Re: [AFMUG] Upstream BGP Questionairre
I'm glad it's hairs and not atoms. On Mon, May 16, 2016 at 7:33 PM, Faisal Imtiaz <fai...@snappytelecom.net> wrote: > Yeah, that was about the only thing I could come up with as being the most > practical reason (e.g. when doing bgp on a CCR etc). > but even then the logic validity of this as a solution to the problem is > questionable, however giving the appearance of a possible solution... I > will buy that .. > > But then again, I may be just splitting hairs... > > :) > > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 > > Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > > -- > > *From: *"Erich Kaiser" <er...@northcentraltower.com> > *To: *af@afmug.com > *Sent: *Monday, May 16, 2016 8:03:32 PM > *Subject: *Re: [AFMUG] Upstream BGP Questionairre > > Some people want default route and full routes because of route > propagation/population, this way if your session resets you at least can > get online right away. > > > Erich Kaiser > North Central Tower > er...@northcentraltower.com > Office: 630-621-4804 > Cell: 630-777-9291 > > > On Mon, May 16, 2016 at 11:03 AM, Faisal Imtiaz <fai...@snappytelecom.net> > wrote: > >> What I meant to ask is . >> >> Why get the default route via BGP from your Upstream... Why not set is >> statically (ip sla track, or monitor gateway etc). >> >> IF your bgp sessions goes down, then your prefixes are withdrawn anyway.. >> so I am not sure what that will cover you for.. >> >> In regards to OSPF redistributing default routes, I believe managing a >> statically done default route is easier and safer to inject and manage, vs >> one coming from your upstream. >> >> Faisal Imtiaz >> Snappy Internet & Telecom >> 7266 SW 48 Street >> Miami, FL 33155 >> Tel: 305 663 5518 x 232 >> >> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >> >> -- >> >> *From: *"Cassidy B. Larson" <c...@infowest.com> >> *To: *af@afmug.com >> *Sent: *Monday, May 16, 2016 11:18:16 AM >> *Subject: *Re: [AFMUG] Upstream BGP Questionairre >> >> We do a cisco ip sla track to make sure BGP is up on the upstream facing >> interface for the static default to be valid. >> >> On May 16, 2016, at 9:04 AM, Faisal Imtiaz <fai...@snappytelecom.net> >> wrote: >> Interesting Carl, doing a manual static default route does not do the >> trick for you ? >> >> Regards. >> >> Faisal Imtiaz >> Snappy Internet & Telecom >> 7266 SW 48 Street >> Miami, FL 33155 >> Tel: 305 663 5518 x 232 >> >> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >> <supp...@snappytelecom.net> >> >> -- >> >> *From: *"Carl Peterson" <cpeter...@portnetworks.com> >> *To: *af@afmug.com >> *Sent: *Monday, May 16, 2016 10:42:35 AM >> *Subject: *Re: [AFMUG] Upstream BGP Questionairre >> >> For #3, I generally ask for full route + a default. The default is for >> default information originate for OSPF. If there isn't a default in the >> routing table, my edge router won't advertise a default to non-bgb ospf >> peers. You don't want a static default in case the peer goes down. >> >> >> On Mon, May 16, 2016 at 7:20 AM, Josh Baird <joshba...@gmail.com> wrote: >> >>> Many providers refer to this as 'RTBH' (remotely triggered blackhole >>> filtering). >>> Josh >>> >>> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm < >>> thatoneguyst...@gmail.com> wrote: >>> >>>> that request, lacking my fundamental understanding of the terminology, >>>> would be phrased how? >>>> >>>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com> >>>> wrote: >>>> >>>>> Yes, it requires your upstream to support a blackhole BGP community. >>>>> This allows you to advertise host routes (/32 or smaller) to them using a >>>>> specific BGP community when you want your ISP to drop all traffic for the >>>>> prefix before it reaches you. This is -very- useful for DDoS defense. >>>>> Josh >>>>> >>>>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < >>>>> thatoneguyst...@gmail.com> wrote: >>>>&g
Re: [AFMUG] Upstream BGP Questionairre
Yeah, that was about the only thing I could come up with as being the most practical reason (e.g. when doing bgp on a CCR etc). but even then the logic validity of this as a solution to the problem is questionable, however giving the appearance of a possible solution... I will buy that .. But then again, I may be just splitting hairs... :) Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > From: "Erich Kaiser" <er...@northcentraltower.com> > To: af@afmug.com > Sent: Monday, May 16, 2016 8:03:32 PM > Subject: Re: [AFMUG] Upstream BGP Questionairre > Some people want default route and full routes because of route > propagation/population, this way if your session resets you at least can get > online right away. > Erich Kaiser > North Central Tower > er...@northcentraltower.com > Office: 630-621-4804 > Cell: 630-777-9291 > On Mon, May 16, 2016 at 11:03 AM, Faisal Imtiaz < fai...@snappytelecom.net > > wrote: >> What I meant to ask is . >> Why get the default route via BGP from your Upstream... Why not set is >> statically (ip sla track, or monitor gateway etc). >> IF your bgp sessions goes down, then your prefixes are withdrawn anyway.. so >> I >> am not sure what that will cover you for.. >> In regards to OSPF redistributing default routes, I believe managing a >> statically done default route is easier and safer to inject and manage, vs >> one >> coming from your upstream. >> Faisal Imtiaz >> Snappy Internet & Telecom >> 7266 SW 48 Street >> Miami, FL 33155 >> Tel: 305 663 5518 x 232 >> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>> From: "Cassidy B. Larson" < c...@infowest.com > >>> To: af@afmug.com >>> Sent: Monday, May 16, 2016 11:18:16 AM >>> Subject: Re: [AFMUG] Upstream BGP Questionairre >>> We do a cisco ip sla track to make sure BGP is up on the upstream facing >>> interface for the static default to be valid. >>>> On May 16, 2016, at 9:04 AM, Faisal Imtiaz < fai...@snappytelecom.net > >>>> wrote: >>>> Interesting Carl, doing a manual static default route does not do the >>>> trick >>>> for you ? >>>> Regards. >>>> Faisal Imtiaz >>>> Snappy Internet & Telecom >>>> 7266 SW 48 Street >>>> Miami, FL 33155 >>>> Tel: 305 663 5518 x 232 >>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>>>> From: "Carl Peterson" < cpeter...@portnetworks.com > >>>>> To: af@afmug.com >>>>> Sent: Monday, May 16, 2016 10:42:35 AM >>>>> Subject: Re: [AFMUG] Upstream BGP Questionairre >>>>> For #3, I generally ask for full route + a default. The default is for >>>>> default >>>>> information originate for OSPF. If there isn't a default in the routing >>>>> table, >>>>> my edge router won't advertise a default to non-bgb ospf peers. You don't >>>>> want >>>>> a static default in case the peer goes down. >>>>> On Mon, May 16, 2016 at 7:20 AM, Josh Baird < joshba...@gmail.com > wrote: >>>>>> Many providers refer to this as 'RTBH' (remotely triggered blackhole >>>>>> filtering). >>>>>> Josh >>>>>> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm < >>>>>> thatoneguyst...@gmail.com > wrote: >>>>>>> that request, lacking my fundamental understanding of the terminology, >>>>>>> would be >>>>>>> phrased how? >>>>>>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird < joshba...@gmail.com > >>>>>>> wrote: >>>>>>>> Yes, it requires your upstream to support a blackhole BGP community. >>>>>>>> This allows >>>>>>>> you to advertise host routes (/32 or smaller) to them using a specific >>>>>>>> BGP >>>>>>>> community when you want your ISP to drop all traffic for the prefix >>>>>>>> before it >>>>>>>> reaches you. This is -very- useful for DDoS defense. >>>>>>>> Josh >>>>>>>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < >>>>>>>> thatoneguyst...@gmail.com > wrote:
Re: [AFMUG] Upstream BGP Questionairre
Some people want default route and full routes because of route propagation/population, this way if your session resets you at least can get online right away. Erich Kaiser North Central Tower er...@northcentraltower.com Office: 630-621-4804 Cell: 630-777-9291 On Mon, May 16, 2016 at 11:03 AM, Faisal Imtiaz <fai...@snappytelecom.net> wrote: > What I meant to ask is . > > Why get the default route via BGP from your Upstream... Why not set is > statically (ip sla track, or monitor gateway etc). > > IF your bgp sessions goes down, then your prefixes are withdrawn anyway.. > so I am not sure what that will cover you for.. > > In regards to OSPF redistributing default routes, I believe managing a > statically done default route is easier and safer to inject and manage, vs > one coming from your upstream. > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 > > Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > > -- > > *From: *"Cassidy B. Larson" <c...@infowest.com> > *To: *af@afmug.com > *Sent: *Monday, May 16, 2016 11:18:16 AM > *Subject: *Re: [AFMUG] Upstream BGP Questionairre > > We do a cisco ip sla track to make sure BGP is up on the upstream facing > interface for the static default to be valid. > > On May 16, 2016, at 9:04 AM, Faisal Imtiaz <fai...@snappytelecom.net> > wrote: > Interesting Carl, doing a manual static default route does not do the > trick for you ? > > Regards. > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 > > Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > <supp...@snappytelecom.net> > > ---------- > > *From: *"Carl Peterson" <cpeter...@portnetworks.com> > *To: *af@afmug.com > *Sent: *Monday, May 16, 2016 10:42:35 AM > *Subject: *Re: [AFMUG] Upstream BGP Questionairre > > For #3, I generally ask for full route + a default. The default is for > default information originate for OSPF. If there isn't a default in the > routing table, my edge router won't advertise a default to non-bgb ospf > peers. You don't want a static default in case the peer goes down. > > > On Mon, May 16, 2016 at 7:20 AM, Josh Baird <joshba...@gmail.com> wrote: > >> Many providers refer to this as 'RTBH' (remotely triggered blackhole >> filtering). >> Josh >> >> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm < >> thatoneguyst...@gmail.com> wrote: >> >>> that request, lacking my fundamental understanding of the terminology, >>> would be phrased how? >>> >>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com> wrote: >>> >>>> Yes, it requires your upstream to support a blackhole BGP community. >>>> This allows you to advertise host routes (/32 or smaller) to them using a >>>> specific BGP community when you want your ISP to drop all traffic for the >>>> prefix before it reaches you. This is -very- useful for DDoS defense. >>>> Josh >>>> >>>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < >>>> thatoneguyst...@gmail.com> wrote: >>>> >>>>> That requires something specific? >>>>> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com> >>>>> wrote: >>>>> >>>>>> We have started requiring our upstreams to filter by ASN vs >>>>>> Netblock. We are moving away from upstreams that do not utilize IRR >>>>>> Entries and require intervention every time we want to make a change, but >>>>>> it is continuous for us, so for most guys the one time setup is not a big >>>>>> deal, plus the upstream has to be trusting enough that we will have the >>>>>> correct filtering on our end. >>>>>> >>>>>> Steve, I would add Blackhole BGP community or session to your list. >>>>>> >>>>>> Erich Kaiser >>>>>> The Fusion Network >>>>>> er...@gotfusion.net >>>>>> Office: 630-621-4804 >>>>>> Cell: 630-777-9291 >>>>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org> >>>>>> wrote: >>>>>> >>>>>>> Or, quite a number of carriers (especially in APAC, some carriers in >>>>>>> Canada, a few
