There is a bit of if and but invovled here... having said that the best way is to ask the basic question, to your upstream:-
A) Do you support Blackhole Community ? B) If yes, what is it ? and is there any setup / configuration required for my bgp session ? ============== If you are dealing with a named upstream, you can find a lot of their communities listed here http://onestep.net/communities/ ================== Regards Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> > To: af@afmug.com > Sent: Sunday, May 15, 2016 10:21:44 PM > Subject: Re: [AFMUG] Upstream BGP Questionairre > that request, lacking my fundamental understanding of the terminology, would > be > phrased how? > On Sat, May 14, 2016 at 5:56 PM, Josh Baird < joshba...@gmail.com > wrote: >> Yes, it requires your upstream to support a blackhole BGP community. This >> allows >> you to advertise host routes (/32 or smaller) to them using a specific BGP >> community when you want your ISP to drop all traffic for the prefix before it >> reaches you. This is -very- useful for DDoS defense. >> Josh >> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < >> thatoneguyst...@gmail.com > wrote: >>> That requires something specific? >>> On May 14, 2016 7:33 AM, "Erich Kaiser" < er...@northcentraltower.com > >>> wrote: >>>> We have started requiring our upstreams to filter by ASN vs Netblock. We >>>> are >>>> moving away from upstreams that do not utilize IRR Entries and require >>>> intervention every time we want to make a change, but it is continuous for >>>> us, >>>> so for most guys the one time setup is not a big deal, plus the upstream >>>> has to >>>> be trusting enough that we will have the correct filtering on our end. >>>> Steve, I would add Blackhole BGP community or session to your list. >>>> Erich Kaiser >>>> The Fusion Network >>>> er...@gotfusion.net >>>> Office: 630-621-4804 >>>> Cell: 630-777-9291 >>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart < p...@paulstewart.org > >>>> wrote: >>>>> Or, quite a number of carriers (especially in APAC, some carriers in >>>>> Canada, a >>>>> few in the US, and definitely a large number in Europe) will say “do you >>>>> have >>>>> an IRR entry at RADB?” and if you say yes then they will use the route >>>>> object >>>>> information but if you say no then they will tell you to open a ticket >>>>> with >>>>> their NOC each time you have a prefix to add/remove …. >>>>> I’m actually surprised by the number of transit providers that don’t’ >>>>> support >>>>> automation via IRR >>>>> Paul >>>>> From: Af [mailto: af-boun...@afmug.com ] On Behalf Of Faisal Imtiaz >>>>> Sent: May 13, 2016 9:25 PM >>>>> To: af@afmug.com >>>>> Subject: Re: [AFMUG] Upstream BGP Questionairre >>>>> Let me clarify this a bit more... >>>>> You are recommending that one creates it's own AS Object in the IRR..(aka >>>>> learns >>>>> and manages their own RR entries) (it really does not matter which IRR it >>>>> is, >>>>> at the end of the day they are all sort of synced, it is only a question >>>>> of who >>>>> is maintaining it, and who can provide help to newbies). .. BTW, I agree >>>>> with >>>>> this.. however .... >>>>> Cause at the end of the day, someone in the up-stream is very likely to >>>>> create >>>>> the record for you, if it is needed by them... >>>>> This is one of those things that most carriers find... "too much trouble >>>>> to >>>>> teach vs just do it for that network !" >>>>> :) >>>>> Regards. >>>>> Faisal Imtiaz >>>>> Snappy Internet & Telecom >>>>> 7266 SW 48 Street >>>>> Miami, FL 33155 >>>>> Tel: 305 663 5518 x 232 >>>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>>>>> From: "George Skorup" < geo...