Projet

Général

Profil

BGP » Historique » Version 183

Laurent GUERBY, 06/09/2016 07:37

1 20 Laurent GUERBY
{{>toc}}
2 20 Laurent GUERBY
3 1 Laurent GUERBY
h1. BGP
4 1 Laurent GUERBY
5 175 Laurent GUERBY
h2. Liens
6 175 Laurent GUERBY
7 1 Laurent GUERBY
Nous utilisons BIRD sous Linux comme routeur BGP
8 1 Laurent GUERBY
9 1 Laurent GUERBY
http://bird.network.cz/
10 1 Laurent GUERBY
11 14 Laurent GUERBY
blog bgp http://www.renesys.com/blog/
12 15 Laurent GUERBY
flowspec http://www.slideshare.net/sfouant/an-introduction-to-bgp-flow-spec
13 16 Laurent GUERBY
DFZ = Default Free Zone archive http://archive.routeviews.org/
14 17 Laurent GUERBY
http://www.ripe.net/data-tools/stats/ris/routing-information-service
15 65 Laurent GUERBY
https://stat.ripe.net/widget/announced-prefixes
16 17 Laurent GUERBY
http://pch.net/resources/data/routing-tables/archive/
17 17 Laurent GUERBY
http://pch.net/resources/data/routing-tables/mrt-bgp-updates/
18 18 Laurent GUERBY
http://www.nanog.org/meetings/archive/
19 52 Laurent GUERBY
http://tools.ietf.org/html/draft-lapukhov-bgp-routing-large-dc-02
20 14 Laurent GUERBY
21 43 Laurent GUERBY
http://inside.godaddy.com/inside-story-happened-godaddy-com-sept-10-2012/
22 43 Laurent GUERBY
23 67 Laurent GUERBY
liste des communautés des opérateurs http://onesc.net/communities/ via http://www.bortzmeyer.org/7153.html
24 66 Laurent GUERBY
25 55 Laurent GUERBY
http://tools.ietf.org/html/rfc4271#section-9.1 BGP route decision process
26 55 Laurent GUERBY
27 29 Laurent GUERBY
http://www.ipbcop.org/
28 29 Laurent GUERBY
IP Best Current Operational Practices Documented best practices for Engineers by Engineers
29 29 Laurent GUERBY
30 30 Laurent GUERBY
BGP best practices ANSSI
31 30 Laurent GUERBY
https://www.sstic.org/media/SSTIC2012/SSTIC-actes/influence_des_bonnes_pratiques_sur_les_incidents_b/SSTIC2012-Article-influence_des_bonnes_pratiques_sur_les_incidents_bgp-contat_valadon_nataf_2.pdf
32 62 Laurent GUERBY
http://www.ssi.gouv.fr/fr/bonnes-pratiques/recommandations-et-guides/securite-des-reseaux/le-guide-des-bonnes-pratiques-de-configuration-de-bgp.html
33 64 Laurent GUERBY
http://tools.ietf.org/html/draft-ietf-opsec-bgp-security-01
34 179 Laurent GUERBY
http://www.ssi.gouv.fr/uploads/2014/10/rapport_observatoire_2015.pdf
35 30 Laurent GUERBY
36 37 Laurent GUERBY
https://www.ams-ix.net/technical/specifications-descriptions/ams-ix-route-servers
37 37 Laurent GUERBY
38 39 Laurent GUERBY
these LAAS BGP http://www.laas.fr/1-31360-Detail-Soutenance-de-these.php?id=600
39 41 Laurent GUERBY
http://www.laas.fr/1-31706-Publications.php?author=7738
40 1 Laurent GUERBY
http://www.net.t-labs.tu-berlin.de/papers/OMUPMO-OOSICP-11.pdf
41 42 Laurent GUERBY
http://hal.archives-ouvertes.fr/docs/00/60/53/83/PDF/dVirt-virtual_platform.pdf
42 42 Laurent GUERBY
http://hal.archives-ouvertes.fr/docs/00/48/70/74/PDF/Poster_SIGCOMM2010_philippe.pdf
43 40 Laurent GUERBY
44 44 Laurent GUERBY
