Re: IDS on a load balanced BGP network

From: Omachonu Ogali (missnglnk@informationwave.net)
Date: 09/05/02

Previous message: Greg Shipley: "Re: IDS on a load balanced BGP network"
In reply to: Greg Shipley: "Re: IDS on a load balanced BGP network"
Next in thread: Ian Macdonald: "Re: IDS on a load balanced BGP network"
Next in thread: J R: "Re: FW: IDS on a load balanced BGP network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 5 Sep 2002 14:57:15 -0400
From: Omachonu Ogali <missnglnk@informationwave.net>
To: Greg Shipley <gshipley@neohapsis.com>

On Thu, Sep 05, 2002 at 01:46:54PM -0500, Greg Shipley wrote:
>
> On Thu, 5 Sep 2002, Omachonu Ogali wrote:
>
> > BGP has nothing to do with this setup, generally your IDSes
> > should be located at the border of your network (your routers
> > connected to your peers and transit providers). So in this
> > scenario, I would place them behind each router connected
> > to each transit provider.
>
> Er, huh? If my IDS only sees part of the session, how is BGP *NOT* part
> of this?

If your packets are switching next-hops on every other packet,
then that is a separate problem you need to address if you
absolutely need next-hop consistency for this application.

Depending on how the network is numbered, you can announce the
networks for Datacenter A as you normally would, and then announce
Datacenter A's networks via Datacenter B, but with the AS path
padded a couple of times, the local-preference lowered, or both.
Vice versa for Datacenter B's network blocks.

> And how can you come to this conclusion without knowing his topology?

The next line you skipped said "if your network is laid out in
a core-distribution-edge topology". Even if he is operating a
collasped core where the core is handling both core and
distribution functions, that still remains the single entry
point into his network, for both his transit providers, peers,
and datacenter links, where he can place an IDS behind.

> -Greg

-- 
Omachonu Ogali
Information Wave Technologies
missnglnk@informationwave.net
http://www.informationwave.net

Previous message: Greg Shipley: "Re: IDS on a load balanced BGP network"
In reply to: Greg Shipley: "Re: IDS on a load balanced BGP network"
Next in thread: Ian Macdonald: "Re: IDS on a load balanced BGP network"
Next in thread: J R: "Re: FW: IDS on a load balanced BGP network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Policy Routing, raise OSPF Cost, or am I totally off base?
... Here's a small diagram of a portion of a network. ... same rack in our DR datacenter. ... the OSPF cost on the F0/0 Ethernet Interface to 65534, ...
(comp.dcom.sys.cisco)
Re: Policy Routing, raise OSPF Cost, or am I totally off base?
... same rack in our DR datacenter. ... Right now, I have OSPF routing enabled throughout the entire network, ... the OSPF cost on the F0/0 Ethernet Interface to 65534, ...
(comp.dcom.sys.cisco)
IDS on a load balanced BGP network
... Has anyone ever come up with a solution for running a IDS system on a BGP ... If I have 2 datacenters that are linked together by a network connection. ... datacenter to datacenter link. ... Does this mean that a season always comes in via the same ISP? ...
(Focus-IDS)
Shutdown user
... datacenter when the network is down. ... AD through a script but in a disaster situation i.e. network goes down, ... server on fire, what have you. ... worry about all of the shutdown procedures and have the server shutdown ...
(microsoft.public.win2000.general)
Re: Clueless firewall configuration ?
... "drop" an IDS on a VLAN without adding network taps or other tricks. ... Having untrusted traffic on your core switch can cause the ... VLAN hopping attacks. ... Download FREE whitepaper on how a managed service can ...
(Pen-Test)