I wish more upstreams auto-generated their prefix and as-path filters automatically from registry records. I hate submitting tickets for something that could be automated on their end :).
> On May 15, 2016, at 10:02 PM, Justin Wilson <li...@mtin.net> wrote: > > I did a blog post awhile back on routing registries: > > http://www.mtin.net/blog/?p=245 <http://www.mtin.net/blog/?p=245> > > > Justin Wilson > j...@mtin.net <mailto:j...@mtin.net> > > --- > http://www.mtin.net <http://www.mtin.net/> Owner/CEO > xISP Solutions- Consulting – Data Centers - Bandwidth > > http://www.midwest-ix.com <http://www.midwest-ix.com/> COO/Chairman > Internet Exchange - Peering - Distributed Fabric > >> On May 15, 2016, at 11:18 PM, That One Guy /sarcasm >> <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote: >> >> I am glad someone brought this up, i assumed this was a part in parcel thing >> with BGP. I know one of our upstreams this wont be an issue with. The other, >> well I have had to talk them through configuring things. I am beginning to >> think I made a mistake in not learning anything BGP. I thought it was best >> that way so I wouldnt screw shit up. but as we are getting closer to D day, >> I see, we are going to end up fucked for a period. and not that happy " I >> love you baby" f*%#ed. more along the lines of " did we start with a condom? >> Cause there isnt a condom" f*&^%d. >> >> On Sun, May 15, 2016 at 10:10 PM, Faisal Imtiaz <fai...@snappytelecom.net >> <mailto:fai...@snappytelecom.net>> wrote: >> There is a bit of if and but invovled here... >> >> having said that the best way is to ask the basic question, to your >> upstream:- >> >> A) Do you support Blackhole Community ? >> >> B) If yes, what is it ? and is there any setup / configuration required for >> my bgp session ? >> >> ============== >> If you are dealing with a named upstream, you can find a lot of their >> communities listed here >> >> http://onestep.net/communities/ <http://onestep.net/communities/> >> >> ================== >> >> >> Regards >> >> Faisal Imtiaz >> Snappy Internet & Telecom >> 7266 SW 48 Street >> Miami, FL 33155 >> Tel: 305 663 5518 x 232 <tel:305%20663%205518%20x%20232> >> >> Help-desk: (305)663-5518 <tel:%28305%29663-5518> Option 2 or Email: >> supp...@snappytelecom.net <mailto:supp...@snappytelecom.net> >> >> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com >> <mailto:thatoneguyst...@gmail.com>> >> To: af@afmug.com <mailto:af@afmug.com> >> Sent: Sunday, May 15, 2016 10:21:44 PM >> Subject: Re: [AFMUG] Upstream BGP Questionairre >> that request, lacking my fundamental understanding of the terminology, would >> be phrased how? >> >> On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com >> <mailto:joshba...@gmail.com>> wrote: >> Yes, it requires your upstream to support a blackhole BGP community. This >> allows you to advertise host routes (/32 or smaller) to them using a >> specific BGP community when you want your ISP to drop all traffic for the >> prefix before it reaches you. This is -very- useful for DDoS defense. >> Josh >> >> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm >> <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote: >> That requires something specific? >> >> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com >> <mailto:er...@northcentraltower.com>> wrote: >> We have started requiring our upstreams to filter by ASN vs Netblock. We >> are moving away from upstreams that do not utilize IRR Entries and require >> intervention every time we want to make a change, but it is continuous for >> us, so for most guys the one time setup is not a big deal, plus the upstream >> has to be trusting enough that we will have the correct filtering on our end. >> >> Steve, I would add Blackhole BGP community or session to your list. >> >> Erich Kaiser >> The Fusion Network >> er...@gotfusion.net <mailto:er...@gotfusion.net> >> Office: 630-621-4804 <tel:630-621-4804> >> Cell: 630-777-9291 <tel:630-777-9291> >> >> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org >> <mailto:p...@paulstewart.org>> wrote: >> Or, quite a number of carriers (especially in APAC, some carriers in Canada, >> a few in the US, and definitely a large number in Europe) will say “do you >> have an IRR entry at RADB?” and if you say yes then they will use the route >> object information but if you say no then they will tell you to open a >> ticket with their NOC each time you have a prefix to add/remove …. >> >> >> I’m actually surprised by the number of transit providers that don’t’ >> support automation via IRR >> >> >> Paul >> >> >> >> From: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com>] On >> Behalf Of Faisal Imtiaz >> Sent: May 13, 2016 9:25 PM >> To: af@afmug.com <mailto:af@afmug.com> >> Subject: Re: [AFMUG] Upstream BGP Questionairre >> >> >> Let me clarify this a bit more... >> >> >> You are recommending that one creates it's own AS Object in the IRR..