Re: [AFMUG] Upstream BGP Questionairre
Of course it would work, but if I lose BGP I don't want to use it. Could do track, etc but getting a default is just an easy way to do it. Obviously we have multiple BGP peers, can't imagine just having one. On Mon, May 16, 2016 at 12:03 PM, Faisal Imtiaz <fai...@snappytelecom.net> wrote: > What I meant to ask is . > > Why get the default route via BGP from your Upstream... Why not set is > statically (ip sla track, or monitor gateway etc). > > IF your bgp sessions goes down, then your prefixes are withdrawn anyway.. > so I am not sure what that will cover you for.. > > In regards to OSPF redistributing default routes, I believe managing a > statically done default route is easier and safer to inject and manage, vs > one coming from your upstream. > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 > > Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > > -- > > *From: *"Cassidy B. Larson" <c...@infowest.com> > *To: *af@afmug.com > *Sent: *Monday, May 16, 2016 11:18:16 AM > *Subject: *Re: [AFMUG] Upstream BGP Questionairre > > We do a cisco ip sla track to make sure BGP is up on the upstream facing > interface for the static default to be valid. > > On May 16, 2016, at 9:04 AM, Faisal Imtiaz <fai...@snappytelecom.net> > wrote: > Interesting Carl, doing a manual static default route does not do the > trick for you ? > > Regards. > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 > > Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > <supp...@snappytelecom.net> > > ---------- > > *From: *"Carl Peterson" <cpeter...@portnetworks.com> > *To: *af@afmug.com > *Sent: *Monday, May 16, 2016 10:42:35 AM > *Subject: *Re: [AFMUG] Upstream BGP Questionairre > > For #3, I generally ask for full route + a default. The default is for > default information originate for OSPF. If there isn't a default in the > routing table, my edge router won't advertise a default to non-bgb ospf > peers. You don't want a static default in case the peer goes down. > > > On Mon, May 16, 2016 at 7:20 AM, Josh Baird <joshba...@gmail.com> wrote: > >> Many providers refer to this as 'RTBH' (remotely triggered blackhole >> filtering). >> Josh >> >> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm < >> thatoneguyst...@gmail.com> wrote: >> >>> that request, lacking my fundamental understanding of the terminology, >>> would be phrased how? >>> >>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com> wrote: >>> >>>> Yes, it requires your upstream to support a blackhole BGP community. >>>> This allows you to advertise host routes (/32 or smaller) to them using a >>>> specific BGP community when you want your ISP to drop all traffic for the >>>> prefix before it reaches you. This is -very- useful for DDoS defense. >>>> Josh >>>> >>>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < >>>> thatoneguyst...@gmail.com> wrote: >>>> >>>>> That requires something specific? >>>>> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com> >>>>> wrote: >>>>> >>>>>> We have started requiring our upstreams to filter by ASN vs >>>>>> Netblock. We are moving away from upstreams that do not utilize IRR >>>>>> Entries and require intervention every time we want to make a change, but >>>>>> it is continuous for us, so for most guys the one time setup is not a big >>>>>> deal, plus the upstream has to be trusting enough that we will have the >>>>>> correct filtering on our end. >>>>>> >>>>>> Steve, I would add Blackhole BGP community or session to your list. >>>>>> >>>>>> Erich Kaiser >>>>>> The Fusion Network >>>>>> er...@gotfusion.net >>>>>> Office: 630-621-4804 >>>>>> Cell: 630-777-9291 >>>>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org> >>>>>> wrote: >>>>>> >>>>>>> Or, quite a number of carriers (especially in APAC, some carriers in >>>>>>> Canada, a few in the US, and definitely a large number in Europe) will
Re: [AFMUG] Upstream BGP Questionairre
What I meant to ask is . Why get the default route via BGP from your Upstream... Why not set is statically (ip sla track, or monitor gateway etc). IF your bgp sessions goes down, then your prefixes are withdrawn anyway.. so I am not sure what that will cover you for.. In regards to OSPF redistributing default routes, I believe managing a statically done default route is easier and safer to inject and manage, vs one coming from your upstream. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > From: "Cassidy B. Larson" <c...@infowest.com> > To: af@afmug.com > Sent: Monday, May 16, 2016 11:18:16 AM > Subject: Re: [AFMUG] Upstream BGP Questionairre > We do a cisco ip sla track to make sure BGP is up on the upstream facing > interface for the static default to be valid. >> On May 16, 2016, at 9:04 AM, Faisal Imtiaz < fai...@snappytelecom.net > >> wrote: >> Interesting Carl, doing a manual static default route does not do the >> trick >> for you ? >> Regards. >> Faisal Imtiaz >> Snappy Internet & Telecom >> 7266 SW 48 Street >> Miami, FL 33155 >> Tel: 305 663 5518 x 232 >> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>> From: "Carl Peterson" < cpeter...@portnetworks.com > >>> To: af@afmug.com >>> Sent: Monday, May 16, 2016 10:42:35 AM >>> Subject: Re: [AFMUG] Upstream BGP Questionairre >>> For #3, I generally ask for full route + a default. The default is for >>> default >>> information originate for OSPF. If there isn't a default in the routing >>> table, >>> my edge router won't advertise a default to non-bgb ospf peers. You don't >>> want >>> a static default in case the peer goes down. >>> On Mon, May 16, 2016 at 7:20 AM, Josh Baird < joshba...@gmail.com > wrote: >>>> Many providers refer to this as 'RTBH' (remotely triggered blackhole >>>> filtering). >>>> Josh >>>> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm < >>>> thatoneguyst...@gmail.com > wrote: >>>>> that request, lacking my fundamental understanding of the terminology, >>>>> would be >>>>> phrased how? >>>>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird < joshba...@gmail.com > wrote: >>>>>> Yes, it requires your upstream to support a blackhole BGP community. >>>>>> This allows >>>>>> you to advertise host routes (/32 or smaller) to them using a specific >>>>>> BGP >>>>>> community when you want your ISP to drop all traffic for the prefix >>>>>> before it >>>>>> reaches you. This is -very- useful for DDoS defense. >>>>>> Josh >>>>>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < >>>>>> thatoneguyst...@gmail.com > wrote: >>>>>>> That requires something specific? >>>>>>> On May 14, 2016 7:33 AM, "Erich Kaiser" < er...@northcentraltower.com > >>>>>>> wrote: >>>>>>>> We have started requiring our upstreams to filter by ASN vs Netblock. >>>>>>>> We are >>>>>>>> moving away from upstreams that do not utilize IRR Entries and require >>>>>>>> intervention every time we want to make a change, but it is continuous >>>>>>>> for us, >>>>>>>> so for most guys the one time setup is not a big deal, plus the >>>>>>>> upstream has to >>>>>>>> be trusting enough that we will have the correct filtering on our end. >>>>>>>> Steve, I would add Blackhole BGP community or session to your list. >>>>>>>> Erich Kaiser >>>>>>>> The Fusion Network >>>>>>>> er...@gotfusion.net >>>>>>>> Office: 630-621-4804 >>>>>>>> Cell: 630-777-9291 >>>>>>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart < p...@paulstewart.org > >>>>>>>> wrote: >>>>>>>>> Or, quite a number of carriers (especially in APAC, some carriers in >>>>>>>>> Canada, a >>>>>>>>> few in the US, and definitely a large number in Europe) will say “do >>>>>>>>> you have >
Re: [AFMUG] Upstream BGP Questionairre
We do a cisco ip sla track to make sure BGP is up on the upstream facing interface for the static default to be valid. > On May 16, 2016, at 9:04 AM, Faisal Imtiaz <fai...@snappytelecom.net> wrote: > > Interesting Carl, doing a manual static default route does not do the > trick for you ? > > Regards. > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 > > Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > > From: "Carl Peterson" <cpeter...@portnetworks.com> > To: af@afmug.com > Sent: Monday, May 16, 2016 10:42:35 AM > Subject: Re: [AFMUG] Upstream BGP Questionairre > For #3, I generally ask for full route + a default. The default is for > default information originate for OSPF. If there isn't a default in the > routing table, my edge router won't advertise a default to non-bgb ospf > peers. You don't want a static default in case the peer goes down. > > > On Mon, May 16, 2016 at 7:20 AM, Josh Baird <joshba...@gmail.com > <mailto:joshba...@gmail.com>> wrote: > Many providers refer to this as 'RTBH' (remotely triggered blackhole > filtering). > Josh > > On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm > <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote: > that request, lacking my fundamental understanding of the terminology, would > be phrased how? > > On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com > <mailto:joshba...@gmail.com>> wrote: > Yes, it requires your upstream to support a blackhole BGP community. This > allows you to advertise host routes (/32 or smaller) to them using a specific > BGP community when you want your ISP to drop all traffic for the prefix > before it reaches you. This is -very- useful for DDoS defense. > Josh > > On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm > <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote: > That requires something specific? > > On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com > <mailto:er...