BGP » Historique » Version 177
Version 176 (Laurent GUERBY, 11/09/2015 09:53) → Version 177/192 (Laurent GUERBY, 13/09/2015 13:45)
{{>toc}}
h1. BGP
h2. Liens
Nous utilisons BIRD sous Linux comme routeur BGP
http://bird.network.cz/
blog bgp http://www.renesys.com/blog/
flowspec http://www.slideshare.net/sfouant/an-introduction-to-bgp-flow-spec
DFZ = Default Free Zone archive http://archive.routeviews.org/
http://www.ripe.net/data-tools/stats/ris/routing-information-service
https://stat.ripe.net/widget/announced-prefixes
http://pch.net/resources/data/routing-tables/archive/
http://pch.net/resources/data/routing-tables/mrt-bgp-updates/
http://www.nanog.org/meetings/archive/
http://tools.ietf.org/html/draft-lapukhov-bgp-routing-large-dc-02
http://inside.godaddy.com/inside-story-happened-godaddy-com-sept-10-2012/
liste des communautés des opérateurs http://onesc.net/communities/ via http://www.bortzmeyer.org/7153.html
http://tools.ietf.org/html/rfc4271#section-9.1 BGP route decision process
http://www.ipbcop.org/
IP Best Current Operational Practices Documented best practices for Engineers by Engineers
BGP best practices ANSSI
https://www.sstic.org/media/SSTIC2012/SSTIC-actes/influence_des_bonnes_pratiques_sur_les_incidents_b/SSTIC2012-Article-influence_des_bonnes_pratiques_sur_les_incidents_bgp-contat_valadon_nataf_2.pdf
http://www.ssi.gouv.fr/fr/bonnes-pratiques/recommandations-et-guides/securite-des-reseaux/le-guide-des-bonnes-pratiques-de-configuration-de-bgp.html
http://tools.ietf.org/html/draft-ietf-opsec-bgp-security-01
https://www.ams-ix.net/technical/specifications-descriptions/ams-ix-route-servers
these LAAS BGP http://www.laas.fr/1-31360-Detail-Soutenance-de-these.php?id=600
http://www.laas.fr/1-31706-Publications.php?author=7738
http://www.net.t-labs.tu-berlin.de/papers/OMUPMO-OOSICP-11.pdf
http://hal.archives-ouvertes.fr/docs/00/60/53/83/PDF/dVirt-virtual_platform.pdf
http://hal.archives-ouvertes.fr/docs/00/48/70/74/PDF/Poster_SIGCOMM2010_philippe.pdf
Le monde sur BGP http://reseaux.blog.lemonde.fr/2012/11/04/routage-enjeu-cyberstrategie/
coupure free wanadoo http://www.journaldunet.com/solutions/0301/030122_freeft.shtml
tsunami Japon 2011 et BGP : http://archive.psg.com/111206.conext-quake.pdf
Session is up on telnet:route-views.routeviews.org username rviews
BGP book http://www.bortzmeyer.org/files/bgp.html
Cyclops is able to detect several forms of route hijack attacks http://cyclops.cs.ucla.edu/
BGPmon monitors the routing of your prefixes and alerts you in case of an 'interesting' path chang http://www.bgpmon.net/
http://jointtransit.nl/prices.html
http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho
* taille table de routage http://bgp.potaroo.net/
* BGP in 2011 Geoff Huston APNIC http://iepg.org/2011-11-ietf82/2011-11-13-bgp2011.pdf
* http://pages.cs.wisc.edu/~plonka/netgear-sntp/
* http://www.afnic.fr/fr/l-afnic-en-bref/actualites/actualites-generales/7114/show/l-observatoire-sur-la-resilience-de-l-internet-francais-publie-son-rapport-2012.html
* http://www.ris.ripe.net/dashboard/2a01:6600:8000::/40
* http://www.bortzmeyer.org/6996.html
** RFC 6996 : Autonomous System (AS) Reservation for Private Use
** http://www.iana.org/assignments/as-numbers
* Look for TRACEROUTE by SRCGUARDIAN in the Play Store. It needs network access only... Doesn't do TCP but does ICMP and UDP traceroutes and displays ASN as well ...
