Does DNS filtering still work?
DNS, or domain name system is how nice names like google.com get translated into an IP address and eventually find the server that has your content. For this article we are going to focus on website filtering (or content filtering) since the goal is to block access to websites that are deemed inappropriate. This can be blocked by a parent, employer, ISP, or government regulation/policy. Employers typically have an enterprise policy which gets pushed out to your web browser, and they often have a proxy at the edge of the network which does HTTPS inspection.
Default route or full routing table?
When a company/enterprise is signing up with an ISP for internet access, they are able to connect in many different ways, but we are going to go over a couple of the popular methods. NOTE: This is a brief overview to answer this one question, BGP is very powerful and programmable, so we won’t touch on most of its features. If the company has its own ASN (Autonomous System Number) they can connect to an ISP and advertise out this number through BGP with the IP space (prefixes) they own.
Cumulus and Netmiko
This post will walk through a quick script that connects to a Cumulus switch and runs a command. Cumulus has a virtual machine appliance called VX available for free to run your tests on. Cumulus VX Much of this can be found on the netmiko github:Netmiko There is an examples directory that goes into more details for adding things like concurrency. If you are running this on 10+ switches in series, things get slow!