@northcentraltower.com>> wrote: > We have started requiring our upstreams to filter by ASN vs Netblock. We are > moving away from upstreams that do not utilize IRR Entries and require > intervention every time we want to make a change, but it is continuous for > us, so for most guys the one time setup is not a big deal, plus the upstream > has to be trusting enough that we will have the correct filtering on our end. > > Steve, I would add Blackhole BGP community or session to your list. > > Erich Kaiser > The Fusion Network > er...@gotfusion.net <mailto:er...@gotfusion.net> > Office: 630-621-4804 > Cell: 630-777-9291 > > On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org > <mailto:p...@paulstewart.org>> wrote: > Or, quite a number of carriers (especially in APAC, some carriers in Canada, > a few in the US, and definitely a large number in Europe) will say “do you > have an IRR entry at RADB?” and if you say yes then they will use the route > object information but if you say no then they will tell you to open a ticket > with their NOC each time you have a prefix to add/remove …. > > > I’m actually surprised by the number of transit providers that don’t’ support > automation via IRR > > > Paul > > > > From: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com>] On > Behalf Of Faisal Imtiaz > Sent: May 13, 2016 9:25 PM > To: af@afmug.com <mailto:af@afmug.com> > Subject: Re: [AFMUG] Upstream BGP Questionairre > > > Let me clarify this a bit more... > > > You are recommending that one creates it's own AS Object in the IRR..(aka > learns and manages their own RR entries) (it really does not matter which IRR > it is, at the end of the day they are all sort of synced, it is only a > question of who is maintaining it, and who can provide help to newbies). .. > BTW, I agree with this.. however > > > Cause at the end of the day, someone in the up-stream is very likely to > create the record for you, if it is needed by them... > > This is one of those things that most carriers find... "too much trouble to > teach vs just do it for that network !" > > > :) > > > Regards. > > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 <tel:305%20663%205518%20x%20232> > > Help-desk: (305)663-5518 <tel:%28305%29663-5518> Option 2 or Email: > supp...@snappytelec
Re: [AFMUG] Upstream BGP Questionairre
Interesting Carl, doing a manual static default route does not do the trick for you ? Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > From: "Carl Peterson" <cpeter...@portnetworks.com> > To: af@afmug.com > Sent: Monday, May 16, 2016 10:42:35 AM > Subject: Re: [AFMUG] Upstream BGP Questionairre > For #3, I generally ask for full route + a default. The default is for default > information originate for OSPF. If there isn't a default in the routing table, > my edge router won't advertise a default to non-bgb ospf peers. You don't want > a static default in case the peer goes down. > On Mon, May 16, 2016 at 7:20 AM, Josh Baird < joshba...@gmail.com > wrote: >> Many providers refer to this as 'RTBH' (remotely triggered blackhole >> filtering). >> Josh >> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm < >> thatoneguyst...@gmail.com > wrote: >>> that request, lacking my fundamental understanding of the terminology, >>> would be >>> phrased how? >>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird < joshba...@gmail.com > wrote: >>>> Yes, it requires your upstream to support a blackhole BGP community. This >>>> allows >>>> you to advertise host routes (/32 or smaller) to them using a specific BGP >>>> community when you want your ISP to drop all traffic for the prefix before >>>> it >>>> reaches you. This is -very- useful for DDoS defense. >>>> Josh >>>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < >>>> thatoneguyst...@gmail.com > wrote: >>>>> That requires something specific? >>>>> On May 14, 2016 7:33 AM, "Erich Kaiser" < er...@northcentraltower.com > >>>>> wrote: >>>>>> We have started requiring our upstreams to filter by ASN vs Netblock. We >>>>>> are >>>>>> moving away from upstreams that do not utilize IRR Entries and require >>>>>> intervention every time we want to make a change, but it is continuous >>>>>> for us, >>>>>> so for most guys the one time setup is not a big deal, plus the upstream >>>>>> has to >>>>>> be trusting enough that we will have the correct filtering on our end. >>>>>> Steve, I would add Blackhole BGP community or session to your list. >>>>>> Erich Kaiser >>>>>> The Fusion Network >>>>>> er...@gotfusion.net >>>>>> Office: 630-621-4804 >>>>>> Cell: 630-777-9291 >>>>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart < p...@paulstewart.org > >>>>>> wrote: >>>>>>> Or, quite a number of carriers (especially in APAC, some carriers in >>>>>>> Canada, a >>>>>>> few in the US, and definitely a large number in Europe) will say “do >>>>>>> you have >>>>>>> an IRR entry at RADB?” and if you say yes then they will use the route >>>>>>> object >>>>>>> information but if you say no then they will tell you to open a ticket >>>>>>> with >>>>>>> their NOC each time you have a prefix to add/remove …. >>>>>>> I’m actually surprised by the number of transit providers that don’t’ >>>>>>> support >>>>>>> automation via IRR >>>>>>> Paul >>>>>>> From: Af [mailto: af-boun...@afmug.com ] On Behalf Of Faisal Imtiaz >>>>>>> Sent: May 13, 2016 9:25 PM >>>>>>> To: af@afmug.com >>>>>>> Subject: Re: [AFMUG] Upstream BGP Questionairre >>>>>>> Let me clarify this a bit more... >>>>>>> You are recommending that one creates it's own AS Object in the >>>>>>> IRR..(aka learns >>>>>>> and manages their own RR entries) (it really does not matter which IRR >>>>>>> it is, >>>>>>> at the end of the day they are all sort of synced, it is only a >>>>>>> question of who >>>>>>> is maintaining it, and who can provide help to newbies). .. BTW, I >>>>>>> agree with >>>>>>> this.. however >>>>>>> Cause at the end of the day, someone in the up-stream is very
Re: [AFMUG] Upstream BGP Questionairre
For #3, I generally ask for full route + a default. The default is for default information originate for OSPF. If there isn't a default in the routing table, my edge router won't advertise a default to non-bgb ospf peers. You don't want a static default in case the peer goes down. On Mon, May 16, 2016 at 7:20 AM, Josh Baird <joshba...@gmail.com> wrote: > Many providers refer to this as 'RTBH' (remotely triggered blackhole > filtering). > > Josh > > On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm < > thatoneguyst...@gmail.com> wrote: > >> that request, lacking my fundamental understanding of the terminology, >> would be phrased how? >> >> On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com> wrote: >> >>> Yes, it requires your upstream to support a blackhole BGP community. >>> This allows you to advertise host routes (/32 or smaller) to them using a >>> specific BGP community when you want your ISP to drop all traffic for the >>> prefix before it reaches you. This is -very- useful for DDoS defense. >>> >>> Josh >>> >>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < >>> thatoneguyst...@gmail.com> wrote: >>> >>>> That requires something specific? >>>> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com> >>>> wrote: >>>> >>>>> We have started requiring our upstreams to filter by ASN vs Netblock. >>>>> We are moving away from upstreams that do not utilize IRR Entries and >>>>> require intervention every time we want to make a change, but it is >>>>> continuous for us, so for most guys the one time setup is not a big deal, >>>>> plus the upstream has to be trusting enough that we will have the correct >>>>> filtering on our end. >>>>> >>>>> Steve, I would add Blackhole BGP community or session to your list. >>>>> >>>>> Erich Kaiser >>>>> The Fusion Network >>>>> er...@gotfusion.net >>>>> Office: 630-621-4804 >>>>> Cell: 630-777-9291 >>>>> >>>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org> >>>>> wrote: >>>>> >>>>>> Or, quite a number of carriers (especially in APAC, some carriers in >>>>>> Canada, a few in the US, and definitely a large number in Europe) will >>>>>> say >>>>>> “do you have an IRR entry at RADB?” and if you say yes then they will use >>>>>> the route object information but if you say no then they will tell you to >>>>>> open a ticket with their NOC each time you have a prefix to add/remove …. >>>>>> >>>>>> >>>>>> >>>>>> I’m actually surprised by the number of transit providers that don’t’ >>>>>> support automation via IRR >>>>>> >>>>>> >>>>>> >>>>>> Paul >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Faisal Imtiaz >>>>>> *Sent:* May 13, 2016 9:25 PM >>>>>> *To:* af@afmug.com >>>>>> *Subject:* Re: [AFMUG] Upstream BGP Questionairre >>>>>> >>>>>> >>>>>> >>>>>> Let me clarify this a bit more... >>>>>> >>>>>> >>>>>> >>>>>> You are recommending that one creates it's own AS Object in the >>>>>> IRR..(aka learns and manages their own RR entries) (it really does not >>>>>> matter which IRR it is, at the end of the day they are all sort of >>>>>> synced, >>>>>> it is only a question of who is maintaining it, and who can provide help >>>>>> to >>>>>> newbies). .. BTW, I agree with this.. however >>>>>> >>>>>> >>>>>> >>>>>> Cause at the end of the day, someone in the up-stream is very likely >>>>>> to create the record for you, if it is needed by them... >>>>>> >>>>>> This is one of those things that most carriers find... "too much >>>>>> trouble to teach vs just do it for that network !" >>>>>> >>>>>> >>
Re: [AFMUG] Upstream BGP Questionairre
