保護Starlink互聯網服務.pdf

《保護Starlink互聯網服務.pdf》由會員分享，可在線閱讀，更多相關《保護Starlink互聯網服務.pdf（136頁珍藏版）》請在三個皮匠報告上搜索。

1、#CiscoLive#CiscoLiveAndrew Benhase,Federal ArchitectCyberSecOps,ThreatCowboyBRKSEC-2037Securing StarlinkCommunications 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App 3Questions?Use Cisco Webex App to chat with the speaker afte

2、r the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12343https:/ 2023 Cisco and/or its affiliates.All

3、rights reserved.Cisco PublicBRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat I do here ciscoFederal Security ArchitectAt Cisco 23 years,supporting US Federal Government31 years primarily supporting US Defense,Civilian and Intelligence CommunitiesDeep focus

4、on defensive cyber operations,advanced encryption,making security work!My first Networkers was in 1995 https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive5BRKSEC-2037From MLB to MEL 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFrom MLB to

5、 AMS6BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFrom MLB to LAS7BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSpace-X Heavy8Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicOrbital Mechanics 1

6、01What is Starlink today?How does Cisco work with Starlink?Securing StarlinkThings you need to knowBRKSEC-20379AbstractWe will cover basics of the Starlink service,what the networking evolution looks like moving forward and how to effectively secure it.Latest News Updates 2023 Cisco and/or its affil

7、iates.All rights reserved.Cisco Public#CiscoLiveLatest News CL EMEABRKSEC-203712 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLatest News CL EMEABRKSEC-203713 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSunday June 4th,202314BRKSEC-2037Sta

8、rlink Launch Group 6-4V2.0 Satellites4-JUN 2023Gen 2 v2 Mini 22 launched 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveStarlink Federal Room(SL-OSINT)15BRKSEC-2037Orbits are orbits right?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOrbits ar

9、e Orbits?17BRKSEC-2037Low Earth Orbit-LEOMedium Earth Orbit-MEOGeostationary Earth Orbit-GEOGeosynchronous Earth Orbit-GEOPolar OrbitHey Andrew,this is Cisco Live.Why do I need to know about physics,orbits,altitudes and latency?Answer:Because this is an Engineering discussion,not a sales and marketi

10、ng pitch 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSpeed of Light in a Vacuumc=Light(Photons)FrequencyWavelength300,000 km/sBRKSEC-203720 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSpeed of Light in a VacuumSpeed of Light in an Atmosph

11、ere10-200msTerrestrial Ground Delay40ms Great700ms Not-GreatLoss CalculationBRKSEC-203721 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLEO 1000 kilometers and belowStarlink 540km(345 miles)One way latency 12-25msRTT-25-50msMEO 8000 kilometers(5,000 miles)RTT 350msGEO 36

12、,000 kilometers(22,000 miles)RTT 725msOrbits and NetworkingBRKSEC-203722Happy Network ZoneSad Network Zone 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTime Matters40ms350ms700msBRKSEC-203723 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePhy

13、sics Matters40ms350ms700msBRKSEC-203724 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCurrent Polar Orbit PathsBRKSEC-203725What is Starlink?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveA global satellite network in Low Earth Orbit currently

14、 consisting of 3000 satellites*What is Starlink?*groups of 53 being launched on a regular basisBRKSEC-203727 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDisclaimerStarlink.sxDesigned by Mike Puchol,who states this site is NOT affiliated with Starlink or SpaceX.Link is

15、https:/starlink.sx/It is an excellent website to help understand satellite movement,tracking and orbital mechanicsMany of the screenshots are from starlink.sx simulation it is not a Starlink sponsored tool that saidorbital calculations are really just mathand positions are publishedThese are assumpt

16、ions based on collected knowledge,Starlinkdoes not publish any of this information for obvious reasonsBRKSEC-203728 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveH3 is a geospatial indexing system that partitions the world into hexagonal cellsEach Hexagonal Grid is mappe