* http://www.team-cymru.org/Services/Bogons/bgp.html
** http://www.team-cymru.org/Services/Bogons/bgp-examples.html#bird-full
* 3D looking glass http://as2914.net/#/
* https://labs.ripe.net/Members/emileaben/has-the-routability-of-longer-than-24-prefixes-changed
h1. Bird
h2. Link local IPv6 static route
<pre>
protocol direct {
interface "eth0";
}
protocol static {
route 2001:db8::/32 via fe80::1%eth0;
}
</pre>
h2. Gitoyen BIRD config
https://code.ffdn.org/gitoyen/bird-config/
Et autres outils dont le blackholing automatique : https://code.ffdn.org/org/gitoyen
h2. Misc BIRD Links
* zeromq integration https://github.com/samrussell/bird/tree/zmqintegration
* https://www.netdev01.org/docs/prabhu-linux_ipv4_ipv6_inconsistencies_talk_slides.pdf
h1. TouIX et GIX
http://touix.net
http://wikilulu.net/doku.php?id=articles:gix-howto
h1. Evolutions de la conf BGP
* http://lists.tetaneutral.net/pipermail/technique/2011-December/000118.html
TODO:
* mise en place d'un gestionaire de version style git au moins pour documentation
* Comment gerer les password MD5 du fichier de conf (les garder secrets tout en publiant le reste)
* Atelier ?
** Laurent GUERBY
** Solarus
** Ajouter son nom...
Alternative a MP BGP
http://tools.ietf.org/html/draft-ietf-idr-bgp-multisession-06
Add Path
http://tools.ietf.org/html/draft-ietf-idr-add-paths-07
support in bird ? http://marc.info/?l=bird-users&m=134409996129466&w=2
h1. Liens
* http://www.cl.cam.ac.uk/~tgg22/talks/BGP_TUTORIAL_ICNP_2002.ppt
* http://www.menog.net/menog-meetings/menog5/presentations/smith-32bit-asn-update.pdf
* AS4 http://www.rfc-editor.org/rfc/rfc4893.txt
* bonnes pratiques incidents BGP
** https://www.sstic.org/media/SSTIC2012/SSTIC-actes/influence_des_bonnes_pratiques_sur_les_incidents_b/SSTIC2012-Slides-influence_des_bonnes_pratiques_sur_les_incidents_bgp-contat_valadon_nataf.pdf
* test ping plus UDP http://www.broadband-forum.org/technical/download/TR-143.pdf
h1. Configuration Toulouse
<pre>
router id 91.224.148.2;
define myas = 197422;
protocol device {
scan time 10;
primary "eth0" 91.224.148.3;
}
protocol static static_bgp {
import all;
route 91.224.148.0/23 reject;
}
protocol kernel{
import all;
export all;
}
function avoid_martians()
prefix set martians;
{
martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+ ];
# Avoid 0.0.0.0/X
if net.ip = 0.0.0.0 then return false;
# Avoid too short and too long prefixes
if (net.len < 8) || (net.len > 24) then return false;
# Avoid RFC1918 networks
if net ~ martians then return false;
return true;
}
filter bgp_OUT {
if (net ~ [91.224.148.0/23]) then accept;
else reject;
}
protocol bgp TOUIX {
local as myas;
neighbor 91.213.236.1 as 47184;
preference 200;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp JAGUAR {
local as myas;
neighbor 31.172.233.1 as 30781;
preference 50;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp TETANEUTRAL {
local as myas;
neighbor 91.224.148.2 as myas;
preference 100;
import where avoid_martians();
export all;
}
</pre>
h1. IRR
* From nanog:
http://www.clarksys.com/blog/2009/09/02/using-irr-with-level3/
whois -h filtergen.level3.net "RIPE::YOUR-AS-SET -searchpath=RIPE;ARIN;RADB -recurseok -warnonly"
h1. Blackholing
h2. DECIX
http://de-cix.net/products-services/de-cix-frankfurt/blackholing/
h2. Attaques
* 20120629 http://lists.tetaneutral.net/pipermail/technique/2012-July/000406.html
* http://blog.cloudflare.com/65gbps-ddos-no-problem
h2. URPF
blacklister une/plusieures sources est relativement complexe à mettre en place sur une petite infrastructure car nécessite la mise en place de l'URPF (Unicast Reverse Path Forwarding).