Many providers refer to this as 'RTBH' (remotely triggered blackhole filtering). Josh On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm < thatoneguyst...@gmail.com> wrote: > that request, lacking my fundamental understanding of the terminology, > would be phrased how? > > On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com> wrote: > >> Yes, it requires your upstream to support a blackhole BGP community. >> This allows you to advertise host routes (/32 or smaller) to them using a >> specific BGP community when you want your ISP to drop all traffic for the >> prefix before it reaches you. This is -very- useful for DDoS defense. >> >> Josh >> >> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < >> thatoneguyst...@gmail.com> wrote: >> >>> That requires something specific? >>> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com> >>> wrote: >>> >>>> We have started requiring our upstreams to filter by ASN vs Netblock. >>>> We are moving away from upstreams that do not utilize IRR Entries and >>>> require intervention every time we want to make a change, but it is >>>> continuous for us, so for most guys the one time setup is not a big deal, >>>> plus the upstream has to be trusting enough that we will have the correct >>>> filtering on our end. >>>> >>>> Steve, I would add Blackhole BGP community or session to your list. >>>> >>>> Erich Kaiser >>>> The Fusion Network >>>> er...@gotfusion.net >>>> Office: 630-621-4804 >>>> Cell: 630-777-9291 >>>> >>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org> >>>> wrote: >>>> >>>>> Or, quite a number of carriers (especially in APAC, some carriers in >>>>> Canada, a few in the US, and definitely a large number in Europe) will say >>>>> “do you have an IRR entry at RADB?” and if you say yes then they will use >>>>> the route object information but if you say no then they will tell you to >>>>> open a ticket with their NOC each time you have a prefix to add/remove …. >>>>> >>>>> >>>>> >>>>> I’m actually surprised by the number of transit providers that don’t’ >>>>> support automation via IRR >>>>> >>>>> >>>>> >>>>> Paul >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Faisal Imtiaz >>>>> *Sent:* May 13, 2016 9:25 PM >>>>> *To:* af@afmug.com >>>>> *Subject:* Re: [AFMUG] Upstream BGP Questionairre >>>>> >>>>> >>>>> >>>>> Let me clarify this a bit more... >>>>> >>>>> >>>>> >>>>> You are recommending that one creates it's own AS Object in the >>>>> IRR..(aka learns and manages their own RR entries) (it really does not >>>>> matter which IRR it is, at the end of the day they are all sort of synced, >>>>> it is only a question of who is maintaining it, and who can provide help >>>>> to >>>>> newbies). .. BTW, I agree with this.. however >>>>> >>>>> >>>>> >>>>> Cause at the end of the day, someone in the up-stream is very likely >>>>> to create the record for you, if it is needed by them... >>>>> >>>>> This is one of those things that most carriers find... "too much >>>>> trouble to teach vs just do it for that network !" >>>>> >>>>> >>>>> >>>>> :) >>>>> >>>>> >>>>> >>>>> Regards. >>>>> >>>>> >>>>> >>>>> Faisal Imtiaz >>>>> Snappy Internet & Telecom >>>>> 7266 SW 48 Street >>>>> Miami, FL 33155 >>>>> Tel: 305 663 5518 x 232 >>>>> >>>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>>>> >>>>> >>>>> -- >>>>> >>>>> *From: *"George Skorup" <geo...@cbcast.com> >>>>> *To: *af@afmug.com >>>>> *Sent: *Friday, May 13, 20
Re: [AFMUG] Upstream BGP Questionairre
I wish more upstreams auto-generated their prefix and as-path filters automatically from registry records. I hate submitting tickets for something that could be automated on their end :). > On May 15, 2016, at 10:02 PM, Justin Wilson <li...@mtin.net> wrote: > > I did a blog post awhile back on routing registries: > > http://www.mtin.net/blog/?p=245 <http://www.mtin.net/blog/?p=245> > > > Justin Wilson > j...@mtin.net <mailto:j...@mtin.net> > > --- > http://www.mtin.net <http://www.mtin.net/> Owner/CEO > xISP Solutions- Consulting – Data Centers - Bandwidth > > http://www.midwest-ix.com <http://www.midwest-ix.com/> COO/Chairman > Internet Exchange - Peering - Distributed Fabric > >> On May 15, 2016, at 11:18 PM, That One Guy /sarcasm >> <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote: >> >> I am glad someone brought this up, i assumed this was a part in parcel thing >> with BGP. I know one of our upstreams this wont be an issue with. The other, >> well I have had to talk them through configuring things. I am beginning to >> think I made a mistake in not learning anything BGP. I thought it was best >> that way so I wouldnt screw shit up. but as we are getting closer to D day, >> I see, we are going to end up fucked for a period. and not that happy " I >> love you baby" f*%#ed. more along the lines of " did we start with a condom? >> Cause there isnt a condom" f*&^%d. >> >> On Sun, May 15, 2016 at 10:10 PM, Faisal Imtiaz <fai...@snappytelecom.net >> <mailto:fai...@snappytelecom.net>> wrote: >> There is a bit of if and but invovled here... >> >> having said that the best way is to ask the basic question, to your >> upstream:- >> >> A) Do you support Blackhole Community ? >> >> B) If yes, what is it ? and is there any setup / configuration required for >> my bgp session ? >> >> == >> If you are dealing with a named upstream, you can find a lot of their >> communities listed here >> >> http://onestep.net/communities/ <http://onestep.net/communities/> >> >> == >> >> >> Regards >> >> Faisal Imtiaz >> Snappy Internet & Telecom >> 7266 SW 48 Street >> Miami, FL 33155 >> Tel: 305 663 5518 x 232 <tel:305%20663%205518%20x%20232> >> >> Help-desk: (305)663-5518 <tel:%28305%29663-5518> Option 2 or Email: >> supp...@snappytelecom.net <mailto:supp...@snappytelecom.net> >> >> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com >> <mailto:thatoneguyst...@gmail.com>> >> To: af@afmug.com <mailto:af@afmug.com> >> Sent: Sunday, May 15, 2016 10:21:44 PM >> Subject: Re: [AFMUG] Upstream BGP Questionairre >> that request, lacking my fundamental understanding of the terminology, would >> be phrased how? >> >> On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com >> <mailto:joshba...@gmail.com>> wrote: >> Yes, it requires your upstream to support a blackhole BGP community. This >> allows you to advertise host routes (/32 or smaller) to them using a >> specific BGP community when you want your ISP to drop all traffic for the >> prefix before it reaches you. This is -very- useful for DDoS defense. >> Josh >> >> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm >> <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote: >> That requires something specific? >> >> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com >> <mailto:er...@northcentraltower.com>> wrote: >> We have started requiring our upstreams to filter by ASN vs Netblock. We >> are moving away from upstreams that do not utilize IRR Entries and require >> intervention every time we want to make a change, but it is continuous for >> us, so for most guys the one time setup is not a big deal, plus the upstream >> has to be trusting enough that we will have the correct filtering on our end. >> >> Steve, I would add Blackhole BGP community or session to your list. >> >> Erich Kaiser >> The Fusion Network >> er...@gotfusion.net <mailto:er...@gotfusion.net> >> Office: 630-621-4804 >> Cell: 630-777-9291 >> >> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org >> <mailto:p...@paulstewart.org>> wrote: >> Or, quite a number of carriers (especially in APAC, some car
Re: [AFMUG] Upstream BGP Questionairre
I did a blog post awhile back on routing registries: http://www.mtin.net/blog/?p=245 <http://www.mtin.net/blog/?p=245> Justin Wilson j...@mtin.net --- http://www.mtin.net Owner/CEO xISP Solutions- Consulting – Data Centers - Bandwidth http://www.midwest-ix.com COO/Chairman Internet Exchange - Peering - Distributed Fabric > On May 15, 2016, at 11:18 PM, That One Guy /sarcasm > <thatoneguyst...@gmail.com> wrote: > > I am glad someone brought this up, i assumed this was a part in parcel thing > with BGP. I know one of our upstreams this wont be an issue with. The other, > well I have had to talk them through configuring things. I am beginning to > think I made a mistake in not learning anything BGP. I thought it was best > that way so I wouldnt screw shit up. but as we are getting closer to D day, I > see, we are going to end up fucked for a period. and not that happy " I love > you baby" f*%#ed. more along the lines of " did we start with a condom? Cause > there isnt a condom" f*&^%d. > > On Sun, May 15, 2016 at 10:10 PM, Faisal Imtiaz <fai...@snappytelecom.net > <mailto:fai...@snappytelecom.net>> wrote: > There is a bit of if and but invovled here... > > having said that the best way is to ask the basic question, to your upstream:- > > A) Do you support Blackhole Community ? > > B) If yes, what is it ? and is there any setup / configuration required for > my bgp session ? > > == > If you are dealing with a named upstream, you can find a lot of their > communities listed here > > http://onestep.net/communities/ <http://onestep.net/communities/> > > == > > > Regards > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 <tel:305%20663%205518%20x%20232> > > Help-desk: (305)663-5518 <tel:%28305%29663-5518> Option 2 or Email: > supp...@snappytelecom.net > > From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com > <mailto:thatoneguyst...@gmail.com>> > To: af@afmug.com <mailto:af@afmug.com> > Sent: Sunday, May 15, 2016 10:21:44 PM > Subject: Re: [AFMUG] Upstream BGP Questionairre > that request, lacking my fundamental understanding of the terminology, would > be phrased how? > > On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com > <mailto:joshba...@gmail.com>> wrote: > Yes, it requires your upstream to support a blackhole BGP community. This > allows you to advertise host routes (/32 or smaller) to them using a specific > BGP community when you want your ISP to drop all traffic for the prefix > before it reaches you. This is -very- useful for DDoS defense. > Josh > > On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm > <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote: > That requires something specific? > > On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com > <mailto:er...@northcentraltower.com>> wrote: > We have started requiring our upstreams to filter by ASN vs Netblock. We are > moving away from upstreams that do not utilize IRR Entries and require > intervention every time we want to make a change, but it is continuous for > us, so for most guys the one time setup is not a big deal, plus the upstream > has to be trusting enough that we will have the correct filtering on our end. > > Steve, I would add Blackhole BGP community or session to your list. > > Erich Kaiser > The Fusion Network > er...@gotfusion.net <mailto:er...@gotfusion.net> > Office: 630-621-4804 > Cell: 630-777-9291 > > On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org > <mailto:p...@paulstewart.org>> wrote: > Or, quite a number of carriers (especially in APAC, some carriers in Canada, > a few in the US, and definitely a large number in Europe) will say “do you > have an IRR entry at RADB?” and if you say yes then they will use the route > object information but if you say no then they will tell you to open a ticket > with their NOC each time you have a prefix to add/remove …. > > > I’m actually surprised by the number of transit providers that don’t’ support > automation via IRR > > > Paul > > > > From: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com>] On > Behalf Of Faisal Imtiaz > Sent: May 13, 2016 9:25 PM > To: af@afmug.com <mailto:af@afmug.com> > Subject: Re: [AFMUG] Upstream BGP Questionairre > > > Let me clarify this a bit more... > > > You are recommending that one creates it's own AS Object in t