Le monde sur BGP http://reseaux.blog.lemonde.fr/2012/11/04/routage-enjeu-cyberstrategie/
45 44 Laurent GUERBY
46 45 Laurent GUERBY
coupure free wanadoo http://www.journaldunet.com/solutions/0301/030122_freeft.shtml
47 45 Laurent GUERBY
48 46 Laurent GUERBY
tsunami Japon 2011 et BGP : http://archive.psg.com/111206.conext-quake.pdf
49 46 Laurent GUERBY
50 47 Laurent GUERBY
Session is up on telnet:route-views.routeviews.org username rviews
51 47 Laurent GUERBY
52 48 Laurent GUERBY
BGP book http://www.bortzmeyer.org/files/bgp.html
53 48 Laurent GUERBY
54 49 Laurent GUERBY
Cyclops is able to detect several forms of route hijack attacks http://cyclops.cs.ucla.edu/
55 50 Laurent GUERBY
BGPmon monitors the routing of your prefixes and alerts you in case of an 'interesting' path chang http://www.bgpmon.net/
56 49 Laurent GUERBY
57 53 Laurent GUERBY
http://jointtransit.nl/prices.html
58 53 Laurent GUERBY
59 54 Laurent GUERBY
http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho
60 54 Laurent GUERBY
61 51 Laurent GUERBY
* taille table de routage http://bgp.potaroo.net/
62 1 Laurent GUERBY
63 65 Laurent GUERBY
* BGP	in	2011	 Geoff	Huston	 APNIC http://iepg.org/2011-11-ietf82/2011-11-13-bgp2011.pdf
64 56 Laurent GUERBY
65 57 Laurent GUERBY
* http://pages.cs.wisc.edu/~plonka/netgear-sntp/
66 57 Laurent GUERBY
67 58 Laurent GUERBY
* http://www.afnic.fr/fr/l-afnic-en-bref/actualites/actualites-generales/7114/show/l-observatoire-sur-la-resilience-de-l-internet-francais-publie-son-rapport-2012.html
68 58 Laurent GUERBY
69 59 Laurent GUERBY
* http://www.ris.ripe.net/dashboard/2a01:6600:8000::/40
70 59 Laurent GUERBY
71 60 Laurent GUERBY
* http://www.bortzmeyer.org/6996.html
72 60 Laurent GUERBY
** RFC 6996 : Autonomous System (AS) Reservation for Private Use
73 60 Laurent GUERBY
** http://www.iana.org/assignments/as-numbers
74 60 Laurent GUERBY
75 61 Laurent GUERBY
* Look for TRACEROUTE by SRCGUARDIAN in the Play Store.   It needs network access only...  Doesn't do TCP but does ICMP and UDP traceroutes and displays ASN as well ...
76 61 Laurent GUERBY
77 63 Laurent GUERBY
* http://www.team-cymru.org/Services/Bogons/bgp.html
78 63 Laurent GUERBY
** http://www.team-cymru.org/Services/Bogons/bgp-examples.html#bird-full
79 175 Laurent GUERBY
80 175 Laurent GUERBY
* 3D looking glass  http://as2914.net/#/
81 63 Laurent GUERBY
82 177 Laurent GUERBY
* https://labs.ripe.net/Members/emileaben/has-the-routability-of-longer-than-24-prefixes-changed
83 177 Laurent GUERBY
84 183 Laurent GUERBY
* https://github.com/pavel-odintsov/fastnetmon
85 183 Laurent GUERBY
** FastNetMon - A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFLOW, SnabbSwitch, netmap, PF_RING, PCAP).
86 183 Laurent GUERBY
** What can we do? We can detect hosts in our networks sending or receiving large volumes of packets/bytes/flows per second. We can call an external script to notify you, switch off a server, or blackhole the client.
