ISIS
    • explain the difference between forwarding and routing; can have multiple routing databases for different protocols but one forwarding table
  • Presentation, in Powerpoint, PDF.
• Forwarding and routing simulation on paper [APB]
  • An exercise in which students simulate packet forwarding, distance vector routing, and link state routing on paper.
  • We do the following:
    • Create a network topology on paper
    • Give each group of students information about their directly connected links, but do not give them information about more distant aspects of the topology.
    • Pass distance-vector routing messages around on paper while updating forwarding tables on paper.
    • Pass echo request, echo response and unreachable messages around on paper while consulting the forwarding tables.
    • Repeat the exercise for a link-state protocol instead of a distance-vector protocol.
  • Presentation, in Powerpoint, PDF.
  • PDF "ready to print".
• Filtering spoofed packets [MT]
  • Students will be able to:
    • Explain the expected source and destination addresses for IP backets between an ISP and a single-homed customer.
    • Explain what happens when an attacker sends a packet with forged source and destination addresses, including how the initial packet is routed, and where the response will go.
    • Explain the potential effect on a victim that is targeted by forged packets originating from large numbers of sources.
    • Explain how an ISP with a single-homed customer can tell the difference between packets with legitimate source addresses and packets with forged source addresses.
    • Explain how an ISP can trivially block the packets with forged source addresses.
    • Explain how this can be extended to multi-homed customers, or customers who have uplinks and downlinks from different ISPs.
  • Presentation, in OpenOffice, Powerpoint, PDF.

Tuesday afternoon

• OSPF and IGPs [MT]
  • Students will be able to:
    • explain when to use an IGP, and when not
    • explain the difference between forwarding and routing; can have multiple routing databases for different protocols but one forwarding table
    • identify the lowest-cost path and equal-cost paths
    • describe the formation of neighbour relations
    • list default values for hellointerval / routerdeadinterval
    • briefly describe the database flooding and recalculation, and purpose of DR/BDR
  • Presentation, in Powerpoint, PDF.
• OSPF exercise [IJ]
  • Students will be able to:
    • rebuild the classroom exercise using single area OSPF
    • configure appropriate link costs, MD5 authentication, enable OSPF on specific interfaces
    • perform simple inspection of OSPF database (neighbours, routes, DR/BDR)
    • alter topology and observe altered routes
    • originate default route
    • configure loopback interfaces
    • save configs to TFTP server
  • Exercise, in HTML, PDF.
  • OSPF Cheat Sheet, in plain text.
  • addressing plan, in plain text.
• Resilient network design concepts [MT]
  • Topics:
    • Explain the concept of a well designed network, modular functional design
    • Describe good design for a resilient network with dual core switches, dual-attached border routers and access routers, physically separate networks for different types of traffic.
    • Highlight platform needs, infrastructure needs, redundant cable paths.
    • Outline features for resilience, scalability, ease of maintenance.
    • Highlight need for non-blocking switches, HSRP and other features
    • The need to KISS! (Keep it Simple Stupid :-)
  • Presentation, in Powerpoint, PDF.

Tuesday evening — Optional sessions

• Informal experiments

Wednesday morning

• The Border Gateway Protocol (BGP) [PFS]
  • Today is BGP day, with two presentations and several exercises. The two presentations comprise the following parts:
    • Part 0: Why use BGP? What's the big idea?
    • Part 1: Forwarding and Routing (review).
    • Part 2: Interior and Exterior Routing.
    • Part 3: BGP Building blocks: AS numbers, Routing flow and traffic flow.
    • Part 4: Configuring BGP (basic commands)
    • Part 5: Extending BGP to support IPv6
    • Case Study 1, Exercise 1: Small customer with single upstream provider.
    • Part 6: BGP Protocol Basics.
    • Part 7: BGP Protocol in a little more detail.
    • Case Study 2, Exercise 2: Small ISP with one upstream provider and one local peer.
    • Part 8: Routing Policy and Filtering.
    • Exercise 3: Filtering on AS Path.
    • Exercise 4: Filtering on prefix-list.
    • Part 9: More detail than you want.
    • Exercise 5: Interior BGP, and two upstream providers.
    • Part 10: BGP and network design.
  • Students will be able to:
    • Explain why you need an EGP (you want to be able to exchange traffic/ routes with other networks; cost of transit vs peering. Can't use static routes, can't use IGP)
    • Define autonomous system
    • Describe the key characteristics of BGP4 (point-to-point peering, TCP, incremental updates, routes + attributes, eBGP and iBGP)
    • Understand how BGP has been extended to support IPv6
    • List important attributes: AS path, nexthop, localpref, MED, communities
    • Describe typical path selection by length of AS path, and outline use of prepending to influence upstream path selection
    • Explain the recursive lookup of nexthop attribute
    • Use the list of BGP route-selection rules
    • Read a table of 'distances' for which protocol wins
    • Remember that longest prefix always wins
    • Set up a BGP peering session to an upstream provider
    • Set up a BGP peering session to a peer
    • Set up iBGP peers
    • Announce nailed-up route
    • show ip bgp summary
    • Use AS-path and prefix-list filters
  • BGP Introduction Presentation, in Powerpoint, PDF.
  • Main BGP Presentation, in Powerpoint, PDF,
  • BGP Cheat Sheet (configuration examples), in plain text.
  • BGP Exercise 1, in plain text, and the diagram, in PDF.
  • BGP Exercise 2, in plain text, and the diagram, in PDF.
  • BGP Exercise 3, in plain text, and the diagram, in PDF.
  • BGP Exercise 4, in plain text, and the diagram, in PDF.
  • BGP Exercise 5, in plain text, and the diagram for exercise 5, in PDF.
  • Configuration for aggregation switch, in plain text.
  • Configuration for upstream router, in plain text.