Re: [AFMUG] Upstream BGP Questionairre
I am glad someone brought this up, i assumed this was a part in parcel thing with BGP. I know one of our upstreams this wont be an issue with. The other, well I have had to talk them through configuring things. I am beginning to think I made a mistake in not learning anything BGP. I thought it was best that way so I wouldnt screw shit up. but as we are getting closer to D day, I see, we are going to end up fucked for a period. and not that happy " I love you baby" f*%#ed. more along the lines of " did we start with a condom? Cause there isnt a condom" f*&^%d. On Sun, May 15, 2016 at 10:10 PM, Faisal Imtiaz <fai...@snappytelecom.net> wrote: > There is a bit of if and but invovled here... > > having said that the best way is to ask the basic question, to your > upstream:- > > A) Do you support Blackhole Community ? > > B) If yes, what is it ? and is there any setup / configuration required > for my bgp session ? > > == > If you are dealing with a named upstream, you can find a lot of their > communities listed here > > http://onestep.net/communities/ > > == > > > Regards > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 > > Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > > -- > > *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com> > *To: *af@afmug.com > *Sent: *Sunday, May 15, 2016 10:21:44 PM > *Subject: *Re: [AFMUG] Upstream BGP Questionairre > > that request, lacking my fundamental understanding of the terminology, > would be phrased how? > > On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com> wrote: > >> Yes, it requires your upstream to support a blackhole BGP community. >> This allows you to advertise host routes (/32 or smaller) to them using a >> specific BGP community when you want your ISP to drop all traffic for the >> prefix before it reaches you. This is -very- useful for DDoS defense. >> Josh >> >> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < >> thatoneguyst...@gmail.com> wrote: >> >>> That requires something specific? >>> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com> >>> wrote: >>> >>>> We have started requiring our upstreams to filter by ASN vs Netblock. >>>> We are moving away from upstreams that do not utilize IRR Entries and >>>> require intervention every time we want to make a change, but it is >>>> continuous for us, so for most guys the one time setup is not a big deal, >>>> plus the upstream has to be trusting enough that we will have the correct >>>> filtering on our end. >>>> >>>> Steve, I would add Blackhole BGP community or session to your list. >>>> >>>> Erich Kaiser >>>> The Fusion Network >>>> er...@gotfusion.net >>>> Office: 630-621-4804 >>>> Cell: 630-777-9291 >>>> >>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org> >>>> wrote: >>>> >>>>> Or, quite a number of carriers (especially in APAC, some carriers in >>>>> Canada, a few in the US, and definitely a large number in Europe) will say >>>>> “do you have an IRR entry at RADB?” and if you say yes then they will use >>>>> the route object information but if you say no then they will tell you to >>>>> open a ticket with their NOC each time you have a prefix to add/remove …. >>>>> >>>>> >>>>> >>>>> I’m actually surprised by the number of transit providers that don’t’ >>>>> support automation via IRR >>>>> >>>>> >>>>> >>>>> Paul >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Faisal Imtiaz >>>>> *Sent:* May 13, 2016 9:25 PM >>>>> *To:* af@afmug.com >>>>> *Subject:* Re: [AFMUG] Upstream BGP Questionairre >>>>> >>>>> >>>>> >>>>> Let me clarify this a bit more... >>>>> >>>>> >>>>> >>>>> You are recommending that one creates it's own AS Object in the >>>>> IRR..(aka learns and manages their own RR entries) (it really does not >>>>> matter which IRR it is, at the end of the day
Re: [AFMUG] Upstream BGP Questionairre
There is a bit of if and but invovled here... having said that the best way is to ask the basic question, to your upstream:- A) Do you support Blackhole Community ? B) If yes, what is it ? and is there any setup / configuration required for my bgp session ? == If you are dealing with a named upstream, you can find a lot of their communities listed here http://onestep.net/communities/ == Regards Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> > To: af@afmug.com > Sent: Sunday, May 15, 2016 10:21:44 PM > Subject: Re: [AFMUG] Upstream BGP Questionairre > that request, lacking my fundamental understanding of the terminology, would > be > phrased how? > On Sat, May 14, 2016 at 5:56 PM, Josh Baird < joshba...@gmail.com > wrote: >> Yes, it requires your upstream to support a blackhole BGP community. This >> allows >> you to advertise host routes (/32 or smaller) to them using a specific BGP >> community when you want your ISP to drop all traffic for the prefix before it >> reaches you. This is -very- useful for DDoS defense. >> Josh >> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < >> thatoneguyst...@gmail.com > wrote: >>> That requires something specific? >>> On May 14, 2016 7:33 AM, "Erich Kaiser" < er...@northcentraltower.com > >>> wrote: >>>> We have started requiring our upstreams to filter by ASN vs Netblock. We >>>> are >>>> moving away from upstreams that do not utilize IRR Entries and require >>>> intervention every time we want to make a change, but it is continuous for >>>> us, >>>> so for most guys the one time setup is not a big deal, plus the upstream >>>> has to >>>> be trusting enough that we will have the correct filtering on our end. >>>> Steve, I would add Blackhole BGP community or session to your list. >>>> Erich Kaiser >>>> The Fusion Network >>>> er...@gotfusion.net >>>> Office: 630-621-4804 >>>> Cell: 630-777-9291 >>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart < p...@paulstewart.org > >>>> wrote: >>>>> Or, quite a number of carriers (especially in APAC, some carriers in >>>>> Canada, a >>>>> few in the US, and definitely a large number in Europe) will say “do you >>>>> have >>>>> an IRR entry at RADB?” and if you say yes then they will use the route >>>>> object >>>>> information but if you say no then they will tell you to open a ticket >>>>> with >>>>> their NOC each time you have a prefix to add/remove …. >>>>> I’m actually surprised by the number of transit providers that don’t’ >>>>> support >>>>> automation via IRR >>>>> Paul >>>>> From: Af [mailto: af-boun...@afmug.com ] On Behalf Of Faisal Imtiaz >>>>> Sent: May 13, 2016 9:25 PM >>>>> To: af@afmug.com >>>>> Subject: Re: [AFMUG] Upstream BGP Questionairre >>>>> Let me clarify this a bit more... >>>>> You are recommending that one creates it's own AS Object in the IRR..(aka >>>>> learns >>>>> and manages their own RR entries) (it really does not matter which IRR it >>>>> is, >>>>> at the end of the day they are all sort of synced, it is only a question >>>>> of who >>>>> is maintaining it, and who can provide help to newbies). .. BTW, I agree >>>>> with >>>>> this.. however >>>>> Cause at the end of the day, someone in the up-stream is very likely to >>>>> create >>>>> the record for you, if it is needed by them... >>>>> This is one of those things that most carriers find... "too much trouble >>>>> to >>>>> teach vs just do it for that network !" >>>>> :) >>>>> Regards. >>>>> Faisal Imtiaz >>>>> Snappy Internet & Telecom >>>>> 7266 SW 48 Street >>>>> Miami, FL 33155 >>>>> Tel: 305 663 5518 x 232 >>>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>>>>> From: "George Skorup" < geo...@cbcast.com > >>>>>> To: a
Re: [AFMUG] Upstream BGP Questionairre
that request, lacking my fundamental understanding of the terminology, would be phrased how? On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com> wrote: > Yes, it requires your upstream to support a blackhole BGP community. This > allows you to advertise host routes (/32 or smaller) to them using a > specific BGP community when you want your ISP to drop all traffic for the > prefix before it reaches you. This is -very- useful for DDoS defense. > > Josh > > On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < > thatoneguyst...@gmail.com> wrote: > >> That requires something specific? >> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com> >> wrote: >> >>> We have started requiring our upstreams to filter by ASN vs Netblock. >>> We are moving away from upstreams that do not utilize IRR Entries and >>> require intervention every time we want to make a change, but it is >>> continuous for us, so for most guys the one time setup is not a big deal, >>> plus the upstream has to be trusting enough that we will have the correct >>> filtering on our end. >>> >>> Steve, I would add Blackhole BGP community or session to your list. >>> >>> Erich Kaiser >>> The Fusion Network >>> er...@gotfusion.net >>> Office: 630-621-4804 >>> Cell: 630-777-9291 >>> >>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org> >>> wrote: >>> >>>> Or, quite a number of carriers (especially in APAC, some carriers in >>>> Canada, a few in the US, and definitely a large number in Europe) will say >>>> “do you have an IRR entry at RADB?” and if you say yes then they will use >>>> the route object information but if you say no then they will tell you to >>>> open a ticket with their NOC each time you have a prefix to add/remove …. >>>> >>>> >>>> >>>> I’m actually surprised by the number of transit providers that don’t’ >>>> support automation via IRR >>>> >>>> >>>> >>>> Paul >>>> >>>> >>>> >>>> >>>> >>>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Faisal Imtiaz >>>> *Sent:* May 13, 2016 9:25 PM >>>> *To:* af@afmug.com >>>> *Subject:* Re: [AFMUG] Upstream BGP Questionairre >>>> >>>> >>>> >>>> Let me clarify this a bit more... >>>> >>>> >>>> >>>> You are recommending that one creates it's own AS Object in the >>>> IRR..(aka learns and manages their own RR entries) (it really does not >>>> matter which IRR it is, at the end of the day they are all sort of synced, >>>> it is only a question of who is maintaining it, and who can provide help to >>>> newbies). .. BTW, I agree with this.. however >>>> >>>> >>>> >>>> Cause at the end of the day, someone in the up-stream is very likely to >>>> create the record for you, if it is needed by them... >>>> >>>> This is one of those things that most carriers find... "too much >>>> trouble to teach vs just do it for that network !" >>>> >>>> >>>> >>>> :) >>>> >>>> >>>> >>>> Regards. >>>> >>>> >>>> >>>> Faisal Imtiaz >>>> Snappy Internet & Telecom >>>> 7266 SW 48 Street >>>> Miami, FL 33155 >>>> Tel: 305 663 5518 x 232 >>>> >>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>>> >>>> >>>> -- >>>> >>>> *From: *"George Skorup" <geo...@cbcast.com> >>>> *To: *af@afmug.com >>>> *Sent: *Friday, May 13, 2016 7:15:26 PM >>>> *Subject: *Re: [AFMUG] Upstream BGP Questionairre >>>> >>>> I recommend adding your route or AS objects in ARIN's IRR. Merit RADb >>>> is not free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway. >>>> >>>> On 5/13/2016 3:49 PM, Faisal Imtiaz wrote: >>>> >>>> See answers in-line below:- >>>> >>>> >>>> >>>> Faisal Imtiaz >>>> Snappy Internet & Telecom >>>> 7266 SW 48 Street >>>> Miami, FL 33155 >>>&
