Re: [AFMUG] Upstream BGP Questionairre

[Josh Reynolds]

​I'm glad it's hairs and not atoms.​

On Mon, May 16, 2016 at 7:33 PM, Faisal Imtiaz <fai...@snappytelecom.net>
wrote:

> Yeah, that was about the only thing I could come up with as being the most
> practical reason (e.g. when doing bgp on a CCR etc).
> but even then the logic validity of this as a solution to the problem is
> questionable, however giving the appearance of a possible solution... I
> will buy that ..
>
> But then again, I may be just splitting hairs...
>
> :)
>
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232
>
> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>
> --
>
> *From: *"Erich Kaiser" <er...@northcentraltower.com>
> *To: *af@afmug.com
> *Sent: *Monday, May 16, 2016 8:03:32 PM
> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>
> Some people want default route and full routes because of route
> propagation/population, this way if your session resets you at least can
> get online right away.
>
>
> Erich Kaiser
> North Central Tower
> er...@northcentraltower.com
> Office: 630-621-4804
> Cell: 630-777-9291
>
>
> On Mon, May 16, 2016 at 11:03 AM, Faisal Imtiaz <fai...@snappytelecom.net>
> wrote:
>
>> What I meant to ask is .
>>
>> Why get the default route via BGP from your Upstream... Why not set is
>> statically (ip sla track, or monitor gateway etc).
>>
>> IF your bgp sessions goes down, then your prefixes are withdrawn anyway..
>> so I am not sure what that will cover you for..
>>
>> In regards to OSPF redistributing default routes, I believe managing a
>> statically done default route is  easier and safer to inject and manage, vs
>> one coming from your upstream.
>>
>> Faisal Imtiaz
>> Snappy Internet & Telecom
>> 7266 SW 48 Street
>> Miami, FL 33155
>> Tel: 305 663 5518 x 232
>>
>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>>
>> --
>>
>> *From: *"Cassidy B. Larson" <c...@infowest.com>
>> *To: *af@afmug.com
>> *Sent: *Monday, May 16, 2016 11:18:16 AM
>> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>>
>> We do a cisco ip sla track to make sure BGP is up on the upstream facing
>> interface for the static default to be valid.
>>
>> On May 16, 2016, at 9:04 AM, Faisal Imtiaz <fai...@snappytelecom.net>
>> wrote:
>> Interesting Carl, doing a manual static default route does not do the
>> trick for you ?
>>
>> Regards.
>>
>> Faisal Imtiaz
>> Snappy Internet & Telecom
>> 7266 SW 48 Street
>> Miami, FL 33155
>> Tel: 305 663 5518 x 232
>>
>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>> <supp...@snappytelecom.net>
>>
>> --
>>
>> *From: *"Carl Peterson" <cpeter...@portnetworks.com>
>> *To: *af@afmug.com
>> *Sent: *Monday, May 16, 2016 10:42:35 AM
>> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>>
>> For #3, I generally ask for full route + a default.  The default is for
>> default information originate for OSPF.  If there isn't a default in the
>> routing table, my edge router won't advertise a default to non-bgb ospf
>> peers.  You don't want a static default in case the peer goes down.
>>
>>
>> On Mon, May 16, 2016 at 7:20 AM, Josh Baird <joshba...@gmail.com> wrote:
>>
>>> Many providers refer to this as 'RTBH' (remotely triggered blackhole
>>> filtering).
>>> Josh
>>>
>>> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm <
>>> thatoneguyst...@gmail.com> wrote:
>>>
>>>> that request, lacking my fundamental understanding of the terminology,
>>>> would be phrased how?
>>>>
>>>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com>
>>>> wrote:
>>>>
>>>>> Yes, it requires your upstream to support a blackhole BGP community.
>>>>> This allows you to advertise host routes (/32 or smaller) to them using a
>>>>> specific BGP community when you want your ISP to drop all traffic for the
>>>>> prefix before it reaches you.  This is -very- useful for DDoS defense.
>>>>> Josh
>>>>>
>>>>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm <
>>>>> thatoneguyst...@gmail.com> wrote:
>>>>&g

Re: [AFMUG] Upstream BGP Questionairre

[Faisal Imtiaz]

Yeah, that was about the only thing I could come up with as being the most 
practical reason (e.g. when doing bgp on a CCR etc). 
but even then the logic validity of this as a solution to the problem is 
questionable, however giving the appearance of a possible solution... I will 
buy that .. 

But then again, I may be just splitting hairs... 

:) 

Faisal Imtiaz 
Snappy Internet & Telecom 
7266 SW 48 Street 
Miami, FL 33155 
Tel: 305 663 5518 x 232 

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

> From: "Erich Kaiser" <er...@northcentraltower.com>
> To: af@afmug.com
> Sent: Monday, May 16, 2016 8:03:32 PM
> Subject: Re: [AFMUG] Upstream BGP Questionairre

> Some people want default route and full routes because of route
> propagation/population, this way if your session resets you at least can get
> online right away.

> Erich Kaiser
> North Central Tower
> er...@northcentraltower.com
> Office: 630-621-4804
> Cell: 630-777-9291

> On Mon, May 16, 2016 at 11:03 AM, Faisal Imtiaz < fai...@snappytelecom.net >
> wrote:

>> What I meant to ask is .

>> Why get the default route via BGP from your Upstream... Why not set is
>> statically (ip sla track, or monitor gateway etc).

>> IF your bgp sessions goes down, then your prefixes are withdrawn anyway.. so 
>> I
>> am not sure what that will cover you for..

>> In regards to OSPF redistributing default routes, I believe managing a
>> statically done default route is easier and safer to inject and manage, vs 
>> one
>> coming from your upstream.

>> Faisal Imtiaz
>> Snappy Internet & Telecom
>> 7266 SW 48 Street
>> Miami, FL 33155
>> Tel: 305 663 5518 x 232

>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net

>>> From: "Cassidy B. Larson" < c...@infowest.com >
>>> To: af@afmug.com
>>> Sent: Monday, May 16, 2016 11:18:16 AM
>>> Subject: Re: [AFMUG] Upstream BGP Questionairre

>>> We do a cisco ip sla track to make sure BGP is up on the upstream facing
>>> interface for the static default to be valid.

>>>> On May 16, 2016, at 9:04 AM, Faisal Imtiaz < fai...@snappytelecom.net > 
>>>> wrote:
>>>> Interesting Carl, doing a manual static default route does not do the 
>>>> trick
>>>> for you ?

>>>> Regards.

>>>> Faisal Imtiaz
>>>> Snappy Internet & Telecom
>>>> 7266 SW 48 Street
>>>> Miami, FL 33155
>>>> Tel: 305 663 5518 x 232

>>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net

>>>>> From: "Carl Peterson" < cpeter...@portnetworks.com >
>>>>> To: af@afmug.com
>>>>> Sent: Monday, May 16, 2016 10:42:35 AM
>>>>> Subject: Re: [AFMUG] Upstream BGP Questionairre

>>>>> For #3, I generally ask for full route + a default. The default is for 
>>>>> default
>>>>> information originate for OSPF. If there isn't a default in the routing 
>>>>> table,
>>>>> my edge router won't advertise a default to non-bgb ospf peers. You don't 
>>>>> want
>>>>> a static default in case the peer goes down.

>>>>> On Mon, May 16, 2016 at 7:20 AM, Josh Baird < joshba...@gmail.com > wrote:

>>>>>> Many providers refer to this as 'RTBH' (remotely triggered blackhole 
>>>>>> filtering).
>>>>>> Josh

>>>>>> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm <
>>>>>> thatoneguyst...@gmail.com > wrote:

>>>>>>> that request, lacking my fundamental understanding of the terminology, 
>>>>>>> would be
>>>>>>> phrased how?

>>>>>>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird < joshba...@gmail.com > 
>>>>>>> wrote:

>>>>>>>> Yes, it requires your upstream to support a blackhole BGP community. 
>>>>>>>> This allows
>>>>>>>> you to advertise host routes (/32 or smaller) to them using a specific 
>>>>>>>> BGP
>>>>>>>> community when you want your ISP to drop all traffic for the prefix 
>>>>>>>> before it
>>>>>>>> reaches you. This is -very- useful for DDoS defense.
>>>>>>>> Josh

>>>>>>>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm <
>>>>>>>> thatoneguyst...@gmail.com > wrote:

Re: [AFMUG] Upstream BGP Questionairre

[Erich Kaiser]

Some people want default route and full routes because of route
propagation/population, this way if your session resets you at least can
get online right away.


Erich Kaiser
North Central Tower
er...@northcentraltower.com
Office: 630-621-4804
Cell: 630-777-9291


On Mon, May 16, 2016 at 11:03 AM, Faisal Imtiaz <fai...@snappytelecom.net>
wrote:

> What I meant to ask is .
>
> Why get the default route via BGP from your Upstream... Why not set is
> statically (ip sla track, or monitor gateway etc).
>
> IF your bgp sessions goes down, then your prefixes are withdrawn anyway..
> so I am not sure what that will cover you for..
>
> In regards to OSPF redistributing default routes, I believe managing a
> statically done default route is  easier and safer to inject and manage, vs
> one coming from your upstream.
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232
>
> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>
> --
>
> *From: *"Cassidy B. Larson" <c...@infowest.com>
> *To: *af@afmug.com
> *Sent: *Monday, May 16, 2016 11:18:16 AM
> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>
> We do a cisco ip sla track to make sure BGP is up on the upstream facing
> interface for the static default to be valid.
>
> On May 16, 2016, at 9:04 AM, Faisal Imtiaz <fai...@snappytelecom.net>
> wrote:
> Interesting Carl, doing a manual static default route does not do the
> trick for you ?
>
> Regards.
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232
>
> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
> <supp...@snappytelecom.net>
>
> ----------
>
> *From: *"Carl Peterson" <cpeter...@portnetworks.com>
> *To: *af@afmug.com
> *Sent: *Monday, May 16, 2016 10:42:35 AM
> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>
> For #3, I generally ask for full route + a default.  The default is for
> default information originate for OSPF.  If there isn't a default in the
> routing table, my edge router won't advertise a default to non-bgb ospf
> peers.  You don't want a static default in case the peer goes down.
>
>
> On Mon, May 16, 2016 at 7:20 AM, Josh Baird <joshba...@gmail.com> wrote:
>
>> Many providers refer to this as 'RTBH' (remotely triggered blackhole
>> filtering).
>> Josh
>>
>> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> that request, lacking my fundamental understanding of the terminology,
>>> would be phrased how?
>>>
>>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com> wrote:
>>>
>>>> Yes, it requires your upstream to support a blackhole BGP community.
>>>> This allows you to advertise host routes (/32 or smaller) to them using a
>>>> specific BGP community when you want your ISP to drop all traffic for the
>>>> prefix before it reaches you.  This is -very- useful for DDoS defense.
>>>> Josh
>>>>
>>>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm <
>>>> thatoneguyst...@gmail.com> wrote:
>>>>
>>>>> That requires something specific?
>>>>> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com>
>>>>> wrote:
>>>>>
>>>>>> We have started requiring our upstreams to filter by ASN vs
>>>>>> Netblock.  We are moving away from upstreams that do not utilize IRR
>>>>>> Entries and require intervention every time we want to make a change, but
>>>>>> it is continuous for us, so for most guys the one time setup is not a big
>>>>>> deal, plus the upstream has to be trusting enough that we will have the
>>>>>> correct filtering on our end.
>>>>>>
>>>>>> Steve, I would add Blackhole BGP community or session to your list.
>>>>>>
>>>>>> Erich Kaiser
>>>>>> The Fusion Network
>>>>>> er...@gotfusion.net
>>>>>> Office: 630-621-4804
>>>>>> Cell: 630-777-9291
>>>>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org>
>>>>>> wrote:
>>>>>>
>>>>>>> Or, quite a number of carriers (especially in APAC, some carriers in
>>>>>>> Canada, a few 