http://www.cisco.com/web/about/security/intelligence/ipv6_rtbh.html
h2. RFC3882
* http://www.ietf.org/rfc/rfc3882.txt
community AS:666 sur annonce /32 pour balckhole par AS upstream
* doc CISCO
http://www.cisco.com/web/about/security/intelligence/blackhole.pdf
h2. RFC1997
* http://www.ietf.org/rfc/rfc1997.txt
BGP Communities Attribute
* doc CISCO
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_6-2/bgp_communities.html
h2. BIRD
* http://www.mail-archive.com/bird-users@atrey.karlin.mff.cuni.cz/msg01998.html
h2. Absolight
* communauté 29608:65001 sur /24..32 IPv4 et /41..128 IPv6 => blackhole
* test 20120703 IPv4 et IPv6, ça marche et convergence très rapide
h2. GIXE
* communauté 31576:666 sur /32 => blackhole
* test 20120703 => marche pas encore, signalé et dev a faire coté GIXE pour autoriser les /32
h2. Jaguar
* https://extranet.jaguar-network.com/app/public/index.php?cmd=bgp-policy
* demande 20120702 : pas de communauté blackhole actuellement, en reflexion
* déploiement de matériel arbor networks, reglage a affiner (pas de detection d'attaque)
h2. Gitoyen
* demande 20120704 sur la liste, réponse 20120717
* Tata http://noc.easycolocate.nl/Teleglobe_bgp_comm.pdf
*** => black-hole route (host route or shorter prefix within customer’s RIR registred assignment) 64999:0
* Ielo whois AS29075 => 29075:0 Null-route/Blackhole
* https://pad.ilico.org/p/cleanup-bgp-gitoyen
h2. France-IX
* community plan : https://apps.db.ripe.net/whois/lookup/ripe/aut-num/AS51706.html
* TODO tester
h2. Equinix-IX
* community plan : https://ix.equinix.com/ixp/mlpeCommunityInfo
* TODO tester
h2. TouIX
* demande acces switch et route server 20120702
* TODO
h2. Hurricane Electric
* http://www.he.net/adm/
* http://www.he.net/adm/blackhole.html
* TODO tester
h2. Sfinx
* http://www.renater.fr/route-servers-bgp?lang=fr
* whois AS1304 =>
remarks: 1304:65281 = Apply NO-EXPORT community
remarks: 1304:65282 = Apply NO-ADVERTISE community
h2. Cogent
h3. Docs
* http://www.cogentco.com/files/docs/customer_service/guide/global_cogent_customer_user_guide.pdf
** communautés page 21-22
* http://www.onesc.net/communities/as174/
* https://www.nanog.org/mailinglist/mailarchives/old_archive/2005-03/msg00465.html
* https://www.nanog.org/meetings/nanog45/presentations/Sunday/RAS_traceroute_N45.pdf
France / Benelux:
+33 1 49 03 1818 (Hotline)
+33 1 49 03 1803 (fax)
fr-support@cogentco.com (maintenance and repair)
bnl-support@cogentco.com (maintenance and repair))
billingeu@cogentco.com (billing, customer care)
All Customers in Europe can also contact the European Cogent Customer Support team
using the generic email address for Europe: eu-support@cogentco.com
Livré comme demandé sur rocade optique Fullsave :
Livré sur TLS01.CB.KD-05/A.To02.03&04 (tiroir optique N°2, fibre 03&04).