Re: [AFMUG] Upstream BGP Questionairre
Yes, it requires your upstream to support a blackhole BGP community. This allows you to advertise host routes (/32 or smaller) to them using a specific BGP community when you want your ISP to drop all traffic for the prefix before it reaches you. This is -very- useful for DDoS defense. Josh On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < thatoneguyst...@gmail.com> wrote: > That requires something specific? > On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com> > wrote: > >> We have started requiring our upstreams to filter by ASN vs Netblock. We >> are moving away from upstreams that do not utilize IRR Entries and require >> intervention every time we want to make a change, but it is continuous for >> us, so for most guys the one time setup is not a big deal, plus the >> upstream has to be trusting enough that we will have the correct filtering >> on our end. >> >> Steve, I would add Blackhole BGP community or session to your list. >> >> Erich Kaiser >> The Fusion Network >> er...@gotfusion.net >> Office: 630-621-4804 >> Cell: 630-777-9291 >> >> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org> >> wrote: >> >>> Or, quite a number of carriers (especially in APAC, some carriers in >>> Canada, a few in the US, and definitely a large number in Europe) will say >>> “do you have an IRR entry at RADB?” and if you say yes then they will use >>> the route object information but if you say no then they will tell you to >>> open a ticket with their NOC each time you have a prefix to add/remove …. >>> >>> >>> >>> I’m actually surprised by the number of transit providers that don’t’ >>> support automation via IRR >>> >>> >>> >>> Paul >>> >>> >>> >>> >>> >>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Faisal Imtiaz >>> *Sent:* May 13, 2016 9:25 PM >>> *To:* af@afmug.com >>> *Subject:* Re: [AFMUG] Upstream BGP Questionairre >>> >>> >>> >>> Let me clarify this a bit more... >>> >>> >>> >>> You are recommending that one creates it's own AS Object in the >>> IRR..(aka learns and manages their own RR entries) (it really does not >>> matter which IRR it is, at the end of the day they are all sort of synced, >>> it is only a question of who is maintaining it, and who can provide help to >>> newbies). .. BTW, I agree with this.. however >>> >>> >>> >>> Cause at the end of the day, someone in the up-stream is very likely to >>> create the record for you, if it is needed by them... >>> >>> This is one of those things that most carriers find... "too much trouble >>> to teach vs just do it for that network !" >>> >>> >>> >>> :) >>> >>> >>> >>> Regards. >>> >>> >>> >>> Faisal Imtiaz >>> Snappy Internet & Telecom >>> 7266 SW 48 Street >>> Miami, FL 33155 >>> Tel: 305 663 5518 x 232 >>> >>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>> >>> >>> -- >>> >>> *From: *"George Skorup" <geo...@cbcast.com> >>> *To: *af@afmug.com >>> *Sent: *Friday, May 13, 2016 7:15:26 PM >>> *Subject: *Re: [AFMUG] Upstream BGP Questionairre >>> >>> I recommend adding your route or AS objects in ARIN's IRR. Merit RADb is >>> not free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway. >>> >>> On 5/13/2016 3:49 PM, Faisal Imtiaz wrote: >>> >>> See answers in-line below:- >>> >>> >>> >>> Faisal Imtiaz >>> Snappy Internet & Telecom >>> 7266 SW 48 Street >>> Miami, FL 33155 >>> Tel: 305 663 5518 x 232 >>> >>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>> >>> >>> -- >>> >>> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com> >>> <thatoneguyst...@gmail.com> >>> *To: *af@afmug.com >>> *Sent: *Friday, May 13, 2016 11:35:10 AM >>> *Subject: *[AFMUG] Upstream BGP Questionairre >>> >>> Im going to expose the breadth of my incompetence here, but there are >>> some questions in this document I want to make sure i
Re: [AFMUG] Upstream BGP Questionairre
That requires something specific? On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com> wrote: > We have started requiring our upstreams to filter by ASN vs Netblock. We > are moving away from upstreams that do not utilize IRR Entries and require > intervention every time we want to make a change, but it is continuous for > us, so for most guys the one time setup is not a big deal, plus the > upstream has to be trusting enough that we will have the correct filtering > on our end. > > Steve, I would add Blackhole BGP community or session to your list. > > Erich Kaiser > The Fusion Network > er...@gotfusion.net > Office: 630-621-4804 > Cell: 630-777-9291 > > On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org> > wrote: > >> Or, quite a number of carriers (especially in APAC, some carriers in >> Canada, a few in the US, and definitely a large number in Europe) will say >> “do you have an IRR entry at RADB?” and if you say yes then they will use >> the route object information but if you say no then they will tell you to >> open a ticket with their NOC each time you have a prefix to add/remove …. >> >> >> >> I’m actually surprised by the number of transit providers that don’t’ >> support automation via IRR >> >> >> >> Paul >> >> >> >> >> >> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Faisal Imtiaz >> *Sent:* May 13, 2016 9:25 PM >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] Upstream BGP Questionairre >> >> >> >> Let me clarify this a bit more... >> >> >> >> You are recommending that one creates it's own AS Object in the IRR..(aka >> learns and manages their own RR entries) (it really does not matter which >> IRR it is, at the end of the day they are all sort of synced, it is only a >> question of who is maintaining it, and who can provide help to newbies). .. >> BTW, I agree with this.. however >> >> >> >> Cause at the end of the day, someone in the up-stream is very likely to >> create the record for you, if it is needed by them... >> >> This is one of those things that most carriers find... "too much trouble >> to teach vs just do it for that network !" >> >> >> >> :) >> >> >> >> Regards. >> >> >> >> Faisal Imtiaz >> Snappy Internet & Telecom >> 7266 SW 48 Street >> Miami, FL 33155 >> Tel: 305 663 5518 x 232 >> >> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >> >> >> -- >> >> *From: *"George Skorup" <geo...@cbcast.com> >> *To: *af@afmug.com >> *Sent: *Friday, May 13, 2016 7:15:26 PM >> *Subject: *Re: [AFMUG] Upstream BGP Questionairre >> >> I recommend adding your route or AS objects in ARIN's IRR. Merit RADb is >> not free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway. >> >> On 5/13/2016 3:49 PM, Faisal Imtiaz wrote: >> >> See answers in-line below:- >> >> >> >> Faisal Imtiaz >> Snappy Internet & Telecom >> 7266 SW 48 Street >> Miami, FL 33155 >> Tel: 305 663 5518 x 232 >> >> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >> >> >> -- >> >> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com> >> <thatoneguyst...@gmail.com> >> *To: *af@afmug.com >> *Sent: *Friday, May 13, 2016 11:35:10 AM >> *Subject: *[AFMUG] Upstream BGP Questionairre >> >> Im going to expose the breadth of my incompetence here, but there are >> some questions in this document I want to make sure im answering accurately >> >> 1. Are you the owner of the AS Number with RIR- This im assuming is our >> ARIN direct allocation? >> >> They are asking if you have a AS # assigned to you from ... (would be >> ARIN for North America). >> >> 2. Are you registered with an Internet Routing Registry? - Im not sure >> what this is, is this also ARIN or do I need to register something >> elsewhere? >> >> Routing Registry it is a way to build authorized prefixes from a >> DataBase... >> >> You can read up about it from here >> https://www.arin.net/resources/routing/ >> >> >> Justin Wilson did a blog about it too... http://www.mtin.net/blog/?p=245 >> >> >> >> and yes ARIN also provides a Routing Registry Service ... (along with a
Re: [AFMUG] Upstream BGP Questionairre
We have started requiring our upstreams to filter by ASN vs Netblock. We are moving away from upstreams that do not utilize IRR Entries and require intervention every time we want to make a change, but it is continuous for us, so for most guys the one time setup is not a big deal, plus the upstream has to be trusting enough that we will have the correct filtering on our end. Steve, I would add Blackhole BGP community or session to your list. Erich Kaiser The Fusion Network er...@gotfusion.net Office: 630-621-4804 Cell: 630-777-9291 On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org> wrote: > Or, quite a number of carriers (especially in APAC, some carriers in > Canada, a few in the US, and definitely a large number in Europe) will say > “do you have an IRR entry at RADB?” and if you say yes then they will use > the route object information but if you say no then they will tell you to > open a ticket with their NOC each time you have a prefix to add/remove …. > > > > I’m actually surprised by the number of transit providers that don’t’ > support automation via IRR > > > > Paul > > > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Faisal Imtiaz > *Sent:* May 13, 2016 9:25 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Upstream BGP Questionairre > > > > Let me clarify this a bit more... > > > > You are recommending that one creates it's own AS Object in the IRR..(aka > learns and manages their own RR entries) (it really does not matter which > IRR it is, at the end of the day they are all sort of synced, it is only a > question of who is maintaining it, and who can provide help to newbies). .. > BTW, I agree with this.. however > > > > Cause at the end of the day, someone in the up-stream is very likely to > create the record for you, if it is needed by them... > > This is one of those things that most carriers find... "too much trouble > to teach vs just do it for that network !" > > > > :) > > > > Regards. > > > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 > > Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > > > -- > > *From: *"George Skorup" <geo...