Re: [AFMUG] Upstream BGP Questionairre

[Carl Peterson]

Of course it would work, but if I lose BGP I don't want to use it.  Could
do track, etc but getting a default is just an easy way to do it.
Obviously we have multiple BGP peers, can't imagine just having one.

On Mon, May 16, 2016 at 12:03 PM, Faisal Imtiaz <fai...@snappytelecom.net>
wrote:

> What I meant to ask is .
>
> Why get the default route via BGP from your Upstream... Why not set is
> statically (ip sla track, or monitor gateway etc).
>
> IF your bgp sessions goes down, then your prefixes are withdrawn anyway..
> so I am not sure what that will cover you for..
>
> In regards to OSPF redistributing default routes, I believe managing a
> statically done default route is  easier and safer to inject and manage, vs
> one coming from your upstream.
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232
>
> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>
> --
>
> *From: *"Cassidy B. Larson" <c...@infowest.com>
> *To: *af@afmug.com
> *Sent: *Monday, May 16, 2016 11:18:16 AM
> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>
> We do a cisco ip sla track to make sure BGP is up on the upstream facing
> interface for the static default to be valid.
>
> On May 16, 2016, at 9:04 AM, Faisal Imtiaz <fai...@snappytelecom.net>
> wrote:
> Interesting Carl, doing a manual static default route does not do the
> trick for you ?
>
> Regards.
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232
>
> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
> <supp...@snappytelecom.net>
>
> ----------
>
> *From: *"Carl Peterson" <cpeter...@portnetworks.com>
> *To: *af@afmug.com
> *Sent: *Monday, May 16, 2016 10:42:35 AM
> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>
> For #3, I generally ask for full route + a default.  The default is for
> default information originate for OSPF.  If there isn't a default in the
> routing table, my edge router won't advertise a default to non-bgb ospf
> peers.  You don't want a static default in case the peer goes down.
>
>
> On Mon, May 16, 2016 at 7:20 AM, Josh Baird <joshba...@gmail.com> wrote:
>
>> Many providers refer to this as 'RTBH' (remotely triggered blackhole
>> filtering).
>> Josh
>>
>> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> that request, lacking my fundamental understanding of the terminology,
>>> would be phrased how?
>>>
>>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com> wrote:
>>>
>>>> Yes, it requires your upstream to support a blackhole BGP community.
>>>> This allows you to advertise host routes (/32 or smaller) to them using a
>>>> specific BGP community when you want your ISP to drop all traffic for the
>>>> prefix before it reaches you.  This is -very- useful for DDoS defense.
>>>> Josh
>>>>
>>>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm <
>>>> thatoneguyst...@gmail.com> wrote:
>>>>
>>>>> That requires something specific?
>>>>> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com>
>>>>> wrote:
>>>>>
>>>>>> We have started requiring our upstreams to filter by ASN vs
>>>>>> Netblock.  We are moving away from upstreams that do not utilize IRR
>>>>>> Entries and require intervention every time we want to make a change, but
>>>>>> it is continuous for us, so for most guys the one time setup is not a big
>>>>>> deal, plus the upstream has to be trusting enough that we will have the
>>>>>> correct filtering on our end.
>>>>>>
>>>>>> Steve, I would add Blackhole BGP community or session to your list.
>>>>>>
>>>>>> Erich Kaiser
>>>>>> The Fusion Network
>>>>>> er...@gotfusion.net
>>>>>> Office: 630-621-4804
>>>>>> Cell: 630-777-9291
>>>>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org>
>>>>>> wrote:
>>>>>>
>>>>>>> Or, quite a number of carriers (especially in APAC, some carriers in
>>>>>>> Canada, a few in the US, and definitely a large number in Europe) will 

Re: [AFMUG] Upstream BGP Questionairre

[Faisal Imtiaz]

What I meant to ask is . 

Why get the default route via BGP from your Upstream... Why not set is 
statically (ip sla track, or monitor gateway etc). 

IF your bgp sessions goes down, then your prefixes are withdrawn anyway.. so I 
am not sure what that will cover you for.. 

In regards to OSPF redistributing default routes, I believe managing a 
statically done default route is easier and safer to inject and manage, vs one 
coming from your upstream. 

Faisal Imtiaz 
Snappy Internet & Telecom 
7266 SW 48 Street 
Miami, FL 33155 
Tel: 305 663 5518 x 232 

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

> From: "Cassidy B. Larson" <c...@infowest.com>
> To: af@afmug.com
> Sent: Monday, May 16, 2016 11:18:16 AM
> Subject: Re: [AFMUG] Upstream BGP Questionairre

> We do a cisco ip sla track to make sure BGP is up on the upstream facing
> interface for the static default to be valid.

>> On May 16, 2016, at 9:04 AM, Faisal Imtiaz < fai...@snappytelecom.net > 
>> wrote:
>> Interesting Carl, doing a manual static default route does not do the 
>> trick
>> for you ?

>> Regards.

>> Faisal Imtiaz
>> Snappy Internet & Telecom
>> 7266 SW 48 Street
>> Miami, FL 33155
>> Tel: 305 663 5518 x 232

>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net

>>> From: "Carl Peterson" < cpeter...@portnetworks.com >
>>> To: af@afmug.com
>>> Sent: Monday, May 16, 2016 10:42:35 AM
>>> Subject: Re: [AFMUG] Upstream BGP Questionairre

>>> For #3, I generally ask for full route + a default. The default is for 
>>> default
>>> information originate for OSPF. If there isn't a default in the routing 
>>> table,
>>> my edge router won't advertise a default to non-bgb ospf peers. You don't 
>>> want
>>> a static default in case the peer goes down.

>>> On Mon, May 16, 2016 at 7:20 AM, Josh Baird < joshba...@gmail.com > wrote:

>>>> Many providers refer to this as 'RTBH' (remotely triggered blackhole 
>>>> filtering).
>>>> Josh

>>>> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm <
>>>> thatoneguyst...@gmail.com > wrote:

>>>>> that request, lacking my fundamental understanding of the terminology, 
>>>>> would be
>>>>> phrased how?

>>>>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird < joshba...@gmail.com > wrote:

>>>>>> Yes, it requires your upstream to support a blackhole BGP community. 
>>>>>> This allows
>>>>>> you to advertise host routes (/32 or smaller) to them using a specific 
>>>>>> BGP
>>>>>> community when you want your ISP to drop all traffic for the prefix 
>>>>>> before it
>>>>>> reaches you. This is -very- useful for DDoS defense.
>>>>>> Josh

>>>>>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm <
>>>>>> thatoneguyst...@gmail.com > wrote:

>>>>>>> That requires something specific?
>>>>>>> On May 14, 2016 7:33 AM, "Erich Kaiser" < er...@northcentraltower.com > 
>>>>>>> wrote:

>>>>>>>> We have started requiring our upstreams to filter by ASN vs Netblock. 
>>>>>>>> We are
>>>>>>>> moving away from upstreams that do not utilize IRR Entries and require
>>>>>>>> intervention every time we want to make a change, but it is continuous 
>>>>>>>> for us,
>>>>>>>> so for most guys the one time setup is not a big deal, plus the 
>>>>>>>> upstream has to
>>>>>>>> be trusting enough that we will have the correct filtering on our end.

>>>>>>>> Steve, I would add Blackhole BGP community or session to your list.

>>>>>>>> Erich Kaiser
>>>>>>>> The Fusion Network
>>>>>>>> er...@gotfusion.net
>>>>>>>> Office: 630-621-4804
>>>>>>>> Cell: 630-777-9291
>>>>>>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart < p...@paulstewart.org > 
>>>>>>>> wrote:

>>>>>>>>> Or, quite a number of carriers (especially in APAC, some carriers in 
>>>>>>>>> Canada, a
>>>>>>>>> few in the US, and definitely a large number in Europe) will say “do 
>>>>>>>>> you have
>

Re: [AFMUG] Upstream BGP Questionairre

[Cassidy B. Larson]

We do a cisco ip sla track to make sure BGP is up on the upstream facing 
interface for the static default to be valid.

