Interesting.... Carl, doing a manual static default route does not do the trick for you ?
Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > From: "Carl Peterson" <cpeter...@portnetworks.com> > To: af@afmug.com > Sent: Monday, May 16, 2016 10:42:35 AM > Subject: Re: [AFMUG] Upstream BGP Questionairre > For #3, I generally ask for full route + a default. The default is for default > information originate for OSPF. If there isn't a default in the routing table, > my edge router won't advertise a default to non-bgb ospf peers. You don't want > a static default in case the peer goes down. > On Mon, May 16, 2016 at 7:20 AM, Josh Baird < joshba...@gmail.com > wrote: >> Many providers refer to this as 'RTBH' (remotely triggered blackhole >> filtering). >> Josh >> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm < >> thatoneguyst...@gmail.com > wrote: >>> that request, lacking my fundamental understanding of the terminology, >>> would be >>> phrased how? >>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird < joshba...@gmail.com > wrote: >>>> Yes, it requires your upstream to support a blackhole BGP community. This >>>> allows >>>> you to advertise host routes (/32 or smaller) to them using a specific BGP >>>> community when you want your ISP to drop all traffic for the prefix before >>>> it >>>> reaches you. This is -very- useful for DDoS defense. >>>> Josh >>>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < >>>> thatoneguyst...@gmail.com > wrote: >>>>> That requires something specific? >>>>> On May 14, 2016 7:33 AM, "Erich Kaiser" < er...@northcentraltower.com > >>>>> wrote: >>>>>> We have started requiring our upstreams to filter by ASN vs Netblock. We >>>>>> are >>>>>> moving away from upstreams that do not utilize IRR Entries and require >>>>>> intervention every time we want to make a change, but it is continuous >>>>>> for us, >>>>>> so for most guys the one time setup is not a big deal, plus the upstream >>>>>> has to >>>>>> be trusting enough that we will have the correct filtering on our end. >>>>>> Steve, I would add Blackhole BGP community or session to your list. >>>>>> Erich Kaiser >>>>>> The Fusion Network >>>>>> er...@gotfusion.net >>>>>> Office: 630-621-4804 >>>>>> Cell: 630-777-9291 >>>>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart < p...@paulstewart.org > >>>>>> wrote: >>>>>>> Or, quite a number of carriers (especially in APAC, some carriers in >>>>>>> Canada, a >>>>>>> few in the US, and definitely a large number in Europe) will say “do >>>>>>> you have >>>>>>> an IRR entry at RADB?” and if you say yes then they will use the route >>>>>>> object >>>>>>> information but if you say no then they will tell you to open a ticket >>>>>>> with >>>>>>> their NOC each time you have a prefix to add/remove …. >>>>>>> I’m actually surprised by the number of transit providers that don’t’ >>>>>>> support >>>>>>> automation via IRR >>>>>>> Paul >>>>>>> From: Af [mailto: af-boun...@afmug.com ] On Behalf Of Faisal Imtiaz >>>>>>> Sent: May 13, 2016 9:25 PM >>>>>>> To: af@afmug.com >>>>>>> Subject: Re: [AFMUG] Upstream BGP Questionairre >>>>>>> Let me clarify this a bit more... >>>>>>> You are recommending that one creates it's own AS Object in the >>>>>>> IRR..(aka learns >>>>>>> and manages their own RR entries) (it really does not matter which IRR >>>>>>> it is, >>>>>>> at the end of the day they are all sort of synced, it is only a >>>>>>> question of who >>>>>>> is maintaining it, and who can provide help to newbies). .. BTW, I >>>>>>> agree with >>>>>>> this.. however .... >>>>>>> Cause at the end of the day, someone in the up-stream is very likely to >>>>>>> create >>>>>>> the record for you, if it is needed by them... >>>>>>> This is one of those things that most carriers find... "too much >>>>>>> trouble to >>>>>>> teach vs just do it for that network !" >>>>>>> :) >>>>>>> Regards. >>>>>>> Faisal Imtiaz >>>>>>> Snappy Internet & Telecom >>>>>>> 7266 SW 48 Street >>>>>>> Miami, FL 33155 >>>>>>> Tel: 305 663 5518 x 232 >>>>>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>>>>>>> From: "George Skorup" < geo...