@cbcast.com> > *To: *af@afmug.com > *Sent: *Friday, May 13, 2016 7:15:26 PM > *Subject: *Re: [AFMUG] Upstream BGP Questionairre > > I recommend adding your route or AS objects in ARIN's IRR. Merit RADb is > not free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway. > > On 5/13/2016 3:49 PM, Faisal Imtiaz wrote: > > See answers in-line below:- > > > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 > > Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > > > -- > > *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com> > <thatoneguyst...@gmail.com> > *To: *af@afmug.com > *Sent: *Friday, May 13, 2016 11:35:10 AM > *Subject: *[AFMUG] Upstream BGP Questionairre > > Im going to expose the breadth of my incompetence here, but there are some > questions in this document I want to make sure im answering accurately > > 1. Are you the owner of the AS Number with RIR- This im assuming is our > ARIN direct allocation? > > They are asking if you have a AS # assigned to you from ... (would be ARIN > for North America). > > 2. Are you registered with an Internet Routing Registry? - Im not sure > what this is, is this also ARIN or do I need to register something > elsewhere? > > Routing Registry it is a way to build authorized prefixes from a > DataBase... > > You can read up about it from here > https://www.arin.net/resources/routing/ > > > Justin Wilson did a blog about it too... http://www.mtin.net/blog/?p=245 > > > > and yes ARIN also provides a Routing Registry Service ... (along with a > few others) > > > > 3. Which type of routes do you want to receive? - Full routes is what we > want, but are there caveats in this answer I need to be prepared for? > > > > No Caveats, as long as your equipment is able to take full routes, then do > so. > > > > 4. Do you have downstream ASNs? - I assume this would be customers with > their own allocations? We currently do not, but do not want to close the > door on that in the future. Is this something easily updated in the future? > > Answer this question in the Present.. (you don't have any so say no)... no > future door is closed due to this... this is just info asked / collected &
Re: [AFMUG] Upstream BGP Questionairre
Or, quite a number of carriers (especially in APAC, some carriers in Canada, a few in the US, and definitely a large number in Europe) will say “do you have an IRR entry at RADB?” and if you say yes then they will use the route object information but if you say no then they will tell you to open a ticket with their NOC each time you have a prefix to add/remove …. I’m actually surprised by the number of transit providers that don’t’ support automation via IRR Paul From: Af [mailto:af-boun...@afmug.com] On Behalf Of Faisal Imtiaz Sent: May 13, 2016 9:25 PM To: af@afmug.com Subject: Re: [AFMUG] Upstream BGP Questionairre Let me clarify this a bit more... You are recommending that one creates it's own AS Object in the IRR..(aka learns and manages their own RR entries) (it really does not matter which IRR it is, at the end of the day they are all sort of synced, it is only a question of who is maintaining it, and who can provide help to newbies). .. BTW, I agree with this.. however Cause at the end of the day, someone in the up-stream is very likely to create the record for you, if it is needed by them... This is one of those things that most carriers find... "too much trouble to teach vs just do it for that network !" :) Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net <mailto:supp...@snappytelecom.net> _ From: "George Skorup" <geo...@cbcast.com <mailto:geo...@cbcast.com> > To: af@afmug.com <mailto:af@afmug.com> Sent: Friday, May 13, 2016 7:15:26 PM Subject: Re: [AFMUG] Upstream BGP Questionairre I recommend adding your route or AS objects in ARIN's IRR. Merit RADb is not free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway. On 5/13/2016 3:49 PM, Faisal Imtiaz wrote: See answers in-line below:- Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net <mailto:supp...@snappytelecom.net> _ From: "That One Guy /sarcasm" <mailto:thatoneguyst...@gmail.com> <thatoneguyst...@gmail.com> To: af@afmug.com <mailto:af@afmug.com> Sent: Friday, May 13, 2016 11:35:10 AM Subject: [AFMUG] Upstream BGP Questionairre Im going to expose the breadth of my incompetence here, but there are some questions in this document I want to make sure im answering accurately 1. Are you the owner of the AS Number with RIR- This im assuming is our ARIN direct allocation? They are asking if you have a AS # assigned to you from ... (would be ARIN for North America). 2. Are you registered with an Internet Routing Registry? - Im not sure what this is, is this also ARIN or do I need to register something elsewhere? Routing Registry it is a way to build authorized prefixes from a DataBase... You can read up about it from here https://www.arin.net/resources/routing/ Justin Wilson did a blog about it too... http://www.mtin.net/blog/?p=245 and yes ARIN also provides a Routing Registry Service ... (along with a few others) 3. Which type of routes do you want to receive? - Full routes is what we want, but are there caveats in this answer I need to be prepared for? No Caveats, as long as your equipment is able to take full routes, then do so. 4. Do you have downstream ASNs? - I assume this would be customers with their own allocations? We currently do not, but do not want to close the door on that in the future. Is this something easily updated in the future? Answer this question in the Present.. (you don't have any so say no)... no future door is closed due to this... this is just info asked / collected for the upstream to be able to build their ACL filters (This is also a flag for them to collect your BGP LOA's as well as your Customers to you..) This becomes a mute topic, if you are versed in using the Routing Registry and maintaining your own Route Objects etc. 5. List all prefixes to be announced so that we can confirm the BGP ACL prior to activation: We only have a /22, but we do want the option down the road to pull /24 from one provider if need be. Would we list the /24s independently or the /22 as the aggregate? You want to ask them for the following:- xx.xx.xx.xx/22 please use the 'le 24' option with the filter. Note: this will have them build a filter that can accept larger prefixes between 24 - 22, so it is not a 'specific' filter... 6. MD5 Password: On this is it standard practice to use the same password with all providers or different ones? Your choice... either way no big deal, as long as you keep track of them. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
Re: [AFMUG] Upstream BGP Questionairre
Let me clarify this a bit more... You are recommending that one creates it's own AS Object in the IRR..(aka learns and manages their own RR entries) (it really does not matter which IRR it is, at the end of the day they are all sort of synced, it is only a question of who is maintaining it, and who can provide help to newbies). .. BTW, I agree with this.. however Cause at the end of the day, someone in the up-stream is very likely to create the record for you, if it is needed by them... This is one of those things that most carriers find... "too much trouble to teach vs just do it for that network !" :) Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > From: "George Skorup" <geo...@cbcast.com> > To: af@afmug.com > Sent: Friday, May 13, 2016 7:15:26 PM > Subject: Re: [AFMUG] Upstream BGP Questionairre > I recommend adding your route or AS objects in ARIN's IRR. Merit RADb is not > free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway. > On 5/13/2016 3:49 PM, Faisal Imtiaz wrote: >> See answers in-line below:- >> Faisal Imtiaz >> Snappy Internet & Telecom >> 7266 SW 48 Street >> Miami, FL 33155 >> Tel: 305 663 5518 x 232 >> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >>> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> >>> To: af@afmug.com >>> Sent: Friday, May 13, 2016 11:35:10 AM >>> Subject: [AFMUG] Upstream BGP Questionairre >>> Im going to expose the breadth of my incompetence here, but there are some >>> questions in this document I want to make sure im answering accurately >>> 1. Are you the owner of the AS Number with RIR- This im assuming is our ARIN >>> direct allocation? >> They are asking if you have a AS # assigned to you from ... (would be ARIN >> for >> North America). >>> 2. Are you registered with an Internet Routing Registry? - Im not sure what >>> this >>> is, is this also ARIN or do I need to register something elsewhere? >> Routing Registry it is a way to build authorized prefixes from a >> DataBase... >> You can read up about it from here https://www.arin.net/resources/routing/ >> Justin Wilson did a blog about it too... http://www.mtin.net/blog/?p=245 >> and yes ARIN also provides a Routing Registry Service ... (along with a few >> others) >>> 3. Which type of routes do you want to receive? - Full routes is what we >>> want, >>> but are there caveats in this answer I need to be prepared for? >> No Caveats, as long as your equipment is able to take full routes, then do >> so. >>> 4. Do you have downstream ASNs? - I assume this would be customers with >>> their >>> own allocations? We currently do not, but do not want to close the door on >>> that >>> in the future. Is this something easily updated in the future? >> Answer this question in the Present.. (you don't have any so say no)... no >> future door is closed due to this... this is just info asked / collected for >> the upstream to be able to build their ACL filters (This is also a flag >> for >> them to collect your BGP LOA's as well as your Customers to you..) >> This becomes a mute topic, if you are versed in using the Routing Registry >> and >> maintaining your own Route Objects etc. >>> 5. List all prefixes to be announced so that we can confirm the BGP ACL >>> prior to >>> activation: We only have a /22, but we do want the option down the road to >>> pull >>> /24 from one provider if need be. Would we list the /24s independently or >>> the >>> /22 as the aggregate? >> You want to ask them for the following:- >> xx.xx.xx.xx/22 please use the 'le 24' option with the filter. >> Note: this will have them build a filter that can accept larger prefixes >> between >> 24 - 22, so it is not a 'specific' filter... >>> 6. MD5 Password: On this is it standard practice to use the same password >>> with >>> all providers or different ones? >> Your choice... either way no big deal, as long as you keep track of them. >>> -- >>> If you only see yourself as part of the team but you don't see your team as >>> part >>> of yourself you have already failed as part of the team.