> On May 16, 2016, at 9:04 AM, Faisal Imtiaz <fai...@snappytelecom.net> wrote:
> 
> Interesting Carl, doing a manual static default route does not do the 
> trick for you ?
> 
> Regards.
> 
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232
> 
> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
> 
> From: "Carl Peterson" <cpeter...@portnetworks.com>
> To: af@afmug.com
> Sent: Monday, May 16, 2016 10:42:35 AM
> Subject: Re: [AFMUG] Upstream BGP Questionairre
> For #3, I generally ask for full route + a default.  The default is for 
> default information originate for OSPF.  If there isn't a default in the 
> routing table, my edge router won't advertise a default to non-bgb ospf 
> peers.  You don't want a static default in case the peer goes down.
> 
> 
> On Mon, May 16, 2016 at 7:20 AM, Josh Baird <joshba...@gmail.com 
> <mailto:joshba...@gmail.com>> wrote:
> Many providers refer to this as 'RTBH' (remotely triggered blackhole 
> filtering).
> Josh
> 
> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm 
> <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote:
> that request, lacking my fundamental understanding of the terminology, would 
> be phrased how?
> 
> On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com 
> <mailto:joshba...@gmail.com>> wrote:
> Yes, it requires your upstream to support a blackhole BGP community.  This 
> allows you to advertise host routes (/32 or smaller) to them using a specific 
> BGP community when you want your ISP to drop all traffic for the prefix 
> before it reaches you.  This is -very- useful for DDoS defense.
> Josh
> 
> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm 
> <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote:
> That requires something specific?
> 
> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com 
> <mailto:er...@northcentraltower.com>> wrote:
> We have started requiring our upstreams to filter by ASN vs Netblock.  We are 
> moving away from upstreams that do not utilize IRR Entries and require 
> intervention every time we want to make a change, but it is continuous for 
> us, so for most guys the one time setup is not a big deal, plus the upstream 
> has to be trusting enough that we will have the correct filtering on our end.
> 
> Steve, I would add Blackhole BGP community or session to your list.
> 
> Erich Kaiser
> The Fusion Network
> er...@gotfusion.net <mailto:er...@gotfusion.net>
> Office: 630-621-4804 
> Cell: 630-777-9291 
> 
> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org 
> <mailto:p...@paulstewart.org>> wrote:
> Or, quite a number of carriers (especially in APAC, some carriers in Canada, 
> a few in the US, and definitely a large number in Europe) will say “do you 
> have an IRR entry at RADB?” and if you say yes then they will use the route 
> object information but if you say no then they will tell you to open a ticket 
> with their NOC each time you have a prefix to add/remove ….
> 
> 
> I’m actually surprised by the number of transit providers that don’t’ support 
> automation via IRR
> 
> 
> Paul
> 
> 
> 
> From: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com>] On 
> Behalf Of Faisal Imtiaz
> Sent: May 13, 2016 9:25 PM
> To: af@afmug.com <mailto:af@afmug.com>
> Subject: Re: [AFMUG] Upstream BGP Questionairre
> 
> 
> Let me clarify this a bit more...
> 
> 
> You are recommending that one creates it's own AS Object in the IRR..(aka 
> learns and manages their own RR entries) (it really does not matter which IRR 
> it is, at the end of the day they are all sort of synced, it is only a 
> question of who is maintaining it, and who can provide help to newbies). .. 
> BTW, I agree with this.. however 
> 
> 
> Cause at the end of the day, someone in the up-stream is very likely to 
> create the record for you, if it is needed by them...
> 
> This is one of those things that most carriers find... "too much trouble to 
> teach vs just do it for that network !"
> 
> 
> :)
> 
> 
> Regards.
> 
> 
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232 <tel:305%20663%205518%20x%20232>
> 
> Help-desk: (305)663-5518 <tel:%28305%29663-5518> Option 2 or Email: 
> supp...@snappytelec

Re: [AFMUG] Upstream BGP Questionairre

[Faisal Imtiaz]

Interesting Carl, doing a manual static default route does not do the trick 
for you ? 

Regards. 

Faisal Imtiaz 
Snappy Internet & Telecom 
7266 SW 48 Street 
Miami, FL 33155 
Tel: 305 663 5518 x 232 

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

> From: "Carl Peterson" <cpeter...@portnetworks.com>
> To: af@afmug.com
> Sent: Monday, May 16, 2016 10:42:35 AM
> Subject: Re: [AFMUG] Upstream BGP Questionairre

> For #3, I generally ask for full route + a default. The default is for default
> information originate for OSPF. If there isn't a default in the routing table,
> my edge router won't advertise a default to non-bgb ospf peers. You don't want
> a static default in case the peer goes down.

> On Mon, May 16, 2016 at 7:20 AM, Josh Baird < joshba...@gmail.com > wrote:

>> Many providers refer to this as 'RTBH' (remotely triggered blackhole 
>> filtering).
>> Josh

>> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm <
>> thatoneguyst...@gmail.com > wrote:

>>> that request, lacking my fundamental understanding of the terminology, 
>>> would be
>>> phrased how?

>>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird < joshba...@gmail.com > wrote:

>>>> Yes, it requires your upstream to support a blackhole BGP community. This 
>>>> allows
>>>> you to advertise host routes (/32 or smaller) to them using a specific BGP
>>>> community when you want your ISP to drop all traffic for the prefix before 
>>>> it
>>>> reaches you. This is -very- useful for DDoS defense.
>>>> Josh

>>>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm <
>>>> thatoneguyst...@gmail.com > wrote:

>>>>> That requires something specific?
>>>>> On May 14, 2016 7:33 AM, "Erich Kaiser" < er...@northcentraltower.com > 
>>>>> wrote:

>>>>>> We have started requiring our upstreams to filter by ASN vs Netblock. We 
>>>>>> are
>>>>>> moving away from upstreams that do not utilize IRR Entries and require
>>>>>> intervention every time we want to make a change, but it is continuous 
>>>>>> for us,
>>>>>> so for most guys the one time setup is not a big deal, plus the upstream 
>>>>>> has to
>>>>>> be trusting enough that we will have the correct filtering on our end.

>>>>>> Steve, I would add Blackhole BGP community or session to your list.

>>>>>> Erich Kaiser
>>>>>> The Fusion Network
>>>>>> er...@gotfusion.net
>>>>>> Office: 630-621-4804
>>>>>> Cell: 630-777-9291
>>>>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart < p...@paulstewart.org > 
>>>>>> wrote:

>>>>>>> Or, quite a number of carriers (especially in APAC, some carriers in 
>>>>>>> Canada, a
>>>>>>> few in the US, and definitely a large number in Europe) will say “do 
>>>>>>> you have
>>>>>>> an IRR entry at RADB?” and if you say yes then they will use the route 
>>>>>>> object
>>>>>>> information but if you say no then they will tell you to open a ticket 
>>>>>>> with
>>>>>>> their NOC each time you have a prefix to add/remove ….

>>>>>>> I’m actually surprised by the number of transit providers that don’t’ 
>>>>>>> support
>>>>>>> automation via IRR

>>>>>>> Paul

>>>>>>> From: Af [mailto: af-boun...@afmug.com ] On Behalf Of Faisal Imtiaz
>>>>>>> Sent: May 13, 2016 9:25 PM
>>>>>>> To: af@afmug.com
>>>>>>> Subject: Re: [AFMUG] Upstream BGP Questionairre

>>>>>>> Let me clarify this a bit more...

>>>>>>> You are recommending that one creates it's own AS Object in the 
>>>>>>> IRR..(aka learns
>>>>>>> and manages their own RR entries) (it really does not matter which IRR 
>>>>>>> it is,
>>>>>>> at the end of the day they are all sort of synced, it is only a 
>>>>>>> question of who
>>>>>>> is maintaining it, and who can provide help to newbies). .. BTW, I 
>>>>>>> agree with
>>>>>>> this.. however 

>>>>>>> Cause at the end of the day, someone in the up-stream is very 

Re: [AFMUG] Upstream BGP Questionairre

[Carl Peterson]

For #3, I generally ask for full route + a default.  The default is for
default information originate for OSPF.  If there isn't a default in the
routing table, my edge router won't advertise a default to non-bgb ospf
peers.  You don't want a static default in case the peer goes down.



On Mon, May 16, 2016 at 7:20 AM, Josh Baird <joshba...@gmail.com> wrote:

> Many providers refer to this as 'RTBH' (remotely triggered blackhole
> filtering).
>
> Josh
>
> On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm <
> thatoneguyst...@gmail.com> wrote:
>
>> that request, lacking my fundamental understanding of the terminology,
>> would be phrased how?
>>
>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com> wrote:
>>
>>> Yes, it requires your upstream to support a blackhole BGP community.
>>> This allows you to advertise host routes (/32 or smaller) to them using a
>>> specific BGP community when you want your ISP to drop all traffic for the
>>> prefix before it reaches you.  This is -very- useful for DDoS defense.
>>>
>>> Josh
>>>
>>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm <
>>> thatoneguyst...@gmail.com> wrote:
>>>
>>>> That requires something specific?
>>>> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com>
>>>> wrote:
>>>>
>>>>> We have started requiring our upstreams to filter by ASN vs Netblock.
>>>>> We are moving away from upstreams that do not utilize IRR Entries and
>>>>> require intervention every time we want to make a change, but it is
>>>>> continuous for us, so for most guys the one time setup is not a big deal,
>>>>> plus the upstream has to be trusting enough that we will have the correct
>>>>> filtering on our end.
>>>>>
>>>>> Steve, I would add Blackhole BGP community or session to your list.
>>>>>
>>>>> Erich Kaiser
>>>>> The Fusion Network
>>>>> er...@gotfusion.net
>>>>> Office: 630-621-4804
>>>>> Cell: 630-777-9291
>>>>>
>>>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org>
>>>>> wrote:
>>>>>
>>>>>> Or, quite a number of carriers (especially in APAC, some carriers in
>>>>>> Canada, a few in the US, and definitely a large number in Europe) will 
>>>>>> say
>>>>>> “do you have an IRR entry at RADB?” and if you say yes then they will use
>>>>>> the route object information but if you say no then they will tell you to
>>>>>> open a ticket with their NOC each time you have a prefix to add/remove ….
>>>>>>
>>>>>>
>>>>>>
>>>>>> I’m actually surprised by the number of transit providers that don’t’
>>>>>> support automation via IRR
>>>>>>
>>>>>>
>>>>>>
>>>>>> Paul
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Faisal Imtiaz
>>>>>> *Sent:* May 13, 2016 9:25 PM
>>>>>> *To:* af@afmug.com
>>>>>> *Subject:* Re: [AFMUG] Upstream BGP Questionairre
>>>>>>
>>>>>>
>>>>>>
>>>>>> Let me clarify this a bit more...
>>>>>>
>>>>>>
>>>>>>
>>>>>> You are recommending that one creates it's own AS Object in the
>>>>>> IRR..(aka learns and manages their own RR entries) (it really does not
>>>>>> matter which IRR it is, at the end of the day they are all sort of 
>>>>>> synced,
>>>>>> it is only a question of who is maintaining it, and who can provide help 
>>>>>> to
>>>>>> newbies). .. BTW, I agree with this.. however 
>>>>>>
>>>>>>
>>>>>>
>>>>>> Cause at the end of the day, someone in the up-stream is very likely
>>>>>> to create the record for you, if it is needed by them...
>>>>>>
>>>>>> This is one of those things that most carriers find... "too much
>>>>>> trouble to teach vs just do it for that network !"
>>>>>>
>>>>>>
>>

Re: [AFMUG] Upstream BGP Questionairre

[Josh Baird]

Many providers refer to this as 'RTBH' (remotely triggered blackhole
filtering).