17、d into 8000 hexagonal sections for each Satellite Radio FootprintOpensource Mapping Systemhttps:/h3geo.orgH3 Geospatial MappingBRKSEC-203729 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFCC Approval for 12,000 satellitesStarlink Satellites operate in five primary define

18、d orbital shells at between 550km-570km in altitudeFirst shell:1,440 in a 550 km(341.8 mi)altitude shell at 53.0 inclinationSecond shell:1,440 in a 540 km(335.5 mi)shell at 53.2 inclinationThird shell:720 in a 570 km(354.2 mi)shell at 70 inclinationFourth shell:336 in a 560 km(348.0 mi)shell at 97.6

19、 inclinationFifth shell:172 satellites in a 560 km(348.0 mi)shell at 97.6 inclinationBasic Orbital MechanicsBRKSEC-203730 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSatellite v1.5Each satellite features four antennas in Ku band,one for uplink,three for downlink Each a

20、ntenna is capable of projecting eight beams in two polarizations(RHCP/LHCP),for a total 48 downlink beams and 16 uplink beams.The maximum bandwidth available to Starlink in Ku band is 8x 250 MHz channels in downlink(total 2 GHz),and 8x 62.5 MHz channels in uplink(total 500 MHz)Each Satellite nominal

21、ly operates at 10Gbps capacity with future expansion to 20GbpsBRKSEC-203731 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFaced towards GroundDownlink Antenna Cluster1234Uplink AntennaCredit:StarlinkBRKSEC-203732 2023 Cisco and/or its affiliates.All rights reserved.Cisco

22、 Public#CiscoLiveSatellite v2.0 and v2.0 MiniRequires Starship to realistically launch volumeStarshield requires itMuch larger payload(1800 lbs)Gen 2 Mini launch,critical failures,50%de-orbited on initial launchGen 2.0 satellites will take many years to fully field33BRKSEC-2037 2023 Cisco and/or its

23、 affiliates.All rights reserved.Cisco Public#CiscoLiveHow Radio Footprints workBRKSEC-203734 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive3 Beam Optical Head using Infrared LaserSame Orbital Plane OperationTheoretically could offload to parallel polar plane satellite In

24、frared“Space Lasers”Credit:SpaceX/StarlinkBRKSEC-203735 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveGround Station36BRKSEC-2037Each gateway antenna has available a maximum of 4x 500 MHz channels(total 2 GHz)in uplink,and 5x 250 MHz channels(total 1.25 GHz)in downlinkIn

25、 this configuration where 8 antennas are active would be 10Ghz total active Down and 6Ghz Up per siteGround stations are positioned on top of existing Fiber PathsEach Parabolic Antenna can support 10Gbps x 2)So thats up to 1.6Tbps theoretical bandwidth for a site with 8 active 2023 Cisco and/or its

26、affiliates.All rights reserved.Cisco Public#CiscoLiveBasic Networking37BRKSEC-2037NAT RouterDynamic IP address assigned by StarlinkInternet 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUS Gateway LocationsBRKSEC-203738 2023 Cisco and/or its affiliates.All rights reserve

27、d.Cisco Public#CiscoLiveEMEA Gateway LocationsBRKSEC-203739 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFrankfurtFrankfurtAmsterdamAmsterdamLondonLondonHow does it work in Ukraine?How does it work in Ukraine?PolandPolandLithuaniaLithuaniaRadio GatewaysLithuaniaPolandIn

28、ternet GatewaysFrankfurtLondonBRKSEC-203740 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveList of Australian Starlink Ground StationsCataby,WAMerredin,WASouth West of Coolgardia,WAWagin,WAKi Ki,SAPimba,SABroken Hill,NSWBoorowa,NSWCalrossie,NSWCanyonleigh,NSWCobargo,NSWSp

29、ringbrook Creek,NSWTea Gardens,NSWKi Ki,SAAnankie,VICKoonwarra,VICTorrumbarry,VICWest of Emerald,QLDToonpan,QLDWarra,QLDWillows,QLDBulla Bulling,WABRKSEC-203741 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOnly authorized to operate in certain countries based on per cou