87 183 Laurent GUERBY
88 182 Laurent GUERBY
h2. Baker-s Dozen
89 182 Laurent GUERBY
90 181 Laurent GUERBY
* Baker's Dozen BGP transit players
91 181 Laurent GUERBY
** http://research.dyn.com/2008/12/winners-and-losers-for-2008/
92 181 Laurent GUERBY
** http://research.dyn.com/2009/12/a-bakers-dozen-in-2009/
93 181 Laurent GUERBY
** http://research.dyn.com/2011/01/a-bakers-dozen-2010-edition/
94 181 Laurent GUERBY
** http://research.dyn.com/2012/02/a-bakers-dozen-2011-edition/
95 181 Laurent GUERBY
** http://research.dyn.com/2012/02/a-bakers-dozen-2012-edition/
96 181 Laurent GUERBY
** http://research.dyn.com/2012/02/a-bakers-dozen-2013-edition/
97 181 Laurent GUERBY
** http://research.dyn.com/2012/02/a-bakers-dozen-2014-edition/
98 181 Laurent GUERBY
** http://research.dyn.com/2016/04/a-bakers-dozen-2015-edition/
99 182 Laurent GUERBY
*** https://cdn.vpls.com/wp-content/uploads/WP033-Bakers-Dozen-2015.pdf
100 180 Laurent GUERBY
101 171 Laurent GUERBY
h1. Bird
102 171 Laurent GUERBY
103 171 Laurent GUERBY
h2. Link local IPv6 static route
104 171 Laurent GUERBY
105 171 Laurent GUERBY
<pre>
106 171 Laurent GUERBY
    protocol direct {
107 171 Laurent GUERBY
      interface "eth0";
108 171 Laurent GUERBY
    }
109 171 Laurent GUERBY
110 171 Laurent GUERBY
    protocol static {
111 171 Laurent GUERBY
      route 2001:db8::/32 via fe80::1%eth0;
112 171 Laurent GUERBY
    }
113 171 Laurent GUERBY
</pre>
114 171 Laurent GUERBY
115 172 Laurent GUERBY
h2. Gitoyen BIRD config
116 172 Laurent GUERBY
117 172 Laurent GUERBY
https://code.ffdn.org/gitoyen/bird-config/
118 171 Laurent GUERBY
119 176 Laurent GUERBY
Et autres outils dont le blackholing automatique : https://code.ffdn.org/org/gitoyen
120 176 Laurent GUERBY
121 173 Laurent GUERBY
h2. Misc BIRD Links
122 173 Laurent GUERBY
123 173 Laurent GUERBY
* zeromq integration https://github.com/samrussell/bird/tree/zmqintegration
124 174 Laurent GUERBY
* https://www.netdev01.org/docs/prabhu-linux_ipv4_ipv6_inconsistencies_talk_slides.pdf
125 173 Laurent GUERBY
126 178 Baptiste Jonglez
h1. mrtdump
127 178 Baptiste Jonglez
128 178 Baptiste Jonglez
mrtdump est un format standard pour représenter et stocker des données BGP (table de routage, messages BGP) : https://tools.ietf.org/html/rfc6396
129 178 Baptiste Jonglez
130 178 Baptiste Jonglez
h2. Dump mrtdump avec Bird
131 178 Baptiste Jonglez
132 178 Baptiste Jonglez
h3. Dump de tous les messages BGP échangés avec les pairs
133 178 Baptiste Jonglez
134 178 Baptiste Jonglez
<pre>
135 178 Baptiste Jonglez
mrtdump "/tmp/mrtdump-messages";
136 178 Baptiste Jonglez
mrtdump protocols {messages};
137 178 Baptiste Jonglez
</pre>
138 178 Baptiste Jonglez
139 178 Baptiste Jonglez
Cf. doc bird : http://bird.network.cz/?get_doc&f=bird-3.html#ss3.2
140 178 Baptiste Jonglez
141 178 Baptiste Jonglez
Pour "rotate" le fichier de dump, changer le nom du fichier dans la configuration bird et faire `birdc configure`.