Josh

On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> that request, lacking my fundamental understanding of the terminology,
> would be phrased how?
>
> On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com> wrote:
>
>> Yes, it requires your upstream to support a blackhole BGP community.
>> This allows you to advertise host routes (/32 or smaller) to them using a
>> specific BGP community when you want your ISP to drop all traffic for the
>> prefix before it reaches you.  This is -very- useful for DDoS defense.
>>
>> Josh
>>
>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> That requires something specific?
>>> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com>
>>> wrote:
>>>
>>>> We have started requiring our upstreams to filter by ASN vs Netblock.
>>>> We are moving away from upstreams that do not utilize IRR Entries and
>>>> require intervention every time we want to make a change, but it is
>>>> continuous for us, so for most guys the one time setup is not a big deal,
>>>> plus the upstream has to be trusting enough that we will have the correct
>>>> filtering on our end.
>>>>
>>>> Steve, I would add Blackhole BGP community or session to your list.
>>>>
>>>> Erich Kaiser
>>>> The Fusion Network
>>>> er...@gotfusion.net
>>>> Office: 630-621-4804
>>>> Cell: 630-777-9291
>>>>
>>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org>
>>>> wrote:
>>>>
>>>>> Or, quite a number of carriers (especially in APAC, some carriers in
>>>>> Canada, a few in the US, and definitely a large number in Europe) will say
>>>>> “do you have an IRR entry at RADB?” and if you say yes then they will use
>>>>> the route object information but if you say no then they will tell you to
>>>>> open a ticket with their NOC each time you have a prefix to add/remove ….
>>>>>
>>>>>
>>>>>
>>>>> I’m actually surprised by the number of transit providers that don’t’
>>>>> support automation via IRR
>>>>>
>>>>>
>>>>>
>>>>> Paul
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Faisal Imtiaz
>>>>> *Sent:* May 13, 2016 9:25 PM
>>>>> *To:* af@afmug.com
>>>>> *Subject:* Re: [AFMUG] Upstream BGP Questionairre
>>>>>
>>>>>
>>>>>
>>>>> Let me clarify this a bit more...
>>>>>
>>>>>
>>>>>
>>>>> You are recommending that one creates it's own AS Object in the
>>>>> IRR..(aka learns and manages their own RR entries) (it really does not
>>>>> matter which IRR it is, at the end of the day they are all sort of synced,
>>>>> it is only a question of who is maintaining it, and who can provide help 
>>>>> to
>>>>> newbies). .. BTW, I agree with this.. however 
>>>>>
>>>>>
>>>>>
>>>>> Cause at the end of the day, someone in the up-stream is very likely
>>>>> to create the record for you, if it is needed by them...
>>>>>
>>>>> This is one of those things that most carriers find... "too much
>>>>> trouble to teach vs just do it for that network !"
>>>>>
>>>>>
>>>>>
>>>>> :)
>>>>>
>>>>>
>>>>>
>>>>> Regards.
>>>>>
>>>>>
>>>>>
>>>>> Faisal Imtiaz
>>>>> Snappy Internet & Telecom
>>>>> 7266 SW 48 Street
>>>>> Miami, FL 33155
>>>>> Tel: 305 663 5518 x 232
>>>>>
>>>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> *From: *"George Skorup" <geo...@cbcast.com>
>>>>> *To: *af@afmug.com
>>>>> *Sent: *Friday, May 13, 20

Re: [AFMUG] Upstream BGP Questionairre

[Cassidy B. Larson]

I wish more upstreams auto-generated their prefix and as-path filters 
automatically from registry records.
I hate submitting tickets for something that could be automated on their end :).


> On May 15, 2016, at 10:02 PM, Justin Wilson <li...@mtin.net> wrote:
> 
> I did a blog post awhile back on routing registries:
> 
> http://www.mtin.net/blog/?p=245 <http://www.mtin.net/blog/?p=245>
> 
> 
> Justin Wilson
> j...@mtin.net <mailto:j...@mtin.net>
> 
> ---
> http://www.mtin.net <http://www.mtin.net/> Owner/CEO
> xISP Solutions- Consulting – Data Centers - Bandwidth
> 
> http://www.midwest-ix.com <http://www.midwest-ix.com/>  COO/Chairman
> Internet Exchange - Peering - Distributed Fabric
> 
>> On May 15, 2016, at 11:18 PM, That One Guy /sarcasm 
>> <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote:
>> 
>> I am glad someone brought this up, i assumed this was a part in parcel thing 
>> with BGP. I know one of our upstreams this wont be an issue with. The other, 
>> well I have had to talk them through configuring things. I am beginning to 
>> think I made a mistake in not learning anything BGP. I thought it was best 
>> that way so I wouldnt screw shit up. but as we are getting closer to D day, 
>> I see, we are going to end up fucked for a period. and not that happy " I 
>> love you baby" f*%#ed. more along the lines of " did we start with a condom? 
>> Cause there isnt a condom" f*&^%d.
>> 
>> On Sun, May 15, 2016 at 10:10 PM, Faisal Imtiaz <fai...@snappytelecom.net 
>> <mailto:fai...@snappytelecom.net>> wrote:
>> There is a bit of if and but invovled here...
>> 
>> having said that the best way is to ask the basic question, to your 
>> upstream:-
>> 
>> A) Do you support  Blackhole Community ?
>> 
>> B) If yes, what is it ? and is there any setup / configuration required for 
>> my bgp session ?
>> 
>> ==
>> If you are dealing with a named upstream, you can find a lot of their 
>> communities listed here
>> 
>> http://onestep.net/communities/ <http://onestep.net/communities/>
>> 
>> ==
>> 
>> 
>> Regards
>> 
>> Faisal Imtiaz
>> Snappy Internet & Telecom
>> 7266 SW 48 Street
>> Miami, FL 33155
>> Tel: 305 663 5518 x 232 <tel:305%20663%205518%20x%20232>
>> 
>> Help-desk: (305)663-5518 <tel:%28305%29663-5518> Option 2 or Email: 
>> supp...@snappytelecom.net <mailto:supp...@snappytelecom.net>
>> 
>> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com 
>> <mailto:thatoneguyst...@gmail.com>>
>> To: af@afmug.com <mailto:af@afmug.com>
>> Sent: Sunday, May 15, 2016 10:21:44 PM
>> Subject: Re: [AFMUG] Upstream BGP Questionairre
>> that request, lacking my fundamental understanding of the terminology, would 
>> be phrased how?
>> 
>> On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com 
>> <mailto:joshba...@gmail.com>> wrote:
>> Yes, it requires your upstream to support a blackhole BGP community.  This 
>> allows you to advertise host routes (/32 or smaller) to them using a 
>> specific BGP community when you want your ISP to drop all traffic for the 
>> prefix before it reaches you.  This is -very- useful for DDoS defense.
>> Josh
>> 
>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm 
>> <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote:
>> That requires something specific?
>> 
>> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com 
>> <mailto:er...@northcentraltower.com>> wrote:
>> We have started requiring our upstreams to filter by ASN vs Netblock.  We 
>> are moving away from upstreams that do not utilize IRR Entries and require 
>> intervention every time we want to make a change, but it is continuous for 
>> us, so for most guys the one time setup is not a big deal, plus the upstream 
>> has to be trusting enough that we will have the correct filtering on our end.
>> 
>> Steve, I would add Blackhole BGP community or session to your list.
>> 
>> Erich Kaiser
>> The Fusion Network
>> er...@gotfusion.net <mailto:er...@gotfusion.net>
>> Office: 630-621-4804 
>> Cell: 630-777-9291 
>> 
>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org 
>> <mailto:p...@paulstewart.org>> wrote:
>> Or, quite a number of carriers (especially in APAC, some car

Re: [AFMUG] Upstream BGP Questionairre

[Justin Wilson]

I did a blog post awhile back on routing registries:

http://www.mtin.net/blog/?p=245 <http://www.mtin.net/blog/?p=245>


Justin Wilson
j...@mtin.net

---
http://www.mtin.net Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth

http://www.midwest-ix.com  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

> On May 15, 2016, at 11:18 PM, That One Guy /sarcasm 
> <thatoneguyst...@gmail.com> wrote:
> 
> I am glad someone brought this up, i assumed this was a part in parcel thing 
> with BGP. I know one of our upstreams this wont be an issue with. The other, 
> well I have had to talk them through configuring things. I am beginning to 
> think I made a mistake in not learning anything BGP. I thought it was best 
> that way so I wouldnt screw shit up. but as we are getting closer to D day, I 
> see, we are going to end up fucked for a period. and not that happy " I love 
> you baby" f*%#ed. more along the lines of " did we start with a condom? Cause 
> there isnt a condom" f*&^%d.
> 
> On Sun, May 15, 2016 at 10:10 PM, Faisal Imtiaz <fai...@snappytelecom.net 
> <mailto:fai...@snappytelecom.net>> wrote:
> There is a bit of if and but invovled here...
> 
> having said that the best way is to ask the basic question, to your upstream:-
> 
> A) Do you support  Blackhole Community ?
> 
> B) If yes, what is it ? and is there any setup / configuration required for 
> my bgp session ? 
> 
> ==
> If you are dealing with a named upstream, you can find a lot of their 
> communities listed here
> 
> http://onestep.net/communities/ <http://onestep.net/communities/>
> 
> ==
> 
> 
> Regards
> 
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232 <tel:305%20663%205518%20x%20232>
> 
> Help-desk: (305)663-5518 <tel:%28305%29663-5518> Option 2 or Email: 
> supp...@snappytelecom.net
> 
> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com 
> <mailto:thatoneguyst...@gmail.com>>
> To: af@afmug.com <mailto:af@afmug.com>
> Sent: Sunday, May 15, 2016 10:21:44 PM
> Subject: Re: [AFMUG] Upstream BGP Questionairre
> that request, lacking my fundamental understanding of the terminology, would 
> be phrased how?
> 
> On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com 
> <mailto:joshba...@gmail.com>> wrote:
> Yes, it requires your upstream to support a blackhole BGP community.  This 
> allows you to advertise host routes (/32 or smaller) to them using a specific 
> BGP community when you want your ISP to drop all traffic for the prefix 
> before it reaches you.  This is -very- useful for DDoS defense.
> Josh
> 
> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm 
> <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote:
> That requires something specific?
> 
> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com 
> <mailto:er...@northcentraltower.com>> wrote:
> We have started requiring our upstreams to filter by ASN vs Netblock.  We are 
> moving away from upstreams that do not utilize IRR Entries and require 
> intervention every time we want to make a change, but it is continuous for 
> us, so for most guys the one time setup is not a big deal, plus the upstream 
> has to be trusting enough that we will have the correct filtering on our end.
> 
> Steve, I would add Blackhole BGP community or session to your list.
> 
> Erich Kaiser
> The Fusion Network
> er...@gotfusion.net <mailto:er...@gotfusion.net>
> Office: 630-621-4804 
> Cell: 630-777-9291 
> 
> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org 
> <mailto:p...@paulstewart.org>> wrote:
> Or, quite a number of carriers (especially in APAC, some carriers in Canada, 
> a few in the US, and definitely a large number in Europe) will say “do you 
> have an IRR entry at RADB?” and if you say yes then they will use the route 
> object information but if you say no then they will tell you to open a ticket 
> with their NOC each time you have a prefix to add/remove ….
> 
>  
> I’m actually surprised by the number of transit providers that don’t’ support 
> automation via IRR
> 
>  
> Paul
> 
>  
>  
> From: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com>] On 
> Behalf Of Faisal Imtiaz
> Sent: May 13, 2016 9:25 PM
> To: af@afmug.com <mailto:af@afmug.com>
> Subject: Re: [AFMUG] Upstream BGP Questionairre
> 
>  
> Let me clarify this a bit more...
> 
>  
> You are recommending that one creates it's own AS Object in t

