You definitely need an AS number, although if your BGP route provider
agrees, you can use a private AS number (kind of like RFC1918 IP
addressing, conceptually).
You don't need portable IP address space to get (or use) a BGP feed -
again, subject to negotiation with your BGP provider(s).
I'm using OpenBGPD under 2.0B4 and it works OK (except for a nasty bug
concerning 1:1 NAT entries [#958]). I'm not pulling in a full route set,
though, only about 13k routes.
IPv4 portable address space is already extremely difficult to obtain - an
ISP I do work for has to justify 80% usage of every additional class-C
block they obtain, and they're only being given /24s and /23s now. (I
think they're going to renumber a large chunk of addresses, though, and
exchange a bunch of /23s and /22s for a /21.)
It's not all that expensive to obtain IP addresses from ARIN, the problem
is you likely don't meet their minimum thresholds.
Quoting from https://www.arin.net/policy/nrpm.html,
4.1.1. Routability
Provider independent (portable) addresses issued directly from ARIN or
other Regional Registries are not guaranteed to be globally routable.
Therefore, ISPs should consider the following order of priority when
requesting IP address space:
- Request IP address space from upstream provider
- Request IP address space from provider's provider
- Request IP address space from ARIN (not guaranteed to be globally
routable)
According to section 4.2.1.5 Minimum Allocation, ARIN will issue /20s or
larger to end-users, and /22s and larger to multi-homed ISPs. And keep in
mind that many large transit providers filter all announcements smaller
than a defined threshold (I'm told that's up to /20 now in some cases).
You generally receive BGP feeds from your directly connected neighbours;
typically this means both your ISPs must agree to talk BGP with you, they
must both agree to advertise your address space, and they must both agree
on your AS number. (Same considerations apply for n2, just exponentially
more difficult unless you're a large ISP yourself.)
It's perfectly feasible to run iBGP (i=internal) which is the same
protocol but just not talking to anyone on the outside. This lets you set
up multiple routers internally and experiment with BGP to your heart's
content. It's also sometimes possible to find a friendly ISP and import a
BGP feed from them and not talk BGP to your neighbours at all.
Most BGP partners will happily apply filters that discard all
advertisements from you, which means you won't screw up anyone except
yourself. And, AFAIK, most BGP routers have sane filters that block
advertisements of (for example) 0.0.0.0/0, 127.0.0.0/8, 192.168.0.0/16,
etc. so while it's always possible for BGP mistakes to affect many
non-related users, it's fairly rare; I can only remember one internet-wide
mistake in the last year or two.
I run a unusual case myself: I have two small public IP allocations, a /29
from my public ISP (TeraGo) and a /32 from my regional RD/Edu network
(MRNET). I don't have any portable address space at all, and neither set
of addresses is advertised to the opposite link; BGP only really helps me
for outbound connections. I only talk BGP to MRNET (that's the 13k
routes, basically CA*Net, NSFNet, ESNet, I2, et al.), and I use a default
route to TeraGo.
If you live in an area with multiple large ISPs, you'll have much better
luck finding someone who knows what BGP is. Ditto if you have
business-grade service with an actual Account Manager assigned to you.
Smaller, regional ISPs often refuse to provide BGP peering for
non-technical reasons. (And good luck finding a Cable operator anywhere
who's willing to even *think* about the possibility of a multi-homed
customer...)
-Adam Thompson
athom...@athompso.net
-Original Message-
From: Eugen Leitl [mailto:eu...@leitl.org]
Sent: Thursday, November 11, 2010 07:07
To: discussion@pfsense.com
Subject: [pfSense-discussion] how to receive BGP routes
I should now have enough resources (4 GByte RAM) to start
fiddling around with the whole BGP table. As I have very
little netop clue, from where can one receive a full
feed? I do not have PI space nor an AS number,
obviously. I hope to be able to obtain enough clue
and finances eventually to get PI space (probably
IPv6, as IPv4 PI should be getting terribly scarce
rather soon).
I see there's a OpenBGPD package in 2.0-BETA4 list,
as well as OpenOSPFD (the latter is only used within
an AS, apparently). Is it possible to set up to receive
a full routing table without having one's own AS?
How would one go about to make sure one's modifications
do not get published by mistake? I'd rather try to avoid
screwing up somebody's routes by a rookie mistake, for
obvious reasons. This is just a lab.
Thanks!
--
Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
