Scribd
Upload
11 views25 pages

ISP Infrastructure

The document outlines the infrastructure and best practices for Internet Service Providers (ISPs), focusing on network design, WAN management, and incident handling. It details the roles of core, aggregation, and POP routers, as well as IP planning and network address translation (NAT) processes. Additionally, it addresses email security, spam prevention, and incident handling strategies with practical case studies for network management.

Uploaded by

ntrongky
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views25 pages

ISP Infrastructure

The document outlines the infrastructure and best practices for Internet Service Providers (ISPs), focusing on network design, WAN management, and incident handling. It details the roles of core, aggregation, and POP routers, as well as IP planning and network address translation (NAT) processes. Additionally, it addresses email security, spam prevention, and incident handling strategies with practical case studies for network management.

Uploaded by

ntrongky
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 25

ISP Infrastructure

MD. MAHBUB HASAN PAVEL

Amber IT Limited
[email protected]
ISP Infrastructure
 Major Focus:
- Network Design
- WAN Management: Core Router
- Distributed Services: Aggregation Router
- LAN Management: POP Router
- IP Planning and Service Policy
- Incident Handling
ISP Network – Best Practice
ISP#1 ISP#2

Core-Router CACHE

Aggregation-Router BDIX

POP#1
POP#3 POP#4
POP#2
WAN Management – Core Router
ISP#1 ISP#2

Core-Router
Function of a Core-Router:
 Maintain the Connectivity and Routing between Multiple ISPs
 Receive the Internet Traffic only from Aggregation Router
 Forward the Internet Traffic to ISPs as per Policy & Routing

Aggregation-Router
Distributed Services – Aggregation Router
Core-Router

Function of a Aggregation-Router: CACHE


 Multipurpose
 Aggregation to Core: Forward Internet Traffic only
 Receive Internal Routes (IGP or Static)
 Network Address Translation (NAT)
 Bandwidth Management and QoS (for Cache) BDIX
Aggregation-Router

POP#1 POP#2
POP#3 POP#4
LAN Management – POP Router
Aggregation-Router

POP#1 POP#3 POP#4


POP#2
Function of a POP-Router:
 Directly connected with Aggregation-Router
 PPPoE/DHCP/Static-IP
ISP Network – Traditional LSP
ISP

Function of LSP Router:


LSP-Router vlan-101: Internet
- Maintain connectivity with ISP
- PPPoE/DHCP vlan-102: Youtube
vlan-103: BDIX
- NAT
vlan-104: FTP
- Bandwidth Policy

LSP-Switch

Cust: 1 Cust: 2 Cust: 3 Cust: n


IP Planning
 To ensure smooth and efficient Services to the Customers you must
need to prepare IP Plan.
 Here is an example for IP Plan based on PPPoE:
Package1: 192.168.1.0/24
Package2: 192.168.2.0/24
Package3: 192.168.3.0/24
Package4: 192.168.4.0/24
Package5: 192.168.5.0/24
Network Address Translation (NAT)
 NAT is the process of modifying IP Address information in IP Packet
Headers while in transit across a Traffic any Routing Device.
How NAT Works !!!
Simple NAT
 In this process, Router will do NAT all the IP’s behind the Router over
that IP for whom the Default Route is added or installed.

To do that the steps are:


 Go to IP Menu
 Then go to Firewall
 Then click NAT
 Then Click [+] to add a NAT Rule
- In General section, Chain=srcnat
- In Action section, Action=masquerade
 Then press OK
NAT for Specific Subnet
 In this process, Router will do NAT for specific Subnet you assigned
instead of all the IP’s behind the Router over that IP for whom the
Default Route is added or installed.

To do that the steps are:


 Go to IP Menu
 Then go to Firewall
 Then click NAT
 Then Click [+] to add a NAT Rule
- In General section, Chain=srcnat, Src. Address=192.168.1.0/24
- In Action section, Action=masquerade
 Then press OK
NAT over Interface
 In this process, Router will do NAT for the IP’s behind the Router over
that Interface for whom the Default Route is added or installed.