@cbcast.com > >>>>>>>> To: af@afmug.com >>>>>>>> Sent: Friday, May 13, 2016 7:15:26 PM >>>>>>>> Subject: Re: [AFMUG] Upstream BGP Questionairre >>>>>>>> I recommend adding your route or AS objects in ARIN's IRR. Merit RADb >>>>>>>> is not >>>>>>>> free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway. >>>>>>>> On 5/13/2016 3:49 PM, Faisal Imtiaz wrote: >>>>>>>>> See answers in-line below:- >>>>>>>>> Faisal Imtiaz >>>>>>>>> Snappy Internet & Telecom >>>>>>>>> 7266 SW 48 Street >>>>>>>>> Miami, FL 33155 >>>>>>>>> Tel: 305 663 5518 x 232 >>>>>>>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>>>>>>>>> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> >>>>>>>>>> To: af@afmug.com >>>>>>>>>> Sent: Friday, May 13, 2016 11:35:10 AM >>>>>>>>>> Subject: [AFMUG] Upstream BGP Questionairre >>>>>>>>>> Im going to expose the breadth of my incompetence here, but there >>>>>>>>>> are some >>>>>>>>>> questions in this document I want to make sure im answering >>>>>>>>>> accurately >>>>>>>>>> 1. Are you the owner of the AS Number with RIR- This im assuming is >>>>>>>>>> our ARIN >>>>>>>>>> direct allocation? >>>>>>>>> They are asking if you have a AS # assigned to you from ... (would be >>>>>>>>> ARIN for >>>>>>>>> North America). >>>>>>>>>> 2. Are you registered with an Internet Routing Registry? - Im not >>>>>>>>>> sure what this >>>>>>>>>> is, is this also ARIN or do I need to register something elsewhere? >>>>>>>>> Routing Registry.... it is a way to build authorized prefixes from a >>>>>>>>> DataBase... >>>>>>>>> You can read up about it from here >>>>>>>>> https://www.arin.net/resources/routing/ >>>>>>>>> Justin Wilson did a blog about it too... >>>>>>>>> http://www.mtin.net/blog/?p=245 >>>>>>>>> and yes ARIN also provides a Routing Registry Service ... (along with >>>>>>>>> a few >>>>>>>>> others) >>>>>>>>>> 3. Which type of routes do you want to receive? - Full routes is >>>>>>>>>> what we want, >>>>>>>>>> but are there caveats in this answer I need to be prepared for? >>>>>>>>> No Caveats, as long as your equipment is able to take full routes, >>>>>>>>> then do so. >>>>>>>>>> 4. Do you have downstream ASNs? - I assume this would be customers >>>>>>>>>> with their >>>>>>>>>> own allocations? We currently do not, but do not want to close the >>>>>>>>>> door on that >>>>>>>>>> in the future. Is this something easily updated in the future? >>>>>>>>> Answer this question in the Present.. (you don't have any so say >>>>>>>>> no)... no >>>>>>>>> future door is closed due to this... this is just info asked / >>>>>>>>> collected for >>>>>>>>> the upstream to be able to build their ACL filters.... (This is also >>>>>>>>> a flag for >>>>>>>>> them to collect your BGP LOA's as well as your Customers to you..) >>>>>>>>> This becomes a mute topic, if you are versed in using the Routing >>>>>>>>> Registry and >>>>>>>>> maintaining your own Route Objects etc. >>>>>>>>>> 5. List all prefixes to be announced so that we can confirm the BGP >>>>>>>>>> ACL prior to >>>>>>>>>> activation: We only have a /22, but we do want the option down the >>>>>>>>>> road to pull >>>>>>>>>> /24 from one provider if need be. Would we list the /24s >>>>>>>>>> independently or the >>>>>>>>>> /22 as the aggregate? >>>>>>>>> You want to ask them for the following:- >>>>>>>>> xx.xx.xx.xx/22 please use the 'le 24' option with the filter. >>>>>>>>> Note: this will have them build a filter that can accept larger >>>>>>>>> prefixes between >>>>>>>>> 24 - 22, so it is not a 'specific' filter... >>>>>>>>>> 6. MD5 Password: On this is it standard practice to use the same >>>>>>>>>> password with >>>>>>>>>> all providers or different ones? >>>>>>>>> Your choice... either way.... no big deal, as long as you keep track >>>>>>>>> of them. >>>>>>>>>> -- >>>>>>>>>> If you only see yourself as part of the team but you don't see your >>>>>>>>>> team as part >>>>>>>>>> of yourself you have already failed as part of the team. >>> -- >>> If you only see yourself as part of the team but you don't see your team as >>> part >>> of yourself you have already failed as part of the team. > --