Cogent physical port te0/0/2/3-rcr11.tls01
Order ID/Service ID: 1-166108500
Service Type: EU_L3_ON_10GE_BURST
Commitment: 1000.0 MBps
Service Address: 125 bis ch du Sang de Serp
livraison dans baie Fullsave / salle LAP Te0/0/2/3 rcr01.tls01 -- > TLS01.CB.KD-05/A.To02.03&04
Toulouse, FR France 31000
Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014
Order ID/Service ID: 1-166108524
Service Type: EU_L3_ON_IPV6DSTACK_FLAT
Commitment: 0.0 MBps
Service Address: 125 bis ch du Sang de Serp
IPv6s fort port order 1-166108500
Toulouse, FR France 31000
Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014
Order ID/Service ID: 1-166108512
Service Type: EU_L0_ON_XCFIBER_FLAT
Commitment: 0.0 MBps
Service Address: 125 bis ch du Sang de Serp
Te0/0/2/3 rcr01.tls01 -- > TLS01.CB.KD-05/A.To02.03&04 port order 1-166108500
Toulouse, FR France 31000
Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014
h3. Config initiale BGP Cogent
<pre>
root@h7:~# cat /etc/bird/bird.conf
router id 149.11.58.74;
define myas = 197422;
timeformat base iso long;
timeformat log iso long;
timeformat protocol iso long;
timeformat route iso long;
log "/var/log/bird/bird-20140527.log" all;
debug commands 2;
debug protocols { states, events };
protocol device {
scan time 10;
}
protocol kernel {
import all;
export all;
learn;
}
filter bgp_OUT {
if (net ~ [91.224.148.0/23, 80.67.182.0/24, 89.234.156.0/23]) then {
accept;
}
reject;
}
filter bgp_IN_PEERING {
accept;
}
protocol bgp COGENT_TLS00 {
local as myas;
neighbor 149.11.58.73 as 174;
import filter bgp_IN_PEERING;
export filter bgp_OUT;
}
root@h7:~# cat /etc/bird/bird6.conf
router id 149.11.58.74;
define myas = 197422;
timeformat base iso long;
timeformat log iso long;
timeformat protocol iso long;
timeformat route iso long;
log "/var/log/bird/bird6-20140527.log" all;
debug commands 2;
debug protocols { states, events };
listen bgp v6only;
protocol device {
scan time 10;
}
protocol kernel {
import all;
export all;
learn;
}
filter bgp_OUT_6 {
if (net ~ [2a01:6600:8000::/40]) then {
accept;
}
reject;
}
filter bgp_IN_PEERING_6 {
accept;
}
protocol bgp COGENT_TLS00_6 {
local as myas;
neighbor 2001:978:2:68::8:1 as 174;
import filter bgp_IN_PEERING_6;
export filter bgp_OUT_6;
}
</pre>
h1. BGP
h2. Liens
Nous utilisons BIRD sous Linux comme routeur BGP
http://bird.network.cz/
blog bgp http://www.renesys.com/blog/
flowspec http://www.slideshare.net/sfouant/an-introduction-to-bgp-flow-spec
DFZ = Default Free Zone archive http://archive.routeviews.org/
http://www.ripe.net/data-tools/stats/ris/routing-information-service
https://stat.ripe.net/widget/announced-prefixes
http://pch.net/resources/data/routing-tables/archive/
http://pch.net/resources/data/routing-tables/mrt-bgp-updates/
http://www.nanog.org/meetings/archive/
http://tools.ietf.org/html/draft-lapukhov-bgp-routing-large-dc-02
http://inside.godaddy.com/inside-story-happened-godaddy-com-sept-10-2012/
liste des communautés des opérateurs http://onesc.net/communities/ via http://www.bortzmeyer.org/7153.html
http://tools.ietf.org/html/rfc4271#section-9.1 BGP route decision process
http://www.ipbcop.org/
IP Best Current Operational Practices Documented best practices for Engineers by Engineers
BGP best practices ANSSI