Re: [AFMUG] Upstream BGP Questionairre

[That One Guy /sarcasm]

I am glad someone brought this up, i assumed this was a part in parcel
thing with BGP. I know one of our upstreams this wont be an issue with. The
other, well I have had to talk them through configuring things. I am
beginning to think I made a mistake in not learning anything BGP. I thought
it was best that way so I wouldnt screw shit up. but as we are getting
closer to D day, I see, we are going to end up fucked for a period. and not
that happy " I love you baby" f*%#ed. more along the lines of " did we
start with a condom? Cause there isnt a condom" f*&^%d.

On Sun, May 15, 2016 at 10:10 PM, Faisal Imtiaz <fai...@snappytelecom.net>
wrote:

> There is a bit of if and but invovled here...
>
> having said that the best way is to ask the basic question, to your
> upstream:-
>
> A) Do you support  Blackhole Community ?
>
> B) If yes, what is it ? and is there any setup / configuration required
> for my bgp session ?
>
> ==
> If you are dealing with a named upstream, you can find a lot of their
> communities listed here
>
> http://onestep.net/communities/
>
> ==
>
>
> Regards
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232
>
> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>
> --
>
> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
> *To: *af@afmug.com
> *Sent: *Sunday, May 15, 2016 10:21:44 PM
> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>
> that request, lacking my fundamental understanding of the terminology,
> would be phrased how?
>
> On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com> wrote:
>
>> Yes, it requires your upstream to support a blackhole BGP community.
>> This allows you to advertise host routes (/32 or smaller) to them using a
>> specific BGP community when you want your ISP to drop all traffic for the
>> prefix before it reaches you.  This is -very- useful for DDoS defense.
>> Josh
>>
>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm <
>> thatoneguyst...@gmail.com> wrote:
>>
>>> That requires something specific?
>>> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com>
>>> wrote:
>>>
>>>> We have started requiring our upstreams to filter by ASN vs Netblock.
>>>> We are moving away from upstreams that do not utilize IRR Entries and
>>>> require intervention every time we want to make a change, but it is
>>>> continuous for us, so for most guys the one time setup is not a big deal,
>>>> plus the upstream has to be trusting enough that we will have the correct
>>>> filtering on our end.
>>>>
>>>> Steve, I would add Blackhole BGP community or session to your list.
>>>>
>>>> Erich Kaiser
>>>> The Fusion Network
>>>> er...@gotfusion.net
>>>> Office: 630-621-4804
>>>> Cell: 630-777-9291
>>>>
>>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org>
>>>> wrote:
>>>>
>>>>> Or, quite a number of carriers (especially in APAC, some carriers in
>>>>> Canada, a few in the US, and definitely a large number in Europe) will say
>>>>> “do you have an IRR entry at RADB?” and if you say yes then they will use
>>>>> the route object information but if you say no then they will tell you to
>>>>> open a ticket with their NOC each time you have a prefix to add/remove ….
>>>>>
>>>>>
>>>>>
>>>>> I’m actually surprised by the number of transit providers that don’t’
>>>>> support automation via IRR
>>>>>
>>>>>
>>>>>
>>>>> Paul
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Faisal Imtiaz
>>>>> *Sent:* May 13, 2016 9:25 PM
>>>>> *To:* af@afmug.com
>>>>> *Subject:* Re: [AFMUG] Upstream BGP Questionairre
>>>>>
>>>>>
>>>>>
>>>>> Let me clarify this a bit more...
>>>>>
>>>>>
>>>>>
>>>>> You are recommending that one creates it's own AS Object in the
>>>>> IRR..(aka learns and manages their own RR entries) (it really does not
>>>>> matter which IRR it is, at the end of the day 

Re: [AFMUG] Upstream BGP Questionairre

[Faisal Imtiaz]

There is a bit of if and but invovled here... 

having said that the best way is to ask the basic question, to your upstream:- 

A) Do you support Blackhole Community ? 

B) If yes, what is it ? and is there any setup / configuration required for my 
bgp session ? 

== 
If you are dealing with a named upstream, you can find a lot of their 
communities listed here 

http://onestep.net/communities/ 

== 

Regards 

Faisal Imtiaz 
Snappy Internet & Telecom 
7266 SW 48 Street 
Miami, FL 33155 
Tel: 305 663 5518 x 232 

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
> To: af@afmug.com
> Sent: Sunday, May 15, 2016 10:21:44 PM
> Subject: Re: [AFMUG] Upstream BGP Questionairre

> that request, lacking my fundamental understanding of the terminology, would 
> be
> phrased how?

> On Sat, May 14, 2016 at 5:56 PM, Josh Baird < joshba...@gmail.com > wrote:

>> Yes, it requires your upstream to support a blackhole BGP community. This 
>> allows
>> you to advertise host routes (/32 or smaller) to them using a specific BGP
>> community when you want your ISP to drop all traffic for the prefix before it
>> reaches you. This is -very- useful for DDoS defense.
>> Josh

>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm <
>> thatoneguyst...@gmail.com > wrote:

>>> That requires something specific?
>>> On May 14, 2016 7:33 AM, "Erich Kaiser" < er...@northcentraltower.com > 
>>> wrote:

>>>> We have started requiring our upstreams to filter by ASN vs Netblock. We 
>>>> are
>>>> moving away from upstreams that do not utilize IRR Entries and require
>>>> intervention every time we want to make a change, but it is continuous for 
>>>> us,
>>>> so for most guys the one time setup is not a big deal, plus the upstream 
>>>> has to
>>>> be trusting enough that we will have the correct filtering on our end.

>>>> Steve, I would add Blackhole BGP community or session to your list.

>>>> Erich Kaiser
>>>> The Fusion Network
>>>> er...@gotfusion.net
>>>> Office: 630-621-4804
>>>> Cell: 630-777-9291

>>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart < p...@paulstewart.org > 
>>>> wrote:

>>>>> Or, quite a number of carriers (especially in APAC, some carriers in 
>>>>> Canada, a
>>>>> few in the US, and definitely a large number in Europe) will say “do you 
>>>>> have
>>>>> an IRR entry at RADB?” and if you say yes then they will use the route 
>>>>> object
>>>>> information but if you say no then they will tell you to open a ticket 
>>>>> with
>>>>> their NOC each time you have a prefix to add/remove ….

>>>>> I’m actually surprised by the number of transit providers that don’t’ 
>>>>> support
>>>>> automation via IRR

>>>>> Paul

>>>>> From: Af [mailto: af-boun...@afmug.com ] On Behalf Of Faisal Imtiaz
>>>>> Sent: May 13, 2016 9:25 PM
>>>>> To: af@afmug.com
>>>>> Subject: Re: [AFMUG] Upstream BGP Questionairre

>>>>> Let me clarify this a bit more...

>>>>> You are recommending that one creates it's own AS Object in the IRR..(aka 
>>>>> learns
>>>>> and manages their own RR entries) (it really does not matter which IRR it 
>>>>> is,
>>>>> at the end of the day they are all sort of synced, it is only a question 
>>>>> of who
>>>>> is maintaining it, and who can provide help to newbies). .. BTW, I agree 
>>>>> with
>>>>> this.. however 

>>>>> Cause at the end of the day, someone in the up-stream is very likely to 
>>>>> create
>>>>> the record for you, if it is needed by them...

>>>>> This is one of those things that most carriers find... "too much trouble 
>>>>> to
>>>>> teach vs just do it for that network !"

>>>>> :)

>>>>> Regards.

>>>>> Faisal Imtiaz
>>>>> Snappy Internet & Telecom
>>>>> 7266 SW 48 Street
>>>>> Miami, FL 33155
>>>>> Tel: 305 663 5518 x 232

>>>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net

>>>>>> From: "George Skorup" < geo...@cbcast.com >
>>>>>> To: a

Re: [AFMUG] Upstream BGP Questionairre

[That One Guy /sarcasm]

that request, lacking my fundamental understanding of the terminology,
would be phrased how?

