Skip to main content
SRC Mountain

Nokia Network and Service Router Security

Course number: TTP30096
Course duration: 4 days
Price: $3,125 US


Effective March 31st, 2022, the Nokia Network and Router Security course (TTP30096) will be retired and unavailable for delivery.  

Learn more

Course overview

The Nokia Network and Service Router Security course presents the technology, techniques, and best practices for implementing security in a Service Router based network. The course begins with an introduction to the security components, security challenges, and security risks and threats. It then covers in detail various methods, features, and techniques for securing the Nokia Service Router Operating System (SR OS) management plane, control plane, and data plane. Students will participate in many practical hands-on lab exercises throughout the course to ensure implementation-level knowledge of network and router security.

Course objectives

After completing the course, students should be able to:

  • Define security and its related terms
  • Describe the key components of a secure network: authentication, confidentiality, integrity and availability
  • Understand the two types of encryption algorithms
  • Understand common security challenges and threats to each layer in the OSI model
  • Describe the two management plane access types
  • Describe management plane attacks
  • Describe and configure various security features to control router access
  • Understand how to use filters and logging to restrict management traffic and track user activities
  • Explain and implement the configuration management features: configuration rollback, transactional configuration, command accounting, SNMP, and Netconf
  • Describe the different control plane threats
  • List the various methods and techniques for securing the control plane
  • Describe the different features that can be used to protect the CPM, such as CPM filters, CPM queues and CPU protection
  • Describe and configure techniques for Layer 2 VPLS security
  • Understand and configure techniques for securing Layer 3 protocols and routing information (IGP, MPLS, Multicast, and BGP)


  • Understand different data plane security threats such as address spoofing, data snooping, and denial of service attacks
  • List various techniques that can be used to protect the data plane such as network monitoring, traffic filters and IPSec tunnels
  • Describe passive and active monitoring and list monitoring options
  • Describe and configure local and remote mirroring
  • Describe and configure Cflowd
  • Understand lawful intercept
  • Configure traffic filters
  • Describe and configure unicast reverse path forwarding (uRPF) for IPv4/IPv6 protocols
  • Describe and configure BGP filters
  • Describe and configure BGP remote triggered black hole (RTBH)
  • Describe and configure BGP Flowspec
  • Describe and configure BGP route origin validation (ROV)
  • Describe IPSec protocols (IKE, ESP, AH)
  • Understand and configure IPSec tunnels used to protect data integrity

Course modules

  • Module 1– Introduction to security
  • Module 2 – SR OS management plane security


  • Module 3 – SR OS control plane security
  • Module 4 – SR OS data plane security

Schedule & registration


Nokia Service Routing Certification (SRC) Program and Confidentiality Agreement

Review the confidentiality agreement.