https://www.sstic.org/media/SSTIC2012/SSTIC-actes/influence_des_bonnes_pratiques_sur_les_incidents_b/SSTIC2012-Article-influence_des_bonnes_pratiques_sur_les_incidents_bgp-contat_valadon_nataf_2.pdf
http://www.ssi.gouv.fr/fr/bonnes-pratiques/recommandations-et-guides/securite-des-reseaux/le-guide-des-bonnes-pratiques-de-configuration-de-bgp.html
http://tools.ietf.org/html/draft-ietf-opsec-bgp-security-01
https://www.ams-ix.net/technical/specifications-descriptions/ams-ix-route-servers
these LAAS BGP http://www.laas.fr/1-31360-Detail-Soutenance-de-these.php?id=600
http://www.laas.fr/1-31706-Publications.php?author=7738
http://www.net.t-labs.tu-berlin.de/papers/OMUPMO-OOSICP-11.pdf
http://hal.archives-ouvertes.fr/docs/00/60/53/83/PDF/dVirt-virtual_platform.pdf
http://hal.archives-ouvertes.fr/docs/00/48/70/74/PDF/Poster_SIGCOMM2010_philippe.pdf
Le monde sur BGP http://reseaux.blog.lemonde.fr/2012/11/04/routage-enjeu-cyberstrategie/
coupure free wanadoo http://www.journaldunet.com/solutions/0301/030122_freeft.shtml
tsunami Japon 2011 et BGP : http://archive.psg.com/111206.conext-quake.pdf
Session is up on telnet:route-views.routeviews.org username rviews
BGP book http://www.bortzmeyer.org/files/bgp.html
Cyclops is able to detect several forms of route hijack attacks http://cyclops.cs.ucla.edu/
BGPmon monitors the routing of your prefixes and alerts you in case of an 'interesting' path chang http://www.bgpmon.net/
http://jointtransit.nl/prices.html
http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho
* taille table de routage http://bgp.potaroo.net/
* BGP in 2011 Geoff Huston APNIC http://iepg.org/2011-11-ietf82/2011-11-13-bgp2011.pdf
* http://pages.cs.wisc.edu/~plonka/netgear-sntp/
* http://www.afnic.fr/fr/l-afnic-en-bref/actualites/actualites-generales/7114/show/l-observatoire-sur-la-resilience-de-l-internet-francais-publie-son-rapport-2012.html
* http://www.ris.ripe.net/dashboard/2a01:6600:8000::/40
* http://www.bortzmeyer.org/6996.html
** RFC 6996 : Autonomous System (AS) Reservation for Private Use
** http://www.iana.org/assignments/as-numbers
* Look for TRACEROUTE by SRCGUARDIAN in the Play Store. It needs network access only... Doesn't do TCP but does ICMP and UDP traceroutes and displays ASN as well ...
* http://www.team-cymru.org/Services/Bogons/bgp.html
** http://www.team-cymru.org/Services/Bogons/bgp-examples.html#bird-full
* 3D looking glass http://as2914.net/#/
* https://labs.ripe.net/Members/emileaben/has-the-routability-of-longer-than-24-prefixes-changed
h1. Bird
h2. Link local IPv6 static route
<pre>
protocol direct {
interface "eth0";
}
protocol static {
route 2001:db8::/32 via fe80::1%eth0;
}
</pre>
h2. Gitoyen BIRD config
https://code.ffdn.org/gitoyen/bird-config/
Et autres outils dont le blackholing automatique : https://code.ffdn.org/org/gitoyen
h2. Misc BIRD Links
* zeromq integration https://github.com/samrussell/bird/tree/zmqintegration
* https://www.netdev01.org/docs/prabhu-linux_ipv4_ipv6_inconsistencies_talk_slides.pdf
h1. TouIX et GIX
http://touix.net
http://wikilulu.net/doku.php?id=articles:gix-howto
h1. Evolutions de la conf BGP
* http://lists.tetaneutral.net/pipermail/technique/2011-December/000118.html
TODO:
* mise en place d'un gestionaire de version style git au moins pour documentation
* Comment gerer les password MD5 du fichier de conf (les garder secrets tout en publiant le reste)
* Atelier ?