Wednesday afternoon

• BGP, continued [PFS]

Wednesday evening — Optional sessions

• Informal experiments

Thursday morning

• BGP Best Current Practices [PFS]
  • Topics include:
    • What BGP is used for, what IGPs are used for
    • Aggregation, how to generate aggregate, how to announce aggregate
    • What prefixes to receive from any eBGP neighbour
    • What prefixes to send to any eBGP neighbour
    • Know about the special prefixes which should never appear on the Internet
    • How to inject prefixes into BGP
  • Presentation, in Powerpoint, PDF.
• BGP scaling issues [PFS]
  • Topics include:
    • BGP Peer-groups
    • Route Reflectors
    • Route Flap Damping
    • BGP Route Refresh
  • Presentation, in Powerpoint, PDF.
• OSPF/IBGP exercise [PFS]
  • Students demonstrate knowledge gained from the week by building an ISP network from scratch:
    • appoint an IP address manager and do the address space allocation
    • build OSPF across the backbone
    • build a full mesh iBGP cloud
    • appoint a network manager to coordinate the network roll out and configuration consistency
    • establish eBGP peering with two external ASNs
    • get full Internet connectivity
    • filter prefixes using a route-map
  • Exercise notes, in MS Word format, PDF.
  • BGP Cheat Sheet (configuration examples), in plain text.

Thursday afternoon

• Internet exchange points [PFS]
  • Topics include:
    • What is an exchange point
    • Why you need one
    • Basic IXP design
    • Scaling an IXP
  • Students will be able to:
    • explain what an Internet exchange point is
    • explain why people use IXPs
    • understand why IXPs are important
    • review some current IXP designs used today
    • think about how to set up an Internet exchange point in your environment
    • understand why Route Servers are useful
  • Internet Exchange Point presentation, in Powerpoint, PDF.
  • Scaling Internet Exchange Point presentation, in Powerpoint, PDF.
• Internet Exchange Points exercise [PFS]
  • Students will be able to:
    • build a simple exchange point
    • demonstrate how an IXP benefits their network
  • Students will be introduced to and be able to understand the following problems:
    • Not providing transit to your peer
    • Not providing transit across the Exchange Point
    • Not seeing own routes from anyone else
    • Not accidentally receiving the whole Internet routes from peer
    • Not receiving internal IGP routes accidentally announced by peers
    • Not trusting customers to generate correct routes
  • Internet Exchange Point Exercise in Text, addressing plan in Text, and AS100/200 router configuration in Text.
  • Upstream Transit Diagram from presentation in PDF and IXP connection Diagram in PDF.

Thursday evening — Optional sessions

• Informal experiments

Friday morning

• NOC services and applications [MT/MW]
  • Topics include:
    • Configuration/Change Management
    • Performance Management
    • Accounting Management
    • Fault Management
    • Security Management
  • Students will be able to:
    • Explain the need for a Network Operations Centre
    • Identify the elements of Network Management
    • Use a basic monitoring system to observe the health of the network, detect faults and changes, and respond appropriately.
      • Explain why Network monitoring is essential
      • Define various types of Network monitoring
      • Configure a Syslog Server and tools to trigger alarms
      • Configure RANCID
      • Configure RT (Request Tracker)
      • Identify suspicious network activities and trends
    • Explain why ticket systems are necessary in a NOC
    • Use a simple ticket system effectively
    • Explain the different types of tools that can be used for network monitoring
    • Communicate with providers, peers and customers
    • Fix Network problems where devices are unreachable
    • Understand the concepts behind Change Management
  • Introductory presentation, in Powerpoint, PDF.
  • Syslog presentation, in Powerpoint, PDF.
  • Syslog exercise, in plain text.
  • Nagios presentation, in Powerpoint, PDF.
  • RANCID presentation, in Powerpoint, PDF.
  • RANCID exercise, in plain text.
  • RT presentation, in Powerpoint, PDF.

Friday afternoon

• Network traffic analysis [MT/MW]
  • Topics include:
    • Configuring SNMP on Cisco routers and switches.
    • Configuring MRTG on FreeBSD servers.
    • Configuring Netflow on Cisco routers.
    • Configuring NFSEN on FreeBSD servers.
  • Students will be able to:
    • Discover the amount of bandwidth network devices are using.
    • Graph the performance of various services, e.g., Exim/SMTP.
    • Find out which users are using which services on the network.
    • Discover rogue agents or computers that might be virus-infected.
    • Know which services are more popular on your network.
  • MRTG Presentation, in Powerpoint, PDF.
  • MRTG Exercise, in HTML.
  • NFSEN Presentation, in Powerpoint, PDF.
• Open Question and Answer Session

Friday evening

• Teardown
  • Some equipment will need to be packed up.
  • Some equipment will need to be left in place.
  • Some equipment will need to be moved.
  • All this will be done with careful planning.