We do a cisco ip sla track to make sure BGP is up on the upstream facing interface for the static default to be valid.
> On May 16, 2016, at 9:04 AM, Faisal Imtiaz <fai...@snappytelecom.net> wrote: > > Interesting.... Carl, doing a manual static default route does not do the > trick for you ? > > Regards. > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 > > Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > > From: "Carl Peterson" <cpeter...@portnetworks.com> > To: af@afmug.com > Sent: Monday, May 16, 2016 10:42:35 AM > Subject: Re: [AFMUG] Upstream BGP Questionairre > For #3, I generally ask for full route + a default. The default is for > default information originate for OSPF. If there isn't a default in the > routing table, my edge router won't advertise a default to non-bgb ospf > peers. You don't want a static default in case the peer goes down. > > > On Mon, May 16, 2016 at 7:20 AM, Josh Baird <joshba...@gmail.com > <mailto:joshba...@gmail.com>> wrote: > Many providers refer to this as 'RTBH' (remotely triggered blackhole > filtering). > Josh > > On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm > <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote: > that request, lacking my fundamental understanding of the terminology, would > be phrased how? > > On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com > <mailto:joshba...@gmail.com>> wrote: > Yes, it requires your upstream to support a blackhole BGP community. This > allows you to advertise host routes (/32 or smaller) to them using a specific > BGP community when you want your ISP to drop all traffic for the prefix > before it reaches you. This is -very- useful for DDoS defense. > Josh > > On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm > <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote: > That requires something specific? > > On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com > <mailto:er...@northcentraltower.com>> wrote: > We have started requiring our upstreams to filter by ASN vs Netblock. We are > moving away from upstreams that do not utilize IRR Entries and require > intervention every time we want to make a change, but it is continuous for > us, so for most guys the one time setup is not a big deal, plus the upstream > has to be trusting enough that we will have the correct filtering on our end. > > Steve, I would add Blackhole BGP community or session to your list. > > Erich Kaiser > The Fusion Network > er...@gotfusion.net <mailto:er...@gotfusion.net> > Office: 630-621-4804 <tel:630-621-4804> > Cell: 630-777-9291 <tel:630-777-9291> > > On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org > <mailto:p...@paulstewart.org>> wrote: > Or, quite a number of carriers (especially in APAC, some carriers in Canada, > a few in the US, and definitely a large number in Europe) will say “do you > have an IRR entry at RADB?” and if you say yes then they will use the route > object information but if you say no then they will tell you to open a ticket > with their NOC each time you have a prefix to add/remove …. > > > I’m actually surprised by the number of transit providers that don’t’ support > automation via IRR > > > Paul > > > > From: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com>] On > Behalf Of Faisal Imtiaz > Sent: May 13, 2016 9:25 PM > To: af@afmug.com <mailto:af@afmug.com> > Subject: Re: [AFMUG] Upstream BGP Questionairre > > > Let me clarify this a bit more... > > > You are recommending that one creates it's own AS Object in the IRR..(aka > learns and manages their own RR entries) (it really does not matter which IRR > it is, at the end of the day they are all sort of synced, it is only a > question of who is maintaining it, and who can provide help to newbies). .. > BTW, I agree with this.. however .... > > > Cause at the end of the day, someone in the up-stream is very likely to > create the record for you, if it is needed by them... > > This is one of those things that most carriers find... "too much trouble to > teach vs just do it for that network !" > > > :) > > > Regards. > > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 <tel:305%20663%205518%20x%20232> > > Help-desk: (305)663-5518 <tel:%28305%29663-5518> Option 2 or Email: > supp...@snappytelecom.net <mailto:supp...@snappytelecom.net> > > From: "George Skorup" <geo...@cbcast.com <mailto:geo...@cbcast.com>> > To: af@afmug.com <mailto:af@afmug.com> > Sent: Friday, May 13, 2016 7:15:26 PM > Subject: Re: [AFMUG] Upstream BGP Questionairre > > I recommend adding your route or AS objects in ARIN's IRR. Merit RADb is not > free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway. > > On 5/13/2016 3:49 PM, Faisal Imtiaz wrote: > > See answers in-line below:- > > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 <tel:305%20663%205518%20x%20232> > > Help-desk: (305)663-5518 <tel:%28305%29663-5518> Option 2 or Email: > supp...@snappytelecom.net <mailto:supp...@snappytelecom.net> > > From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> > <mailto:thatoneguyst...@gmail.com> > To: af@afmug.com <mailto:af@afmug.com> > Sent: Friday, May 13, 2016 11:35:10 AM > Subject: [AFMUG] Upstream BGP Questionairre > > Im going to expose the breadth of my incompetence here, but there are some > questions in this document I want to make sure im answering accurately > > 1. Are you the owner of the AS Number with RIR- This im assuming is our ARIN > direct allocation? > > They are asking if you have a AS # assigned to you from ... (would be ARIN > for North America). > > 2. Are you registered with an Internet Routing Registry? - Im not sure what > this is, is this also ARIN or do I need to register something elsewhere? > > Routing Registry.... it is a way to build authorized prefixes from a > DataBase... > > You can read up about it from here https://www.arin.net/resources/routing/ > <https://www.arin.net/resources/routing/> > > Justin Wilson did a blog about it too... http://www.mtin.net/blog/?p=245 > <http://www.mtin.net/blog/?p=245> > > and yes ARIN also provides a Routing Registry Service ... (along with a few > others) > > > 3. Which type of routes do you want to receive? - Full routes is what we > want, but are there caveats in this answer I need to be prepared for? > > > No Caveats, as long as your equipment is able to take full routes, then do so. > > > 4. Do you have downstream ASNs? - I assume this would be customers with their > own allocations? We currently do not, but do not want to close the door on > that in the future. Is this something easily updated in the future? > > Answer this question in the Present.. (you don't have any so say no)... no > future door is closed due to this... this is just info asked / collected for > the upstream to be able to build their ACL filters.... (This is also a flag > for them to collect your BGP LOA's as well as your Customers to you..) > > > This becomes a mute topic, if you are versed in using the Routing Registry > and maintaining your own Route Objects etc. > > > 5. List all prefixes to be announced so that we can confirm the BGP ACL prior > to activation: We only have a /22, but we do want the option down the road to > pull /24 from one provider if need be. Would we list the /24s independently > or the /22 as the aggregate? > > > You want to ask them for the following:- > > > xx.xx.xx.xx/22 please use the 'le 24' option with the filter. > > > Note: this will have them build a filter that can accept larger prefixes > between 24 - 22, so it is not a 'specific' filter... > > > > 6. MD5 Password: On this is it standard practice to use the same password > with all providers or different ones? > > > Your choice... either way.... no big deal, as long as you keep track of them. > > > > -- > > If you only see yourself as part of the team but you don't see your team as > part of yourself you have already failed as part of the team. > > > > > > > > > -- > If you only see yourself as part of the team but you don't see your team as > part of yourself you have already failed as part of the team. > > > > > -- > > >