** Laurent GUERBY
** Solarus
** Ajouter son nom...
Alternative a MP BGP
http://tools.ietf.org/html/draft-ietf-idr-bgp-multisession-06
Add Path
http://tools.ietf.org/html/draft-ietf-idr-add-paths-07
support in bird ? http://marc.info/?l=bird-users&m=134409996129466&w=2
h1. Liens
* http://www.cl.cam.ac.uk/~tgg22/talks/BGP_TUTORIAL_ICNP_2002.ppt
* http://www.menog.net/menog-meetings/menog5/presentations/smith-32bit-asn-update.pdf
* AS4 http://www.rfc-editor.org/rfc/rfc4893.txt
* bonnes pratiques incidents BGP
** https://www.sstic.org/media/SSTIC2012/SSTIC-actes/influence_des_bonnes_pratiques_sur_les_incidents_b/SSTIC2012-Slides-influence_des_bonnes_pratiques_sur_les_incidents_bgp-contat_valadon_nataf.pdf
* test ping plus UDP http://www.broadband-forum.org/technical/download/TR-143.pdf
h1. Configuration Toulouse
<pre>
router id 91.224.148.2;
define myas = 197422;
protocol device {
scan time 10;
primary "eth0" 91.224.148.3;
}
protocol static static_bgp {
import all;
route 91.224.148.0/23 reject;
}
protocol kernel{
import all;
export all;
}
function avoid_martians()
prefix set martians;
{
martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+ ];
# Avoid 0.0.0.0/X
if net.ip = 0.0.0.0 then return false;
# Avoid too short and too long prefixes
if (net.len < 8) || (net.len > 24) then return false;
# Avoid RFC1918 networks
if net ~ martians then return false;
return true;
}
filter bgp_OUT {
if (net ~ [91.224.148.0/23]) then accept;
else reject;
}
protocol bgp TOUIX {
local as myas;
neighbor 91.213.236.1 as 47184;
preference 200;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp JAGUAR {
local as myas;
neighbor 31.172.233.1 as 30781;
preference 50;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp TETANEUTRAL {
local as myas;
neighbor 91.224.148.2 as myas;
preference 100;
import where avoid_martians();
export all;
}
</pre>
h1. IRR
* From nanog:
http://www.clarksys.com/blog/2009/09/02/using-irr-with-level3/
whois -h filtergen.level3.net "RIPE::YOUR-AS-SET -searchpath=RIPE;ARIN;RADB -recurseok -warnonly"
h1. Blackholing
h2. DECIX
http://de-cix.net/products-services/de-cix-frankfurt/blackholing/
h2. Attaques
* 20120629 http://lists.tetaneutral.net/pipermail/technique/2012-July/000406.html
* http://blog.cloudflare.com/65gbps-ddos-no-problem
h2. URPF
blacklister une/plusieures sources est relativement complexe à mettre en place sur une petite infrastructure car nécessite la mise en place de l'URPF (Unicast Reverse Path Forwarding).
http://www.cisco.com/web/about/security/intelligence/ipv6_rtbh.html
h2. RFC3882
* http://www.ietf.org/rfc/rfc3882.txt
community AS:666 sur annonce /32 pour balckhole par AS upstream
* doc CISCO
http://www.cisco.com/web/about/security/intelligence/blackhole.pdf
h2. RFC1997
* http://www.ietf.org/rfc/rfc1997.txt
BGP Communities Attribute
* doc CISCO
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_6-2/bgp_communities.html
h2. BIRD
* http://www.mail-archive.com/bird-users@atrey.karlin.mff.cuni.cz/msg01998.html
h2. Absolight
* communauté 29608:65001 sur /24..32 IPv4 et /41..128 IPv6 => blackhole
* test 20120703 IPv4 et IPv6, ça marche et convergence très rapide
h2. GIXE
* communauté 31576:666 sur /32 => blackhole
* test 20120703 => marche pas encore, signalé et dev a faire coté GIXE pour autoriser les /32
h2. Jaguar
* https://extranet.jaguar-network.com/app/public/index.php?cmd=bgp-policy
* demande 20120702 : pas de communauté blackhole actuellement, en reflexion
* déploiement de matériel arbor networks, reglage a affiner (pas de detection d'attaque)
h2. Gitoyen
* demande 20120704 sur la liste, réponse 20120717
* Tata http://noc.easycolocate.nl/Teleglobe_bgp_comm.pdf
*** => black-hole route (host route or shorter prefix within customer’s RIR registred assignment) 64999:0
* Ielo whois AS29075 => 29075:0 Null-route/Blackhole