(aka >> learns and manages their own RR entries) (it really does not matter which >> IRR it is, at the end of the day they are all sort of synced, it is only a >> question of who is maintaining it, and who can provide help to newbies). .. >> BTW, I agree with this.. however .... >> >> >> Cause at the end of the day, someone in the up-stream is very likely to >> create the record for you, if it is needed by them... >> >> This is one of those things that most carriers find... "too much trouble to >> teach vs just do it for that network !" >> >> >> :) >> >> >> Regards. >> >> >> Faisal Imtiaz >> Snappy Internet & Telecom >> 7266 SW 48 Street >> Miami, FL 33155 >> Tel: 305 663 5518 x 232 <tel:305%20663%205518%20x%20232> >> >> Help-desk: (305)663-5518 <tel:%28305%29663-5518> Option 2 or Email: >> supp...@snappytelecom.net <mailto:supp...@snappytelecom.net> >> >> From: "George Skorup" <geo...@cbcast.com <mailto:geo...@cbcast.com>> >> To: af@afmug.com <mailto:af@afmug.com> >> Sent: Friday, May 13, 2016 7:15:26 PM >> Subject: Re: [AFMUG] Upstream BGP Questionairre >> >> I recommend adding your route or AS objects in ARIN's IRR. Merit RADb is not >> free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway. >> >> On 5/13/2016 3:49 PM, Faisal Imtiaz wrote: >> >> See answers in-line below:- >> >> >> Faisal Imtiaz >> Snappy Internet & Telecom >> 7266 SW 48 Street >> Miami, FL 33155 >> Tel: 305 663 5518 x 232 <tel:305%20663%205518%20x%20232> >> >> Help-desk: (305)663-5518 <tel:%28305%29663-5518> Option 2 or Email: >> supp...@snappytelecom.net <mailto:supp...@snappytelecom.net> >> >> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> >> <mailto:thatoneguyst...@gmail.com> >> To: af@afmug.com <mailto:af@afmug.com> >> Sent: Friday, May 13, 2016 11:35:10 AM >> Subject: [AFMUG] Upstream BGP Questionairre >> >> Im going to expose the breadth of my incompetence here, but there are some >> questions in this document I want to make sure im answering accurately >> >> 1. Are you the owner of the AS Number with RIR- This im assuming is our ARIN >> direct allocation? >> >> They are asking if you have a AS # assigned to you from ... (would be ARIN >> for North America). >> >> 2. Are you registered with an Internet Routing Registry? - Im not sure what >> this is, is this also ARIN or do I need to register something elsewhere? >> >> Routing Registry.... it is a way to build authorized prefixes from a >> DataBase... >> >> You can read up about it from here https://www.arin.net/resources/routing/ >> <https://www.arin.net/resources/routing/> >> >> Justin Wilson did a blog about it too... http://www.mtin.net/blog/?p=245 >> <http://www.mtin.net/blog/?p=245> >> >> and yes ARIN also provides a Routing Registry Service ... (along with a few >> others) >> >> >> 3. Which type of routes do you want to receive? - Full routes is what we >> want, but are there caveats in this answer I need to be prepared for? >> >> >> No Caveats, as long as your equipment is able to take full routes, then do >> so. >> >> >> 4. Do you have downstream ASNs? - I assume this would be customers with >> their own allocations? We currently do not, but do not want to close the >> door on that in the future. Is this something easily updated in the future? >> >> Answer this question in the Present.. (you don't have any so say no)... no >> future door is closed due to this... this is just info asked / collected for >> the upstream to be able to build their ACL filters.... (This is also a flag >> for them to collect your BGP LOA's as well as your Customers to you..) >> >> >> This becomes a mute topic, if you are versed in using the Routing Registry >> and maintaining your own Route Objects etc. >> >> >> 5. List all prefixes to be announced so that we can confirm the BGP ACL >> prior to activation: We only have a /22, but we do want the option down the >> road to pull /24 from one provider if need be. Would we list the /24s >> independently or the /22 as the aggregate? >> >> >> You want to ask them for the following:- >> >> >> xx.xx.xx.xx/22 please use the 'le 24' option with the filter. >> >> >> Note: this will have them build a filter that can accept larger prefixes >> between 24 - 22, so it is not a 'specific' filter... >> >> >> >> 6. MD5 Password: On this is it standard practice to use the same password >> with all providers or different ones? >> >> >> Your choice... either way.... no big deal, as long as you keep track of them. >> >> >> >> -- >> >> If you only see yourself as part of the team but you don't see your team as >> part of yourself you have already failed as part of the team. >> >> >> >> >> >> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team as >> part of yourself you have already failed as part of the team. >> >> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team as >> part of yourself you have already failed as part of the team. >