30、ntry acceptanceBRKSEC-203742 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-203743 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThings we knowDense Orbital shells are extremely robustFrequency shifts can be simple software operationsRe

31、ceive only satellite arrays are critically importantLow observability packages are importantLow cost Software Defined Radios(SDRs)are being used for offensive hunt operationsBRKSEC-203744Phased Array Antenna 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSpace Observation

32、 RadarExamples of Phased ArraysAN-SPY-1 Phased ArrayAEGIS Deployed and AshoreE-3 SentryAWACSE-2DEarly WarningBRKSEC-203746 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUp/Down configurationGround Terminal is a phased array antenna in one of two current configurations Ro

33、und(Gen1)or Rectangle(Gen2)Each array has hundreds of transceivers12-18 and 26.5-49 GHz bandsHow does Starlink work?BRKSEC-203747 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePhased Array AntennaStarlink Router(more on that later)Ethernet Cable with proprietary endsGrou

34、nd TerminalBRKSEC-203748 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBasic NetworkingRadio Footprint of the SatelliteLayer 2 NetworkNAT RouterDynamic IP address assigned by StarlinkBRKSEC-203749 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv

35、eMicro Linux RouterNAT Operations60 second boot time192.168.128.0 NAT PoolStarlink RouterBRKSEC-203750 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveStarlink RouterNmap scan report for 192.168.1.1Host is up(0.0040s latency).Not shown:994 filtered tcp ports(no-response)PO

36、RT STATE SERVICE22/tcpopen ssh53/tcpopen domain80/tcpopen http9000/tcp open cslistener9001/tcp open tor-orport9002/tcp open dynamidNmap done:1 IP address(1 host up)scanned in 45.68 secondsBRKSEC-203751 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveYour VPN cares,dependin

37、g on what youre using.Double-NAT who cares?NAT-1CGNAT RouterNAT-2Internal IP AddressPublicly Routed IP AddressBRKSEC-203752 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhy is NAT an issue?53BRKSEC-2037Inside 192.168.1.1/24NAT RouterOutside 100.10.52.1/18DHCP AssignedDH

38、CP AssignedCG-NAT RouterOutside 98.97.179.128/25Internet 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThings that Fix NAT ProblemsStatic NAT configuration impossible with Starlink and CG-NAT carriersGRE/IPSec+NAT-T TunnelsStraight NAT-T TunnelsIPv6TCP VPN TunnelsBRKSEC-

39、203754 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHow the network works1 gi0-0-0-(66.28.3.217)0.661 ms 0.727 ms 2 te0-5-0-(154.54.6.57)0.896 ms te0-0-0-(154.54.31.229)0.998 ms 3 (154.54.88.234)0.839 (154.54.88.226)0.843 ms 4 mai-b2-(213.248.75.1)0.606 ms 0.625 ms 5 at

40、l-b24-(62.115.113.48)14.858 ms 14.762 ms 6 spacex-svc080559-ic370374.ip.twelve99-(62.115.146.55)14.741 ms 14.796 ms55 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHow the network worksBRKSEC-203756 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoL

41、iveCGNAT EmployedArray to Satellite to Ground Station are all FlatAppears that Ground to NAP is a series of Exit MPLS NetworksExit Routing is based on your specific Terminal*Network Configuration changes are frequent and unannouncedObservations of the Starlink NetworkExit Path is currently static ba

42、sed on your Service ClassPortabililty,Marine,RV,Aviation means that you can be placed in different exit VPNs,we assume dynamicallyBRKSEC-203757 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNetwork Static Exit RoutesIn Florida,my array lands in Central Florida,but exits

43、from the Atlanta Internet GatewayMobile Roaming still sends my traffic out of Atlanta,clearly tied to my Array_IDBRKSEC-203758Polar Orbits and“Space Lasers”2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSatellite Truths and MythsAll Starlink Satellites have“Lasers”FALSEFA