* https://pad.ilico.org/p/cleanup-bgp-gitoyen
h2. France-IX
* community plan : https://apps.db.ripe.net/whois/lookup/ripe/aut-num/AS51706.html
* TODO tester
h2. Equinix-IX
* community plan : https://ix.equinix.com/ixp/mlpeCommunityInfo
* TODO tester
h2. TouIX
* demande acces switch et route server 20120702
* TODO
h2. Hurricane Electric
* http://www.he.net/adm/
* http://www.he.net/adm/blackhole.html
* TODO tester
h2. Sfinx
* http://www.renater.fr/route-servers-bgp?lang=fr
* whois AS1304 =>
remarks: 1304:65281 = Apply NO-EXPORT community
remarks: 1304:65282 = Apply NO-ADVERTISE community
h2. Cogent
h3. Docs
* http://www.cogentco.com/files/docs/customer_service/guide/global_cogent_customer_user_guide.pdf
** communautés page 21-22
* http://www.onesc.net/communities/as174/
* https://www.nanog.org/mailinglist/mailarchives/old_archive/2005-03/msg00465.html
* https://www.nanog.org/meetings/nanog45/presentations/Sunday/RAS_traceroute_N45.pdf
France / Benelux:
+33 1 49 03 1818 (Hotline)
+33 1 49 03 1803 (fax)
fr-support@cogentco.com (maintenance and repair)
bnl-support@cogentco.com (maintenance and repair))
billingeu@cogentco.com (billing, customer care)
All Customers in Europe can also contact the European Cogent Customer Support team
using the generic email address for Europe: eu-support@cogentco.com
Livré comme demandé sur rocade optique Fullsave :
Livré sur TLS01.CB.KD-05/A.To02.03&04 (tiroir optique N°2, fibre 03&04).
Cogent physical port te0/0/2/3-rcr11.tls01
Order ID/Service ID: 1-166108500
Service Type: EU_L3_ON_10GE_BURST
Commitment: 1000.0 MBps
Service Address: 125 bis ch du Sang de Serp
livraison dans baie Fullsave / salle LAP Te0/0/2/3 rcr01.tls01 -- > TLS01.CB.KD-05/A.To02.03&04
Toulouse, FR France 31000
Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014
Order ID/Service ID: 1-166108524
Service Type: EU_L3_ON_IPV6DSTACK_FLAT
Commitment: 0.0 MBps
Service Address: 125 bis ch du Sang de Serp
IPv6s fort port order 1-166108500
Toulouse, FR France 31000
Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014
Order ID/Service ID: 1-166108512
Service Type: EU_L0_ON_XCFIBER_FLAT
Commitment: 0.0 MBps
Service Address: 125 bis ch du Sang de Serp
Te0/0/2/3 rcr01.tls01 -- > TLS01.CB.KD-05/A.To02.03&04 port order 1-166108500
Toulouse, FR France 31000
Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014
h3. Config initiale BGP Cogent
<pre>
root@h7:~# cat /etc/bird/bird.conf
router id 149.11.58.74;
define myas = 197422;
timeformat base iso long;
timeformat log iso long;
timeformat protocol iso long;
timeformat route iso long;
log "/var/log/bird/bird-20140527.log" all;
debug commands 2;
debug protocols { states, events };
protocol device {
scan time 10;
}
protocol kernel {
import all;
export all;
learn;
}
filter bgp_OUT {
if (net ~ [91.224.148.0/23, 80.67.182.0/24, 89.234.156.0/23]) then {
accept;
}
reject;
}
filter bgp_IN_PEERING {
accept;
}
protocol bgp COGENT_TLS00 {
local as myas;
neighbor 149.11.58.73 as 174;
import filter bgp_IN_PEERING;
export filter bgp_OUT;
}
root@h7:~# cat /etc/bird/bird6.conf
router id 149.11.58.74;
define myas = 197422;
timeformat base iso long;
timeformat log iso long;
timeformat protocol iso long;
timeformat route iso long;
log "/var/log/bird/bird6-20140527.log" all;
debug commands 2;
debug protocols { states, events };
listen bgp v6only;
protocol device {
scan time 10;
}
protocol kernel {
import all;
export all;
learn;
}
filter bgp_OUT_6 {
if (net ~ [2a01:6600:8000::/40]) then {
accept;
}
reject;
}
filter bgp_IN_PEERING_6 {
accept;
}
protocol bgp COGENT_TLS00_6 {
local as myas;
neighbor 2001:978:2:68::8:1 as 174;
import filter bgp_IN_PEERING_6;
export filter bgp_OUT_6;
}
</pre>