To do that the steps are:


 Go to IP Menu
 Then go to Firewall
 Then click NAT
 Then Click [+] to add a NAT Rule
- In General section, Chain=srcnat, Src. Address=192.168.1.0/24,
Out. Interface=Public-IP-Interface
- In Action section, Action=masquerade
 Then press OK
IP Blacklist – A big Problem!!!
 Malware/Trojan Activities
- Continuous or a large no. of attempt to connect any Server
 Email/SPAM
- Continuous sending SPAM

IP reputation became LOW !!!


Email Security – Preventing SPAM
 Does your Network SPAM Free?
- Yes
- No
- No !dea
SPAM – How & Why?
 Email Password – Compromised
- Use Strong Password: Alpha-Numeric (e.g. - !$pAB@cTg2018)
 Lack of Security
- No Policy applied for 25, 465 Ports
- Make a List for Trusted SMTP
- Permit Trusted SMTP as Exception
NAT: src-nat
 src-nat is a process of NAT, when you have multiple LAN and you have
a Public IP Pool (example: x.x.x.x/29 or x.x.x.x/26 and so on) then you
can assign one Public IP for one Private Subnet to do the NAT.
NAT: src-nat (Cont…)
 Now we will learn how to do NAT a Private Subnet with a single
Public IP.

To do that the steps are:


 Go to IP Menu
 Then go to Firewall
 Then click NAT
 Then Click [+] to add a NAT Rule
- In General section, Chain=srcnat, Src. Address=192.168.1.0/24
- In Action section, Action=src-nat, To Address=118.179.200.2
 Then press OK
SMTP Filtering – MikroTik

We will add two (02) Filter Rules.


1 – For identifying the Infected PC in LAN
2 – Drop the Packet from Router

Rule 1: Identify the Infected PC


 Go to IP Menu
 Then go to Firewall
 Then Filter Rules
 Add [+] a Filter Rules
General: Chain=forward, Src. Address=x.x.x.x/x,
Dst. Address=x.x.x.x, Protocol=tcp, Dst. Port=25
Action: Action=add src to address list,
Address List=Spammer
SMTP Filtering – MikroTik (Cont…)

Rule 2: Drop the Packet from Router


 Go to IP Menu
 Then go to Firewall
 Then Filter Rules
 Add [+] a Filter Rules
General: Chain=forward, Src. Address=x.x.x.x/x,
Dst. Address=x.x.x.x, Protocol=tcp, Dst. Port=25
Action: Action=drop
Incident Handling
 Preparation
 Identification of Problem
 Recovery and Analysis
Case Study 1:
Changing ARP Interface

ip arp set [find interface=ether5] interface=ether4

You configured your LAN Interface as “ARP=reply-only” to restrict access to the Customer by MAC Address.
Your LAN Interface is ether5 and it became damaged somehow. So that, you have to change the current
Interface for all the ARP entries and it would be difficult if you did it manually.
Creating VLANs

:for i from=101 to=199 do={interface vlan add name=("vlan$i") vlan-


id=$i interface=ether5}

You assigned a Router Interface for Corporate Network and you connect a Manageable Switch on that Interface.
So you have to manage VLAN for Corporate Network. If you want to create multiple VLAN in a single Command
then you have to issue the above command.
Case Study 2:
Shifting VLANs from One Interface to Another

interface vlan set [find interface=ether5] interface=ether4

You are running a Corporate Network from Interface ether5 and it became damaged somehow.
So that, you have to shift all the VLANs under ether5 to ether4 and it would be difficult if you did it manually.
The above Command will help you to it instantly.
Thank You !!!
Md. Mahbub Hasan Pavel
Manager, Network & System Administration
Amber IT Limited
Mobile: +880 1713 396442
Email: [email protected]

You might also like