44、LSEAll Starlink Satellites can cross communicate to each other FALSEFALSESome Starlink Satellites have laser based optics that can point ahead of them to the next satellite TRUETRUEOn-orbit Satellites can calculate multi-planar ephemeris to dynamically communicate to satellites in different orbits-F

45、ALSEFALSEBRKSEC-203760 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePolar Orbit Satellites and Free Space OpticsGeneration 1 Satellites are Radio OnlyGeneration 1.5 and 2.0 Satellites are capable of Inter-Satellite Links(ISL)ISL Links work currently in a follow-me confi

46、gurationA polar string of satellites provide hop to hop communications in single fileClosest Radio Gateway provides the downlink for the chain of satellitesOnly use for satellites in polar orbits and where there is a Gateway connectionYou may not popYou may not pop-out onto the Internet in a country

47、 that you expectout onto the Internet in a country that you expectYou may not come out in a country you wantYou may not come out in a country you wantBRKSEC-203761 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-203762 2023 Cisco and/or its affiliates.All rights res

48、erved.Cisco Public#CiscoLivePolar Satellite Train with ISLGateway Connection to Montes Claros GatewayBRKSEC-203763BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-203764BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv

49、eBRKSEC-203765BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-203766BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThis satellite provides the backhaul to each of the other satellites selection algorithm is unknown

50、BRKSEC-203767BRKSEC-2037Challenges with Polar Orbits 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-2037No Orbital PathsNo Radio Footprints here69BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-203770BRKSEC-2037 2023 Ci

51、sco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-203771Starlink Security 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveStarlink SecurityThere is“very limited security other There is“very limited security other than what you bring yourselfthan wh

52、at you bring yourselfBRKSEC-2037BYOS Bring Your Own Security 73BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSum Total of available Security74BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveStarlink RouterNmap scan repor

53、t for 192.168.1.1Host is up(0.0040s latency).Not shown:994 filtered tcp ports(no-response)PORT STATE SERVICE22/tcpopen ssh53/tcpopen domain80/tcpopen http9000/tcp open cslistener9001/tcp open tor-orport9002/tcp open dynamidNmap done:1 IP address(1 host up)scanned in 45.68 secondsBRKSEC-203775BRKSEC-

54、2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCarrier Grade NAT(CGNAT)at the Internet GatewayIPv4 DHCP is assigned across the networkIPv6 Prefix Delegation works on some GatewaysLayer 2 network from terminal to ground to exit point(MPLS)Native IPSec will not work(CG

55、NAT)IPSec Encapsulation works NAT-T(udp4500)TLS VPNs workThere is NO local NAT configuration possible on the SL RouterThings we know about Starlink NetworkBRKSEC-203776 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive77Starlink Security TodayBRKSEC-2037WPA2 Implemented her

56、eCGNAT Router 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive78Starlink Security TodayBRKSEC-2037Security Must be Implemented HereCGNAT Router 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAdvanced NetworkingRadio Footprint of the SatelliteLay

57、er 2 NetworkFirewallRouter Placed in Bypass ModeOutside DHCP gets assigned by StarlinkSL EthernetAdapterSL Router in Bypass Mode:WIFI Gets disabledRouter is no longer locally accessibleStatistics are stored in SL CloudArray connects to SL Cloud and delivers updatesBRKSEC-203779BRKSEC-2037 2023 Cisco

58、 and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat is really happening(radio nerds)17%Radio Duty Cycle43-50 input watts runtime40W Transmit PowerBRKSEC-203780 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMX SeriesMR SeriesZ3 SeriesFirepower 1010 Serie

59、sMeraki+Firepower Deployment*Transparent Inline Pair*Planned for FDM in 7.4 Release BRKSEC-203781 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMX SeriesMR SeriesZ3 SeriesMeraki MX/MR/Z3 DeploymentBRKSEC-203782 2023 Cisco and/or its affiliates.All rights reserved.Cisco P