@cbcast.com > >>>>>> To: af@afmug.com >>>>>> Sent: Friday, May 13, 2016 7:15:26 PM >>>>>> Subject: Re: [AFMUG] Upstream BGP Questionairre >>>>>> I recommend adding your route or AS objects in ARIN's IRR. Merit RADb is >>>>>> not >>>>>> free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway. >>>>>> On 5/13/2016 3:49 PM, Faisal Imtiaz wrote: >>>>>>> See answers in-line below:- >>>>>>> Faisal Imtiaz >>>>>>> Snappy Internet & Telecom >>>>>>> 7266 SW 48 Street >>>>>>> Miami, FL 33155 >>>>>>> Tel: 305 663 5518 x 232 >>>>>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>>>>>>> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> >>>>>>>> To: af@afmug.com >>>>>>>> Sent: Friday, May 13, 2016 11:35:10 AM >>>>>>>> Subject: [AFMUG] Upstream BGP Questionairre >>>>>>>> Im going to expose the breadth of my incompetence here, but there are >>>>>>>> some >>>>>>>> questions in this document I want to make sure im answering accurately >>>>>>>> 1. Are you the owner of the AS Number with RIR- This im assuming is >>>>>>>> our ARIN >>>>>>>> direct allocation? >>>>>>> They are asking if you have a AS # assigned to you from ... (would be >>>>>>> ARIN for >>>>>>> North America). >>>>>>>> 2. Are you registered with an Internet Routing Registry? - Im not sure >>>>>>>> what this >>>>>>>> is, is this also ARIN or do I need to register something elsewhere? >>>>>>> Routing Registry.... it is a way to build authorized prefixes from a >>>>>>> DataBase... >>>>>>> You can read up about it from here >>>>>>> https://www.arin.net/resources/routing/ >>>>>>> Justin Wilson did a blog about it too... http://www.mtin.net/blog/?p=245 >>>>>>> and yes ARIN also provides a Routing Registry Service ... (along with a >>>>>>> few >>>>>>> others) >>>>>>>> 3. Which type of routes do you want to receive? - Full routes is what >>>>>>>> we want, >>>>>>>> but are there caveats in this answer I need to be prepared for? >>>>>>> No Caveats, as long as your equipment is able to take full routes, then >>>>>>> do so. >>>>>>>> 4. Do you have downstream ASNs? - I assume this would be customers >>>>>>>> with their >>>>>>>> own allocations? We currently do not, but do not want to close the >>>>>>>> door on that >>>>>>>> in the future. Is this something easily updated in the future? >>>>>>> Answer this question in the Present.. (you don't have any so say no)... >>>>>>> no >>>>>>> future door is closed due to this... this is just info asked / >>>>>>> collected for >>>>>>> the upstream to be able to build their ACL filters.... (This is also a >>>>>>> flag for >>>>>>> them to collect your BGP LOA's as well as your Customers to you..) >>>>>>> This becomes a mute topic, if you are versed in using the Routing >>>>>>> Registry and >>>>>>> maintaining your own Route Objects etc. >>>>>>>> 5. List all prefixes to be announced so that we can confirm the BGP >>>>>>>> ACL prior to >>>>>>>> activation: We only have a /22, but we do want the option down the >>>>>>>> road to pull >>>>>>>> /24 from one provider if need be. Would we list the /24s independently >>>>>>>> or the >>>>>>>> /22 as the aggregate? >>>>>>> You want to ask them for the following:- >>>>>>> xx.xx.xx.xx/22 please use the 'le 24' option with the filter. >>>>>>> Note: this will have them build a filter that can accept larger >>>>>>> prefixes between >>>>>>> 24 - 22, so it is not a 'specific' filter... >>>>>>>> 6. MD5 Password: On this is it standard practice to use the same >>>>>>>> password with >>>>>>>> all providers or different ones? >>>>>>> Your choice... either way.... no big deal, as long as you keep track of >>>>>>> them. >>>>>>>> -- >>>>>>>> If you only see yourself as part of the team but you don't see your >>>>>>>> team as part >>>>>>>> of yourself you have already failed as part of the team. > -- > If you only see yourself as part of the team but you don't see your team as > part > of yourself you have already failed as part of the team.
