isp-backbone-course/README.md

ISP Backbone Lab — A Senior Network Engineer's Course

Instructor: Garvis (your friendly neighborhood Sr. Network Engineer) Platform: Cisco Modeling Labs (CML) — 32GB RAM budget Student: Jordan Goal: Build and understand a realistic ISP backbone from the ground up, then attack it.

---

Table of Contents — Modules

#	Module	Topic
1	Module 1: The Underlay — IS-IS	Why every ISP uses IS-IS, Level 2-only design, NET addressing
2	Module 2: MPLS — Labeling the Backbone	Label switching, LDP, Penultimate Hop Popping
3	Module 3: iBGP — The Brain of the ISP	Route Reflectors, full-mesh problem, loopback peering
4	Module 4: L3VPN — Customer Isolation	VRFs, RD vs RT, customer isolation across the MPLS core
5	Module 5: eBGP — Peering with the World	IXP peering, BGP best path selection (The Big 9), route filtering
6	Module 6: Segment Routing	LDP to SR migration, Prefix SIDs, why SR is the future
7	Module 7: Traffic Engineering	SR-TE policies, SID stacks, Flex-Algo
8	Module 8: Attack & Defense Labs	BGP hijacking, IS-IS poisoning, MPLS label manipulation, CoPP

---

The Topology

A two-AS ISP backbone (AS 65000 and AS 65100) with customer sites, a peering exchange, and an attacker segment.

See the topology diagrams for visual references.

Build Order

Phase 1: Foundation (Weekend 1)

• Module 1: IS-IS on all P and PE routers
• Verify: All loopbacks reachable

Phase 2: MPLS Core (Weekend 2)

• Module 2: MPLS/LDP on all core links
• Module 3: iBGP with Route Reflector

Phase 3: Services (Weekend 3)

• Module 4: VRFs and L3VPN
• Module 5: eBGP peering at the IXP

Phase 4: Modern SP (Weekend 4)

• Module 6: Migrate LDP to Segment Routing
• Module 7: SR-TE policies

Phase 5: Break Things (Weekend 5+)

• Module 8: Attack and defense scenarios

Quick Reference Commands

What You Want	Command
IS-IS neighbors	show isis neighbors
MPLS labels	show mpls forwarding-table
BGP summary	show bgp summary
VRF routes	show ip route vrf CUST_A
SR SIDs	show isis segment-routing prefix-sid-map