60、ublic#CiscoLiveNative IPv6 Support on MX and MR PlatformsBRKSEC-203783 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive84Meraki is the simplest security optionBRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTakes the downstream Prefix

61、 DelegationAutomatically deploys it to the downstream networksClients will be assigned IPv6 address out of your assigned PrefixMeraki is the simplest IPv6 Deployment Option85BRKSEC-2037/96 IPv6 Assigned Interface IP/64 Deployed Network 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publi

62、c#CiscoLiveNAT RouterAdmin OnlyEthernet AdapterKeep it simple,dont overcomplicate thingsBRKSEC-203786Deployment Considerations 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTerminals(arrays)are statically linked to what we believe to be MPLS VPNs with static exits to the

63、 InternetQoS ObservationsCGNAT RouterInternet NAPResidential QoSScavenger class QoSScavenger ClassPremium ClassBRKSEC-203788 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveYou will probably want a 150 foot cableYou can make a 300+foot cable easily by inserting Ethernet in

64、 the middleUse High Quality watertight connectorsDeployment ConsiderationsBRKSEC-203789BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-203790BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDecisions“High Performance

65、”is simply double the arrayThey have a single GigE output but have doubled the transceiversThey are clearly creating a Service Class for High Performance users and doing traffic engineering to support itBRKSEC-203791 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveI had a

66、recent important meeting to attend but it conflicted with PTO.BRKSEC-203792 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive“Scavenger Class”HD Video Broadcast to San JoseHD Video Broadcast to San JoseFrom Colorado From Colorado 100%Off Grid100%Off GridBRKSEC-203793BRKSEC-

67、2037Austere Deployment Options 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDisclaimerI make 100%zero guarantees or warranty you wont damage something.BRKSEC-203795 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivehttps:/48-56V DC passive PoE i

68、njectorAllows you to remove Starlink Router entirelyConnect up BYOS optionsNeeds 48v DC PowerDitching the Starlink RouterCredit:BRKSEC-203796 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveParts NeededBRKSEC-203797 2023 Cisco and/or its affiliates.All rights reserved.Cisc

69、o Public#CiscoLiveWiring Diagram12volt DCLiFePO4 Battery12volt-48v DCDC Boost Converter_+_+MPPE Charge ControllerInline Fuse100-200w PanelMinimum 120wattsCarefully evaluate your actual WIFI Power Requirements!BRKSEC-203798SOLAR POWER 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#

70、CiscoLiveBRKSEC-2037100 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-2037101 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePower/Solar Conclusions102BRKSEC-2037You will need more stored power than you think1You will need more solar po

71、wer than you think2You will have to trial 24hr operation to be sure it works3You will have to account for lack of full solar cycles4Electron Security 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveGen 1 and Gen 2 Phased ArraysBRKSEC-2037104BRKSEC-2037 2023 Cisco and/or it

72、s affiliates.All rights reserved.Cisco Public#CiscoLiveHow to properly ground your Starlink ArrayGrounding is very importantA normal ground path will be direct to your equipment,which is an Ethernet adapter and Starlink RouterSpike will travel to the closest ground which if attached directly to the

73、ground is greatIf not done properly,you could easily loose all equipment attachedInsure that you have a proper ground pathTake your time,employ thought and basic knowledge of physicsBRKSEC-2037105BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveProprietary Conne

74、ctor to Router and Array must stay in place568B Termination in the middleUse Shielded RJ45 connectersRemember the path if a surge travels,where is it going?Re-Terminate your Starlink CableBRKSEC-2037106BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMounting Ma

75、tters Grounding MattersBRKSEC-2037107BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThese ends have to stay onStarlink ConnectorStarlink ConnectorTwisted Pair Cat5/6 in the MiddleBRKSEC-2037108BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Ci