On Sat, May 14, 2016 at 5:56 PM, Josh Baird <joshba...@gmail.com> wrote:

> Yes, it requires your upstream to support a blackhole BGP community.  This
> allows you to advertise host routes (/32 or smaller) to them using a
> specific BGP community when you want your ISP to drop all traffic for the
> prefix before it reaches you.  This is -very- useful for DDoS defense.
>
> Josh
>
> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm <
> thatoneguyst...@gmail.com> wrote:
>
>> That requires something specific?
>> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com>
>> wrote:
>>
>>> We have started requiring our upstreams to filter by ASN vs Netblock.
>>> We are moving away from upstreams that do not utilize IRR Entries and
>>> require intervention every time we want to make a change, but it is
>>> continuous for us, so for most guys the one time setup is not a big deal,
>>> plus the upstream has to be trusting enough that we will have the correct
>>> filtering on our end.
>>>
>>> Steve, I would add Blackhole BGP community or session to your list.
>>>
>>> Erich Kaiser
>>> The Fusion Network
>>> er...@gotfusion.net
>>> Office: 630-621-4804
>>> Cell: 630-777-9291
>>>
>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org>
>>> wrote:
>>>
>>>> Or, quite a number of carriers (especially in APAC, some carriers in
>>>> Canada, a few in the US, and definitely a large number in Europe) will say
>>>> “do you have an IRR entry at RADB?” and if you say yes then they will use
>>>> the route object information but if you say no then they will tell you to
>>>> open a ticket with their NOC each time you have a prefix to add/remove ….
>>>>
>>>>
>>>>
>>>> I’m actually surprised by the number of transit providers that don’t’
>>>> support automation via IRR
>>>>
>>>>
>>>>
>>>> Paul
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Faisal Imtiaz
>>>> *Sent:* May 13, 2016 9:25 PM
>>>> *To:* af@afmug.com
>>>> *Subject:* Re: [AFMUG] Upstream BGP Questionairre
>>>>
>>>>
>>>>
>>>> Let me clarify this a bit more...
>>>>
>>>>
>>>>
>>>> You are recommending that one creates it's own AS Object in the
>>>> IRR..(aka learns and manages their own RR entries) (it really does not
>>>> matter which IRR it is, at the end of the day they are all sort of synced,
>>>> it is only a question of who is maintaining it, and who can provide help to
>>>> newbies). .. BTW, I agree with this.. however 
>>>>
>>>>
>>>>
>>>> Cause at the end of the day, someone in the up-stream is very likely to
>>>> create the record for you, if it is needed by them...
>>>>
>>>> This is one of those things that most carriers find... "too much
>>>> trouble to teach vs just do it for that network !"
>>>>
>>>>
>>>>
>>>> :)
>>>>
>>>>
>>>>
>>>> Regards.
>>>>
>>>>
>>>>
>>>> Faisal Imtiaz
>>>> Snappy Internet & Telecom
>>>> 7266 SW 48 Street
>>>> Miami, FL 33155
>>>> Tel: 305 663 5518 x 232
>>>>
>>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>>>>
>>>>
>>>> --
>>>>
>>>> *From: *"George Skorup" <geo...@cbcast.com>
>>>> *To: *af@afmug.com
>>>> *Sent: *Friday, May 13, 2016 7:15:26 PM
>>>> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>>>>
>>>> I recommend adding your route or AS objects in ARIN's IRR. Merit RADb
>>>> is not free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway.
>>>>
>>>> On 5/13/2016 3:49 PM, Faisal Imtiaz wrote:
>>>>
>>>> See answers in-line below:-
>>>>
>>>>
>>>>
>>>> Faisal Imtiaz
>>>> Snappy Internet & Telecom
>>>> 7266 SW 48 Street
>>>> Miami, FL 33155
>>>&

Re: [AFMUG] Upstream BGP Questionairre

[Josh Baird]

Yes, it requires your upstream to support a blackhole BGP community.  This
allows you to advertise host routes (/32 or smaller) to them using a
specific BGP community when you want your ISP to drop all traffic for the
prefix before it reaches you.  This is -very- useful for DDoS defense.

Josh

On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> That requires something specific?
> On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com>
> wrote:
>
>> We have started requiring our upstreams to filter by ASN vs Netblock.  We
>> are moving away from upstreams that do not utilize IRR Entries and require
>> intervention every time we want to make a change, but it is continuous for
>> us, so for most guys the one time setup is not a big deal, plus the
>> upstream has to be trusting enough that we will have the correct filtering
>> on our end.
>>
>> Steve, I would add Blackhole BGP community or session to your list.
>>
>> Erich Kaiser
>> The Fusion Network
>> er...@gotfusion.net
>> Office: 630-621-4804
>> Cell: 630-777-9291
>>
>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org>
>> wrote:
>>
>>> Or, quite a number of carriers (especially in APAC, some carriers in
>>> Canada, a few in the US, and definitely a large number in Europe) will say
>>> “do you have an IRR entry at RADB?” and if you say yes then they will use
>>> the route object information but if you say no then they will tell you to
>>> open a ticket with their NOC each time you have a prefix to add/remove ….
>>>
>>>
>>>
>>> I’m actually surprised by the number of transit providers that don’t’
>>> support automation via IRR
>>>
>>>
>>>
>>> Paul
>>>
>>>
>>>
>>>
>>>
>>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Faisal Imtiaz
>>> *Sent:* May 13, 2016 9:25 PM
>>> *To:* af@afmug.com
>>> *Subject:* Re: [AFMUG] Upstream BGP Questionairre
>>>
>>>
>>>
>>> Let me clarify this a bit more...
>>>
>>>
>>>
>>> You are recommending that one creates it's own AS Object in the
>>> IRR..(aka learns and manages their own RR entries) (it really does not
>>> matter which IRR it is, at the end of the day they are all sort of synced,
>>> it is only a question of who is maintaining it, and who can provide help to
>>> newbies). .. BTW, I agree with this.. however 
>>>
>>>
>>>
>>> Cause at the end of the day, someone in the up-stream is very likely to
>>> create the record for you, if it is needed by them...
>>>
>>> This is one of those things that most carriers find... "too much trouble
>>> to teach vs just do it for that network !"
>>>
>>>
>>>
>>> :)
>>>
>>>
>>>
>>> Regards.
>>>
>>>
>>>
>>> Faisal Imtiaz
>>> Snappy Internet & Telecom
>>> 7266 SW 48 Street
>>> Miami, FL 33155
>>> Tel: 305 663 5518 x 232
>>>
>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>>>
>>>
>>> --
>>>
>>> *From: *"George Skorup" <geo...@cbcast.com>
>>> *To: *af@afmug.com
>>> *Sent: *Friday, May 13, 2016 7:15:26 PM
>>> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>>>
>>> I recommend adding your route or AS objects in ARIN's IRR. Merit RADb is
>>> not free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway.
>>>
>>> On 5/13/2016 3:49 PM, Faisal Imtiaz wrote:
>>>
>>> See answers in-line below:-
>>>
>>>
>>>
>>> Faisal Imtiaz
>>> Snappy Internet & Telecom
>>> 7266 SW 48 Street
>>> Miami, FL 33155
>>> Tel: 305 663 5518 x 232
>>>
>>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>>>
>>>
>>> --
>>>
>>> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
>>> <thatoneguyst...@gmail.com>
>>> *To: *af@afmug.com
>>> *Sent: *Friday, May 13, 2016 11:35:10 AM
>>> *Subject: *[AFMUG] Upstream BGP Questionairre
>>>
>>> Im going to expose the breadth of my incompetence here, but there are
>>> some questions in this document I want to make sure i

Re: [AFMUG] Upstream BGP Questionairre

[That One Guy /sarcasm]

That requires something specific?
On May 14, 2016 7:33 AM, "Erich Kaiser" <er...@northcentraltower.com> wrote:

> We have started requiring our upstreams to filter by ASN vs Netblock.  We
> are moving away from upstreams that do not utilize IRR Entries and require
> intervention every time we want to make a change, but it is continuous for
> us, so for most guys the one time setup is not a big deal, plus the
> upstream has to be trusting enough that we will have the correct filtering
> on our end.
>
> Steve, I would add Blackhole BGP community or session to your list.
>
> Erich Kaiser
> The Fusion Network
> er...@gotfusion.net
> Office: 630-621-4804
> Cell: 630-777-9291
>
> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org>
> wrote:
>
>> Or, quite a number of carriers (especially in APAC, some carriers in
>> Canada, a few in the US, and definitely a large number in Europe) will say
>> “do you have an IRR entry at RADB?” and if you say yes then they will use
>> the route object information but if you say no then they will tell you to
>> open a ticket with their NOC each time you have a prefix to add/remove ….
>>
>>
>>
>> I’m actually surprised by the number of transit providers that don’t’
>> support automation via IRR
>>
>>
>>
>> Paul
>>
>>
>>
>>
>>
>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Faisal Imtiaz
>> *Sent:* May 13, 2016 9:25 PM
>> *To:* af@afmug.com
>> *Subject:* Re: [AFMUG] Upstream BGP Questionairre
>>
>>
>>
>> Let me clarify this a bit more...
>>
>>
>>
>> You are recommending that one creates it's own AS Object in the IRR..(aka
>> learns and manages their own RR entries) (it really does not matter which
>> IRR it is, at the end of the day they are all sort of synced, it is only a
>> question of who is maintaining it, and who can provide help to newbies). ..
>> BTW, I agree with this.. however 
>>
>>
>>
>> Cause at the end of the day, someone in the up-stream is very likely to
>> create the record for you, if it is needed by them...
>>
>> This is one of those things that most carriers find... "too much trouble
>> to teach vs just do it for that network !"
>>
>>
>>
>> :)
>>
>>
>>
>> Regards.
>>
>>
>>
>> Faisal Imtiaz
>> Snappy Internet & Telecom
>> 7266 SW 48 Street
>> Miami, FL 33155
>> Tel: 305 663 5518 x 232
>>
>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>>
>>
>> --
>>
>> *From: *"George Skorup" <geo...@cbcast.com>
>> *To: *af@afmug.com
>> *Sent: *Friday, May 13, 2016 7:15:26 PM
>> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>>
>> I recommend adding your route or AS objects in ARIN's IRR. Merit RADb is
>> not free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway.
>>
>> On 5/13/2016 3:49 PM, Faisal Imtiaz wrote:
>>
>> See answers in-line below:-
>>
>>
>>
>> Faisal Imtiaz
>> Snappy Internet & Telecom
>> 7266 SW 48 Street
>> Miami, FL 33155
>> Tel: 305 663 5518 x 232
>>
>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>>
>>
>> --
>>
>> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
>> <thatoneguyst...@gmail.com>
>> *To: *af@afmug.com
>> *Sent: *Friday, May 13, 2016 11:35:10 AM
>> *Subject: *[AFMUG] Upstream BGP Questionairre
>>
>> Im going to expose the breadth of my incompetence here, but there are
>> some questions in this document I want to make sure im answering accurately
>>
>> 1. Are you the owner of the AS Number with RIR- This im assuming is our
>> ARIN direct allocation?
>>
>> They are asking if you have a AS # assigned to you from ... (would be
>> ARIN for North America).
>>
>> 2. Are you registered with an Internet Routing Registry? - Im not sure
>> what this is, is this also ARIN or do I need to register something
>> elsewhere?
>>
>> Routing Registry it is a way to build authorized prefixes from a
>> DataBase...
>>
>> You can read up about it from here
>> https://www.arin.net/resources/routing/
>>
>>
>> Justin Wilson did a blog about it too... http://www.mtin.net/blog/?p=245
>>
>>
>>
>> and yes ARIN also provides a Routing Registry Service ... (along with a

Re: [AFMUG] Upstream BGP Questionairre

[Erich Kaiser]

We have started requiring our upstreams to filter by ASN vs Netblock.  We
are moving away from upstreams that do not utilize IRR Entries and require
intervention every time we want to make a change, but it is continuous for
us, so for most guys the one time setup is not a big deal, plus the
upstream has to be trusting enough that we will have the correct filtering
on our end.