Re: [AFMUG] Upstream BGP Questionairre
I recommend adding your route or AS objects in ARIN's IRR. Merit RADb is not free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway. On 5/13/2016 3:49 PM, Faisal Imtiaz wrote: See answers in-line below:- Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com> *To: *af@afmug.com *Sent: *Friday, May 13, 2016 11:35:10 AM *Subject: *[AFMUG] Upstream BGP Questionairre Im going to expose the breadth of my incompetence here, but there are some questions in this document I want to make sure im answering accurately 1. Are you the owner of the AS Number with RIR- This im assuming is our ARIN direct allocation? They are asking if you have a AS # assigned to you from ... (would be ARIN for North America). 2. Are you registered with an Internet Routing Registry? - Im not sure what this is, is this also ARIN or do I need to register something elsewhere? Routing Registry it is a way to build authorized prefixes from a DataBase... You can read up about it from here https://www.arin.net/resources/routing/ Justin Wilson did a blog about it too... http://www.mtin.net/blog/?p=245 and yes ARIN also provides a Routing Registry Service ... (along with a few others) 3. Which type of routes do you want to receive? - Full routes is what we want, but are there caveats in this answer I need to be prepared for? No Caveats, as long as your equipment is able to take full routes, then do so. 4. Do you have downstream ASNs? - I assume this would be customers with their own allocations? We currently do not, but do not want to close the door on that in the future. Is this something easily updated in the future? Answer this question in the Present.. (you don't have any so say no)... no future door is closed due to this... this is just info asked / collected for the upstream to be able to build their ACL filters (This is also a flag for them to collect your BGP LOA's as well as your Customers to you..) This becomes a mute topic, if you are versed in using the Routing Registry and maintaining your own Route Objects etc. 5. List all prefixes to be announced so that we can confirm the BGP ACL prior to activation: We only have a /22, but we do want the option down the road to pull /24 from one provider if need be. Would we list the /24s independently or the /22 as the aggregate? You want to ask them for the following:- xx.xx.xx.xx/22 please use the 'le 24' option with the filter. Note: this will have them build a filter that can accept larger prefixes between 24 - 22, so it is not a 'specific' filter... 6. MD5 Password: On this is it standard practice to use the same password with all providers or different ones? Your choice... either way no big deal, as long as you keep track of them. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
Re: [AFMUG] Upstream BGP Questionairre
See answers in-line below:- Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> > To: af@afmug.com > Sent: Friday, May 13, 2016 11:35:10 AM > Subject: [AFMUG] Upstream BGP Questionairre > Im going to expose the breadth of my incompetence here, but there are some > questions in this document I want to make sure im answering accurately > 1. Are you the owner of the AS Number with RIR- This im assuming is our ARIN > direct allocation? They are asking if you have a AS # assigned to you from ... (would be ARIN for North America). > 2. Are you registered with an Internet Routing Registry? - Im not sure what > this > is, is this also ARIN or do I need to register something elsewhere? Routing Registry it is a way to build authorized prefixes from a DataBase... You can read up about it from here https://www.arin.net/resources/routing/ Justin Wilson did a blog about it too... http://www.mtin.net/blog/?p=245 and yes ARIN also provides a Routing Registry Service ... (along with a few others) > 3. Which type of routes do you want to receive? - Full routes is what we want, > but are there caveats in this answer I need to be prepared for? No Caveats, as long as your equipment is able to take full routes, then do so. > 4. Do you have downstream ASNs? - I assume this would be customers with their > own allocations? We currently do not, but do not want to close the door on > that > in the future. Is this something easily updated in the future? Answer this question in the Present.. (you don't have any so say no)... no future door is closed due to this... this is just info asked / collected for the upstream to be able to build their ACL filters (This is also a flag for them to collect your BGP LOA's as well as your Customers to you..) This becomes a mute topic, if you are versed in using the Routing Registry and maintaining your own Route Objects etc. > 5. List all prefixes to be announced so that we can confirm the BGP ACL prior > to > activation: We only have a /22, but we do want the option down the road to > pull > /24 from one provider if need be. Would we list the /24s independently or the > /22 as the aggregate? You want to ask them for the following:- xx.xx.xx.xx/22 please use the 'le 24' option with the filter. Note: this will have them build a filter that can accept larger prefixes between 24 - 22, so it is not a 'specific' filter... > 6. MD5 Password: On this is it standard practice to use the same password with > all providers or different ones? Your choice... either way no big deal, as long as you keep track of them. > -- > If you only see yourself as part of the team but you don't see your team as > part > of yourself you have already failed as part of the team.
Re: [AFMUG] Upstream BGP Questionairre
Is there a recomended complexity on the MD5 password, Im assuming it should not be "password" On Fri, May 13, 2016 at 10:38 AM, Josh Luthmanwrote: > 1 - AS is a number you get from ARIN > 2 - I think it's just ARIN? http://www.irr.net/docs/list.html > 3 - generally full routes, you need 512 or 1024 megs of RAM on a MT > 4 - It can be changed. Just say you don't right now. > 5 - Just list all your prefixes > 6 - *ahem* probably should...but ya know... > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > On Fri, May 13, 2016 at 11:35 AM, That One Guy /sarcasm < > thatoneguyst...@gmail.com> wrote: > >> Im going to expose the breadth of my incompetence here, but there are >> some questions in this document I want to make sure im answering accurately >> >> 1. Are you the owner of the AS Number with RIR- This im assuming is our >> ARIN direct allocation? >> >> 2. Are you registered with an Internet Routing Registry? - Im not sure >> what this is, is this also ARIN or do I need to register something >> elsewhere? >> >> 3. Which type of routes do you want to receive? - Full routes is what we >> want, but are there caveats in this answer I need to be prepared for? >> >> 4. Do you have downstream ASNs? - I assume this would be customers with >> their own allocations? We currently do not, but do not want to close the >> door on that in the future. Is this something easily updated in the future? >> >> 5. List all prefixes to be announced so that we can confirm the BGP ACL >> prior to activation: We only have a /22, but we do want the option down the >> road to pull /24 from one provider if need be. Would we list the /24s >> independently or the /22 as the aggregate? >> >> 6. MD5 Password: On this is it standard practice to use the same password >> with all providers or different ones? >> >> >> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
Re: [AFMUG] Upstream BGP Questionairre
1 - AS is a number you get from ARIN 2 - I think it's just ARIN? http://www.irr.net/docs/list.html 3 - generally full routes, you need 512 or 1024 megs of RAM on a MT 4 - It can be changed. Just say you don't right now. 5 - Just list all your prefixes 6 - *ahem* probably should...but ya know... Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, May 13, 2016 at 11:35 AM, That One Guy /sarcasm < thatoneguyst...@gmail.com> wrote: > Im going to expose the breadth of my incompetence here, but there are some > questions in this document I want to make sure im answering accurately > > 1. Are you the owner of the AS Number with RIR- This im assuming is our > ARIN direct allocation? > > 2. Are you registered with an Internet Routing Registry? - Im not sure > what this is, is this also ARIN or do I need to register something > elsewhere? > > 3. Which type of routes do you want to receive? - Full routes is what we > want, but are there caveats in this answer I need to be prepared for? > > 4. Do you have downstream ASNs? - I assume this would be customers with > their own allocations? We currently do not, but do not want to close the > door on that in the future. Is this something easily updated in the future? > > 5. List all prefixes to be announced so that we can confirm the BGP ACL > prior to activation: We only have a /22, but we do want the option down the > road to pull /24 from one provider if need be. Would we list the /24s > independently or the /22 as the aggregate? > > 6. MD5 Password: On this is it standard practice to use the same password > with all providers or different ones? > > > > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. >
[AFMUG] Upstream BGP Questionairre
Im going to expose the breadth of my incompetence here, but there are some questions in this document I want to make sure im answering accurately 1. Are you the owner of the AS Number with RIR- This im assuming is our ARIN direct allocation? 2. Are you registered with an Internet Routing Registry? - Im not sure what this is, is this also ARIN or do I need to register something elsewhere? 3. Which type of routes do you want to receive? - Full routes is what we want, but are there caveats in this answer I need to be prepared for? 4. Do you have downstream ASNs? - I assume this would be customers with their own allocations? We currently do not, but do not want to close the door on that in the future. Is this something easily updated in the future? 5. List all prefixes to be announced so that we can confirm the BGP ACL prior to activation: We only have a /22, but we do want the option down the road to pull /24 from one provider if need be. Would we list the /24s independently or the /22 as the aggregate? 6. MD5 Password: On this is it standard practice to use the same password with all providers or different ones? -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.