DNS, or domain name system is how nice names like google.com get translated into an IP address and eventually find the server that has your content.

For this article we are going to focus on website filtering (or content filtering) since the goal is to block access to websites that are deemed inappropriate. This can be blocked by a parent, employer, ISP, or government regulation/policy.

Employers typically have an enterprise policy which gets pushed out to your web browser, and they often have a proxy at the edge of the network which does HTTPS inspection. That will make all of the techniques we are going to discuss irrelevant since the employer controls all aspects of the network. This article mainly focuses on non-enterprise users.

When a company/enterprise is signing up with an ISP for internet access, they are able to connect in many different ways, but we are going to go over a couple of the popular methods.

NOTE: This is a brief overview to answer this one question, BGP is very powerful and programmable, so we won’t touch on most of its features.

If the company has its own ASN (Autonomous System Number) they can connect to an ISP and advertise out this number through BGP with the IP space (prefixes) they own. That way other participants in BGP can find the best path to get to that company/ASN and the IP space. Companies will typically get an ASN if they are an ISP or if they are hosting some sort of content that others need to access. You can think of content as a website, portal, video, audio, VPN, or anything else that someone else needs to connect to from somewhere else. A large majority of the time this content is “in the cloud” instead of on-premise, but many larger organizations have their own equipment and data centers to handle accessing this content.

This post will walk through a quick script that connects to a Cumulus switch and runs a command. Cumulus has a virtual machine appliance called VX available for free to run your tests on. Cumulus VX

Much of this can be found on the netmiko github:Netmiko

There is an examples directory that goes into more details for adding things like concurrency. If you are running this on 10+ switches in series, things get slow!