Steve, I would add Blackhole BGP community or session to your list.

Erich Kaiser
The Fusion Network
er...@gotfusion.net
Office: 630-621-4804
Cell: 630-777-9291

On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <p...@paulstewart.org> wrote:

> Or, quite a number of carriers (especially in APAC, some carriers in
> Canada, a few in the US, and definitely a large number in Europe) will say
> “do you have an IRR entry at RADB?” and if you say yes then they will use
> the route object information but if you say no then they will tell you to
> open a ticket with their NOC each time you have a prefix to add/remove ….
>
>
>
> I’m actually surprised by the number of transit providers that don’t’
> support automation via IRR
>
>
>
> Paul
>
>
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Faisal Imtiaz
> *Sent:* May 13, 2016 9:25 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Upstream BGP Questionairre
>
>
>
> Let me clarify this a bit more...
>
>
>
> You are recommending that one creates it's own AS Object in the IRR..(aka
> learns and manages their own RR entries) (it really does not matter which
> IRR it is, at the end of the day they are all sort of synced, it is only a
> question of who is maintaining it, and who can provide help to newbies). ..
> BTW, I agree with this.. however 
>
>
>
> Cause at the end of the day, someone in the up-stream is very likely to
> create the record for you, if it is needed by them...
>
> This is one of those things that most carriers find... "too much trouble
> to teach vs just do it for that network !"
>
>
>
> :)
>
>
>
> Regards.
>
>
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232
>
> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>
>
> --
>
> *From: *"George Skorup" <geo...@cbcast.com>
> *To: *af@afmug.com
> *Sent: *Friday, May 13, 2016 7:15:26 PM
> *Subject: *Re: [AFMUG] Upstream BGP Questionairre
>
> I recommend adding your route or AS objects in ARIN's IRR. Merit RADb is
> not free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway.
>
> On 5/13/2016 3:49 PM, Faisal Imtiaz wrote:
>
> See answers in-line below:-
>
>
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232
>
> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>
>
> --
>
> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
> <thatoneguyst...@gmail.com>
> *To: *af@afmug.com
> *Sent: *Friday, May 13, 2016 11:35:10 AM
> *Subject: *[AFMUG] Upstream BGP Questionairre
>
> Im going to expose the breadth of my incompetence here, but there are some
> questions in this document I want to make sure im answering accurately
>
> 1. Are you the owner of the AS Number with RIR- This im assuming is our
> ARIN direct allocation?
>
> They are asking if you have a AS # assigned to you from ... (would be ARIN
> for North America).
>
> 2. Are you registered with an Internet Routing Registry? - Im not sure
> what this is, is this also ARIN or do I need to register something
> elsewhere?
>
> Routing Registry it is a way to build authorized prefixes from a
> DataBase...
>
> You can read up about it from here
> https://www.arin.net/resources/routing/
>
>
> Justin Wilson did a blog about it too... http://www.mtin.net/blog/?p=245
>
>
>
> and yes ARIN also provides a Routing Registry Service ... (along with a
> few others)
>
>
>
> 3. Which type of routes do you want to receive?  - Full routes is what we
> want, but are there caveats in this answer I need to be prepared for?
>
>
>
> No Caveats, as long as your equipment is able to take full routes, then do
> so.
>
>
>
> 4. Do you have downstream ASNs? - I assume this would be customers with
> their own allocations? We currently do not, but do not want to close the
> door on that in the future. Is this something easily updated in the future?
>
> Answer this question in the Present.. (you don't have any so say no)... no
> future door is closed due to this... this is just info asked / collected
&

Re: [AFMUG] Upstream BGP Questionairre

[Paul Stewart]

Or, quite a number of carriers (especially in APAC, some carriers in Canada, a 
few in the US, and definitely a large number in Europe) will say “do you have 
an IRR entry at RADB?” and if you say yes then they will use the route object 
information but if you say no then they will tell you to open a ticket with 
their NOC each time you have a prefix to add/remove …. 

 

I’m actually surprised by the number of transit providers that don’t’ support 
automation via IRR 

 

Paul

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Faisal Imtiaz
Sent: May 13, 2016 9:25 PM
To: af@afmug.com
Subject: Re: [AFMUG] Upstream BGP Questionairre

 

Let me clarify this a bit more...

 

You are recommending that one creates it's own AS Object in the IRR..(aka 
learns and manages their own RR entries) (it really does not matter which IRR 
it is, at the end of the day they are all sort of synced, it is only a question 
of who is maintaining it, and who can provide help to newbies). .. BTW, I agree 
with this.. however 

 

Cause at the end of the day, someone in the up-stream is very likely to create 
the record for you, if it is needed by them...

This is one of those things that most carriers find... "too much trouble to 
teach vs just do it for that network !"

 

:)

 

Regards.

 

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 
<mailto:supp...@snappytelecom.net> 

 

  _  

From: "George Skorup" <geo...@cbcast.com <mailto:geo...@cbcast.com> >
To: af@afmug.com <mailto:af@afmug.com> 
Sent: Friday, May 13, 2016 7:15:26 PM
Subject: Re: [AFMUG] Upstream BGP Questionairre

I recommend adding your route or AS objects in ARIN's IRR. Merit RADb is not 
free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway. 

On 5/13/2016 3:49 PM, Faisal Imtiaz wrote:

See answers in-line below:-

 

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 
<mailto:supp...@snappytelecom.net> 

 


  _  


From: "That One Guy /sarcasm"  <mailto:thatoneguyst...@gmail.com> 
<thatoneguyst...@gmail.com>
To: af@afmug.com <mailto:af@afmug.com> 
Sent: Friday, May 13, 2016 11:35:10 AM
Subject: [AFMUG] Upstream BGP Questionairre

Im going to expose the breadth of my incompetence here, but there are some 
questions in this document I want to make sure im answering accurately

1. Are you the owner of the AS Number with RIR- This im assuming is our ARIN 
direct allocation?

They are asking if you have a AS # assigned to you from ... (would be ARIN for 
North America).

2. Are you registered with an Internet Routing Registry? - Im not sure what 
this is, is this also ARIN or do I need to register something elsewhere?

Routing Registry it is a way to build authorized prefixes from a DataBase...

You can read up about it from here   https://www.arin.net/resources/routing/


Justin Wilson did a blog about it too... http://www.mtin.net/blog/?p=245

 

and yes ARIN also provides a Routing Registry Service ... (along with a few 
others)

 

3. Which type of routes do you want to receive?  - Full routes is what we want, 
but are there caveats in this answer I need to be prepared for?

 

No Caveats, as long as your equipment is able to take full routes, then do so.

 

4. Do you have downstream ASNs? - I assume this would be customers with their 
own allocations? We currently do not, but do not want to close the door on that 
in the future. Is this something easily updated in the future?

Answer this question in the Present.. (you don't have any so say no)... no 
future door is closed due to this... this is just info asked / collected for 
the upstream to be able to build their ACL filters (This is also a flag for 
them to collect your BGP LOA's as well as your Customers to you..)

 

This becomes a mute topic, if you are versed in using the Routing Registry and 
maintaining your own Route Objects etc.

 

5. List all prefixes to be announced so that we can confirm the BGP ACL prior 
to activation: We only have a /22, but we do want the option down the road to 
pull /24 from one provider if need be. Would we list the /24s independently or 
the /22 as the aggregate? 

 

You want to ask them for the following:-

 

xx.xx.xx.xx/22  please use the 'le 24' option with the filter.

 

Note: this will have them build a filter that can accept larger prefixes  
between 24 - 22, so it is not a 'specific' filter... 

 

 

6. MD5 Password: On this is it standard practice to use the same password with 
all providers or different ones?

 

Your choice... either way no big deal, as long as you keep track of them.



-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

 

 

Re: [AFMUG] Upstream BGP Questionairre

[Faisal Imtiaz]

Let me clarify this a bit more... 

You are recommending that one creates it's own AS Object in the IRR..(aka 
learns and manages their own RR entries) (it really does not matter which IRR 
it is, at the end of the day they are all sort of synced, it is only a question 
of who is maintaining it, and who can provide help to newbies). .. BTW, I agree 
with this.. however  

Cause at the end of the day, someone in the up-stream is very likely to create 
the record for you, if it is needed by them... 
This is one of those things that most carriers find... "too much trouble to 
teach vs just do it for that network !" 

:) 

Regards. 

Faisal Imtiaz 
Snappy Internet & Telecom 
7266 SW 48 Street 
Miami, FL 33155 
Tel: 305 663 5518 x 232 

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

> From: "George Skorup" <geo...@cbcast.com>
> To: af@afmug.com
> Sent: Friday, May 13, 2016 7:15:26 PM
> Subject: Re: [AFMUG] Upstream BGP Questionairre

> I recommend adding your route or AS objects in ARIN's IRR. Merit RADb is not
> free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway.

> On 5/13/2016 3:49 PM, Faisal Imtiaz wrote:

>> See answers in-line below:-

>> Faisal Imtiaz
>> Snappy Internet & Telecom
>> 7266 SW 48 Street
>> Miami, FL 33155
>> Tel: 305 663 5518 x 232

>> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net

>>> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
>>> To: af@afmug.com
>>> Sent: Friday, May 13, 2016 11:35:10 AM
>>> Subject: [AFMUG] Upstream BGP Questionairre

>>> Im going to expose the breadth of my incompetence here, but there are some
>>> questions in this document I want to make sure im answering accurately
>>> 1. Are you the owner of the AS Number with RIR- This im assuming is our ARIN
>>> direct allocation?

>> They are asking if you have a AS # assigned to you from ... (would be ARIN 
>> for
>> North America).

>>> 2. Are you registered with an Internet Routing Registry? - Im not sure what 
>>> this
>>> is, is this also ARIN or do I need to register something elsewhere?

>> Routing Registry it is a way to build authorized prefixes from a 
>> DataBase...
>> You can read up about it from here https://www.arin.net/resources/routing/

>> Justin Wilson did a blog about it too... http://www.mtin.net/blog/?p=245

>> and yes ARIN also provides a Routing Registry Service ... (along with a few
>> others)

>>> 3. Which type of routes do you want to receive? - Full routes is what we 
>>> want,
>>> but are there caveats in this answer I need to be prepared for?

>> No Caveats, as long as your equipment is able to take full routes, then do 
>> so.

>>> 4. Do you have downstream ASNs? - I assume this would be customers with 
>>> their
>>> own allocations? We currently do not, but do not want to close the door on 
>>> that
>>> in the future. Is this something easily updated in the future?