76、sco Public#CiscoLiveRe-Terminated StarlinkCut the CableStock 150 footBRKSEC-2037109BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicUse Waterproof IP68 ConnectorsBRKSEC-2037110 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicUse Shielded RJ45 ConnectorsLe

77、ave Grounding Shield in PlaceTerminate with Shield touch the connector BRKSEC-2037111BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicEthernet Surge Suppression and Grounding BlockBRKSEC-2037112BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicP

78、roper GroundingBRKSEC-2037113BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMounting Matters Grounding MattersExternal Grounding StakeProtected EquipmentBRKSEC-2037114BRKSEC-2037Debugging 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoL

79、iveDebugging at the CLIBRKSEC-2037116 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDocker Tools RepositoryBRKSEC-2037117 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePerformance Data is stored in the Starlink CloudAllows remote access to da

80、ta statistics from your local network without being thereRemote ConnectionsBRKSEC-2037118 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivehttp:/BRKSEC-2037119 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivedish:reachable:true,service:dish,cloud:

81、false,features:stowRequested:true,unstow:true,timestamp:1666895243,deviceInfo:id:ut01000000-00000000-0008d16e,Starlink DebughardwareVersion:rev3_proto2,softwareVersion:223c055e-8fe8-42e6-8d00-cd4c6a466252.uterm.release,manufacturedVersion:,generationNumber:1665611831,countryCode:US,utcOffsetS:-17999

82、,softwarePartitionsEqual:false,isDev:false,bootcount:129,antiRollbackVersion:0,isHitl:false,deviceState:uptimeS:122693,alerts:motorsStuck:false,thermalThrottle:false,thermalShutdown:false,mastNotNearVertical:false,unexpectedLocation:false,slowEthernetSpeeds:false,roaming:false,installPending:false,i

83、sHeating:false,powerSupplyThermalThrottle:false,gpsStats:gpsValid:true,gpsSats:16,noSatsAfterTtff:falsegpsStats:gpsValid:true,gpsSats:16,auth:accessToken:,refreshToken:,accessTokenExpirationDate:2022-10-27T18:39:21Z,idToken:,tokenType:BearerBRKSEC-2037120 2023 Cisco and/or its affiliates.All rights

84、reserved.Cisco Public#CiscoLiveShould you leave your SL Router WIFI Enabled?The short answer is yes primarily for local debug reasonsJust dont use it for actual production usersIt is not securedIt is not configurableIt is not a FirewallIt is a very poor performing Access PointBYOS Bring Your Own Sec

85、urity BRKSEC-2037121What do you have running?2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-2037123 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLTE RouterAT&TLTEVerizonLTEInternetHIGH PROBABILITY OF UPTIMET-MobileAT&TMODEM 1MODEM 2BRK

86、SEC-2037124 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLTE RouterAT&TLTEVerizonLTEInternet SmoothingHIGHER PROBABILITY OF UPTIMET-MobileAT&TMODEM 1MODEM 2CGNAT RouterCGNAT RouterCGNAT RouterBRKSEC-2037125 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publ

87、ic#CiscoLiveLTE Cat 7/14 or 5G Cat 20 Modem?Great question do you think youll be close to a 5G network on a consistent basis?If not,I would opt for LTE based cellular modems x 2With WAN Smoothing technologies,over multiple interfaces,outage impacts are largely minimized126BRKSEC-20372Gbps315Mbps 202

88、3 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive127Starlink on Operational Crisis Response Deployment in OregonBRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive128VSAT on Operational Crisis Response Deployment in OregonBRKSEC-2037 2023 Ci

89、sco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive129“Hey Benhase where is the Advanced Networking version of your Starlink Presentation?”Well,I need your help BRKSEC-2037 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePlease Fill Out The Survey!130BRKSE

90、C-2037Questions 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!132BRKSEC-2037These points help you ge

91、t on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in theCisco Live Challenge for every survey completed.2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demos

92、Book your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive135Gamify your Cisco Live ex

93、perience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:1234135 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSEC-2037#CiscoLive