Bgp

BGP Blackholing is back - with small steps (‘better done than perfect’). go ahead and visit the current project page with “quick howto”. happy blackholing!

as you may have read recently I was playing with open source routing protocol packages again. from pure CLI familiarity reasons, I kept myself to FRRouting, which is evolution of Quagga, which itself is evolution of Zebra. and Zebra syntax and CLI is based on Cisco IOS. FRRouting thanks to Job Snijders for correcting me on the name - it’s no longer OpenFRR, it’s FRRouting. sorry! :) unfortunately, while it worked very well for my home network (FRRouting that is), when deploying in AS112 I hit some unexpected behaviors quite quickly after starting the project....

after last blog on sharing full bgp feed for IPv4, I got a number of interesting questions. given many of you were asking to have also IPv6 available, I decided to extend the project to cover that as well. disclaimer you’re doing this ON YOUR OWN. i’m not responsible for anything on your end and service itself. so if it crashes your router, makes all traffic to follow different paths, or essentially anything that you can’t control - you’re completely on your own....

Daniel Dib asked recently on Twitter about BGP convergence time for world wide operations. two hours he got in response from his friend seemed a bit too long. I did recently help to spin up new ASN with new IPv4 prefix (well, both came from second hand, but you get the point) and as far as I could tell, propagation took around 15 minutes maximum. so in the interest of self-education, I started digging....

update this project is still on, but at different IP. please refer to this updated description. old post below recent thread on nanog@ list got me back to old project that i was thinking about long time ago. and here it is - i just launched free-of-charge, load-your-router-with-full-live-bgp-feed service :) if you’re interested in joining the free project, disregard the information below and jump directly to latest version here disclaimer you’re doing this ON YOUR OWN....

last post in the series about my home lab resulted in a number of interesting emails in my inbox. i have to admit that i really appreciate words of praise. as well as those with constructive, critical feedback :) so after short description what is connected where and how (see link above), let’s focus now on services. first and foremost - remember it’s “always DNS” ;) so let’s tackle that....

while I already mentioned couple of times on this blog, that handling dynamic routing on firewall is asking yourself for unexpected problems, sometimes it’s needed. as Cisco, we don’t normally recommend using ASA or FTD boxes as full table BGP routers. not because they can’t be used in this role, but because we don’t believe it’s a good networking and security practice. here’s example from my home lab testing lab cluster of two ASA 5516-X, running 9....

google again dropped out of the internet because of failure to filter prefixes. SIDR configuration on Cisco gear is really simple - for IOS-XE, IOS-XR. if you have Juniper it takes like half a second of searching. of course configuring is one thing, visiting RIPE and cerfifying your own resources is another thing. then it’s all done. every prefix signed, and every autonomous system checking for certification data is helping. every single one....

long, long time ago, playing with BGP was reserved for secret group of people, that somewhat alike Lems Trurl and Klapaucjusz were laughing from mere mortals but didn’t share the knowledge. then, a lot of things changed, trainings, certifications appeared, and then bootcamps and finally massive, open-for-all intro courses. and now, BGP is everywhere and is configured by anyone - you’ll find typical home wives running it as well, as without it they couldn’t upload new contact via bluetooth it seems....

during previous PLNOG we’ve had a broad discussion about apocalyptic vision of depleting IPv4 and 2-byte space. some time ago Cisco IOS 12.4(24)T was released, and it brings 4-byte ASN feature for ISR (1800/2800/3800) and 7200 routers. so if you’re using Cisco gear, you can request 4 byte ASN using RIPE form, and then advertising it properly (starting from 1st of January, 2009 RIPE will by default hand out 4 byte ASNs)....