>> Answer this question in the Present.. (you don't have any so say no)... no
>> future door is closed due to this... this is just info asked / collected for
>> the upstream to be able to build their ACL filters (This is also a flag 
>> for
>> them to collect your BGP LOA's as well as your Customers to you..)

>> This becomes a mute topic, if you are versed in using the Routing Registry 
>> and
>> maintaining your own Route Objects etc.

>>> 5. List all prefixes to be announced so that we can confirm the BGP ACL 
>>> prior to
>>> activation: We only have a /22, but we do want the option down the road to 
>>> pull
>>> /24 from one provider if need be. Would we list the /24s independently or 
>>> the
>>> /22 as the aggregate?

>> You want to ask them for the following:-

>> xx.xx.xx.xx/22 please use the 'le 24' option with the filter.

>> Note: this will have them build a filter that can accept larger prefixes 
>> between
>> 24 - 22, so it is not a 'specific' filter...

>>> 6. MD5 Password: On this is it standard practice to use the same password 
>>> with
>>> all providers or different ones?

>> Your choice... either way no big deal, as long as you keep track of them.

>>> --
>>> If you only see yourself as part of the team but you don't see your team as 
>>> part
>>> of yourself you have already failed as part of the team.

Re: [AFMUG] Upstream BGP Questionairre

[George Skorup]

I recommend adding your route or AS objects in ARIN's IRR. Merit RADb is 
not free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway.


On 5/13/2016 3:49 PM, Faisal Imtiaz wrote:

See answers in-line below:-

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net



*From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
*To: *af@afmug.com
*Sent: *Friday, May 13, 2016 11:35:10 AM
    *Subject: *[AFMUG] Upstream BGP Questionairre

Im going to expose the breadth of my incompetence here, but there
are some questions in this document I want to make sure im
answering accurately
1. Are you the owner of the AS Number with RIR- This im assuming
is our ARIN direct allocation?

They are asking if you have a AS # assigned to you from ... (would be 
ARIN for North America).


2. Are you registered with an Internet Routing Registry? - Im not
sure what this is, is this also ARIN or do I need to register
something elsewhere?

Routing Registry it is a way to build authorized prefixes from a 
DataBase...
You can read up about it from here 
  https://www.arin.net/resources/routing/


Justin Wilson did a blog about it too... http://www.mtin.net/blog/?p=245

and yes ARIN also provides a Routing Registry Service ... (along with 
a few others)


3. Which type of routes do you want to receive?  - Full routes is
what we want, but are there caveats in this answer I need to be
prepared for?


No Caveats, as long as your equipment is able to take full routes, 
then do so.



4. Do you have downstream ASNs? - I assume this would be customers
with their own allocations? We currently do not, but do not want
to close the door on that in the future. Is this something easily
updated in the future?

Answer this question in the Present.. (you don't have any so say 
no)... no future door is closed due to this... this is just info asked 
/ collected for the upstream to be able to build their ACL filters 
(This is also a flag for them to collect your BGP LOA's as well as 
your Customers to you..)


This becomes a mute topic, if you are versed in using the Routing 
Registry and maintaining your own Route Objects etc.



5. List all prefixes to be announced so that we can confirm the
BGP ACL prior to activation: We only have a /22, but we do want
the option down the road to pull /24 from one provider if need be.
Would we list the /24s independently or the /22 as the aggregate?


You want to ask them for the following:-

xx.xx.xx.xx/22  please use the 'le 24' option with the filter.

Note: this will have them build a filter that can accept larger 
prefixes  between 24 - 22, so it is not a 'specific' filter...



6. MD5 Password: On this is it standard practice to use the same
password with all providers or different ones?

Your choice... either way no big deal, as long as you keep track 
of them.




-- 
If you only see yourself as part of the team but you don't see

your team as part of yourself you have already failed as part of
the team.

Re: [AFMUG] Upstream BGP Questionairre

[Faisal Imtiaz]

See answers in-line below:- 

Faisal Imtiaz 
Snappy Internet & Telecom 
7266 SW 48 Street 
Miami, FL 33155 
Tel: 305 663 5518 x 232 

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
> To: af@afmug.com
> Sent: Friday, May 13, 2016 11:35:10 AM
> Subject: [AFMUG] Upstream BGP Questionairre

> Im going to expose the breadth of my incompetence here, but there are some
> questions in this document I want to make sure im answering accurately
> 1. Are you the owner of the AS Number with RIR- This im assuming is our ARIN
> direct allocation?

They are asking if you have a AS # assigned to you from ... (would be ARIN for 
North America). 

> 2. Are you registered with an Internet Routing Registry? - Im not sure what 
> this
> is, is this also ARIN or do I need to register something elsewhere?

Routing Registry it is a way to build authorized prefixes from a 
DataBase... 
You can read up about it from here https://www.arin.net/resources/routing/ 

Justin Wilson did a blog about it too... http://www.mtin.net/blog/?p=245 

and yes ARIN also provides a Routing Registry Service ... (along with a few 
others) 

> 3. Which type of routes do you want to receive? - Full routes is what we want,
> but are there caveats in this answer I need to be prepared for?

No Caveats, as long as your equipment is able to take full routes, then do so. 

> 4. Do you have downstream ASNs? - I assume this would be customers with their
> own allocations? We currently do not, but do not want to close the door on 
> that
> in the future. Is this something easily updated in the future?

Answer this question in the Present.. (you don't have any so say no)... no 
future door is closed due to this... this is just info asked / collected for 
the upstream to be able to build their ACL filters (This is also a flag for 
them to collect your BGP LOA's as well as your Customers to you..) 

This becomes a mute topic, if you are versed in using the Routing Registry and 
maintaining your own Route Objects etc. 

> 5. List all prefixes to be announced so that we can confirm the BGP ACL prior 
> to
> activation: We only have a /22, but we do want the option down the road to 
> pull
> /24 from one provider if need be. Would we list the /24s independently or the
> /22 as the aggregate?

You want to ask them for the following:- 

xx.xx.xx.xx/22 please use the 'le 24' option with the filter. 

Note: this will have them build a filter that can accept larger prefixes 
between 24 - 22, so it is not a 'specific' filter... 

> 6. MD5 Password: On this is it standard practice to use the same password with
> all providers or different ones?

Your choice... either way no big deal, as long as you keep track of them. 

> --
> If you only see yourself as part of the team but you don't see your team as 
> part
> of yourself you have already failed as part of the team.

Re: [AFMUG] Upstream BGP Questionairre

[That One Guy /sarcasm]

Is there a recomended complexity on the MD5 password, Im assuming it should
not be "password"

On Fri, May 13, 2016 at 10:38 AM, Josh Luthman 
wrote:

> 1 - AS is a number you get from ARIN
> 2 - I think it's just ARIN?  http://www.irr.net/docs/list.html
> 3 - generally full routes, you need 512 or 1024 megs of RAM on a MT
> 4 - It can be changed.  Just say you don't right now.
> 5 - Just list all your prefixes
> 6 - *ahem* probably should...but ya know...
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Fri, May 13, 2016 at 11:35 AM, That One Guy /sarcasm <
> thatoneguyst...@gmail.com> wrote:
>
>> Im going to expose the breadth of my incompetence here, but there are
>> some questions in this document I want to make sure im answering accurately
>>
>> 1. Are you the owner of the AS Number with RIR- This im assuming is our
>> ARIN direct allocation?
>>
>> 2. Are you registered with an Internet Routing Registry? - Im not sure
>> what this is, is this also ARIN or do I need to register something
>> elsewhere?
>>
>> 3. Which type of routes do you want to receive?  - Full routes is what we
>> want, but are there caveats in this answer I need to be prepared for?
>>
>> 4. Do you have downstream ASNs? - I assume this would be customers with
>> their own allocations? We currently do not, but do not want to close the
>> door on that in the future. Is this something easily updated in the future?
>>
>> 5. List all prefixes to be announced so that we can confirm the BGP ACL
>> prior to activation: We only have a /22, but we do want the option down the
>> road to pull /24 from one provider if need be. Would we list the /24s
>> independently or the /22 as the aggregate?
>>
>> 6. MD5 Password: On this is it standard practice to use the same password
>> with all providers or different ones?
>>
>>
>>
>>
>>
>> --
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] Upstream BGP Questionairre

[Josh Luthman]

1 - AS is a number you get from ARIN
2 - I think it's just ARIN?  http://www.irr.net/docs/list.html
3 - generally full routes, you need 512 or 1024 megs of RAM on a MT
4 - It can be changed.  Just say you don't right now.
5 - Just list all your prefixes
6 - *ahem* probably should...but ya know...


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Fri, May 13, 2016 at 11:35 AM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> Im going to expose the breadth of my incompetence here, but there are some
> questions in this document I want to make sure im answering accurately
>
> 1. Are you the owner of the AS Number with RIR- This im assuming is our
> ARIN direct allocation?
>
> 2. Are you registered with an Internet Routing Registry? - Im not sure
> what this is, is this also ARIN or do I need to register something
> elsewhere?
>
> 3. Which type of routes do you want to receive?  - Full routes is what we
> want, but are there caveats in this answer I need to be prepared for?
>
> 4. Do you have downstream ASNs? - I assume this would be customers with
> their own allocations? We currently do not, but do not want to close the
> door on that in the future. Is this something easily updated in the future?
>
> 5. List all prefixes to be announced so that we can confirm the BGP ACL
> prior to activation: We only have a /22, but we do want the option down the
> road to pull /24 from one provider if need be. Would we list the /24s
> independently or the /22 as the aggregate?
>
> 6. MD5 Password: On this is it standard practice to use the same password
> with all providers or different ones?
>
>
>
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>

[AFMUG] Upstream BGP Questionairre

[That One Guy /sarcasm]

Im going to expose the breadth of my incompetence here, but there are some
questions in this document I want to make sure im answering accurately

1. Are you the owner of the AS Number with RIR- This im assuming is our
ARIN direct allocation?

2. Are you registered with an Internet Routing Registry? - Im not sure what
this is, is this also ARIN or do I need to register something elsewhere?

3. Which type of routes do you want to receive?  - Full routes is what we
want, but are there caveats in this answer I need to be prepared for?

4. Do you have downstream ASNs? - I assume this would be customers with
their own allocations? We currently do not, but do not want to close the
door on that in the future. Is this something easily updated in the future?

5. List all prefixes to be announced so that we can confirm the BGP ACL
prior to activation: We only have a /22, but we do want the option down the
road to pull /24 from one provider if need be. Would we list the /24s
independently or the /22 as the aggregate?

6. MD5 Password: On this is it standard practice to use the same password
with all providers or different ones?





-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.