142 178 Baptiste Jonglez
143 178 Baptiste Jonglez
h3. Dump de la table de routage BGP
144 178 Baptiste Jonglez
145 178 Baptiste Jonglez
Ce n'est pas encore possible mais en développement dans Bird, cf. branche *mrtdump* upstream.
146 178 Baptiste Jonglez
147 178 Baptiste Jonglez
Doc : https://gitlab.labs.nic.cz/labs/bird/commit/11fabd2d6b8bc3d6ca86acd3b62fe4deeb4b91b7
148 178 Baptiste Jonglez
149 178 Baptiste Jonglez
h2. Sources de données mrtdump publiques
150 178 Baptiste Jonglez
151 178 Baptiste Jonglez
* RIS (Routing Information Service) :
152 178 Baptiste Jonglez
153 178 Baptiste Jonglez
  * routes BGP collectées par le RIPE depuis plusieurs points d'échanges (16 collecteurs en tout)
154 178 Baptiste Jonglez
  * données collectées et archivées depuis 2001
155 178 Baptiste Jonglez
  * https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris/routing-information-service-ris
156 178 Baptiste Jonglez
  * données en libre accès https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris/ris-raw-data
157 178 Baptiste Jonglez
158 178 Baptiste Jonglez
* Routeviews :
159 178 Baptiste Jonglez
160 178 Baptiste Jonglez
  * même idée, mais moins centré sur l'Europe (projet mené par des américains)
161 178 Baptiste Jonglez
  * http://www.routeviews.org/
162 178 Baptiste Jonglez
  * données en libre accès ftp://archive.routeviews.org/
163 178 Baptiste Jonglez
164 178 Baptiste Jonglez
h2. Exploitation des données mrtdump
165 178 Baptiste Jonglez
166 178 Baptiste Jonglez
* outil historique : *bgpdump* https://bitbucket.org/ripencc/bgpdump/wiki/Home
167 178 Baptiste Jonglez
* plus récent : *bgpstream* https://bgpstream.caida.org/  https://github.com/CAIDA/bgpstream https://pypi.python.org/pypi/pybgpstream
168 178 Baptiste Jonglez
169 178 Baptiste Jonglez
bgpstream est plutôt fait pour récupérer automatiquement les données de RIS et Routeviews (d'ailleurs parfois ça ne marche pas super bien...).  C'est aussi possible de lire des fichiers mrtdump locaux, par exemple avec les bindings python :
170 178 Baptiste Jonglez
171 178 Baptiste Jonglez
<pre>
172 178 Baptiste Jonglez
from _pybgpstream import BGPStream, BGPRecord, BGPElem
173 178 Baptiste Jonglez
record = BGPRecord()
174 178 Baptiste Jonglez
stream = BGPStream()
175 178 Baptiste Jonglez
stream.set_data_interface("singlefile")
176 178 Baptiste Jonglez
stream.set_data_interface_option("singlefile", "rib-file", myfilename)
177 178 Baptiste Jonglez
# Add additional filters here
178 178 Baptiste Jonglez
stream.start()
179 178 Baptiste Jonglez
# etc (cf. tutorial bgpstream)
180 178 Baptiste Jonglez
</pre>
181 178 Baptiste Jonglez
182 178 Baptiste Jonglez
183 38 Laurent GUERBY
h1. TouIX et GIX
184 38 Laurent GUERBY
185 38 Laurent GUERBY
http://touix.net
186 38 Laurent GUERBY
http://wikilulu.net/doku.php?id=articles:gix-howto
187 38 Laurent GUERBY
188 3 Laurent GUERBY
h1. Evolutions de la conf BGP
189 3 Laurent GUERBY
190 3 Laurent GUERBY
* http://lists.tetaneutral.net/pipermail/technique/2011-December/000118.html
191 3 Laurent GUERBY
192 5 Laurent GUERBY
TODO: 
193 6 Laurent GUERBY
* mise en place d'un gestionaire de version style git au moins pour documentation
194 5 Laurent GUERBY
* Comment gerer les password MD5 du fichier de conf (les garder secrets tout en publiant le reste)
195 5 Laurent GUERBY
* Atelier ?
196 7 Laurent GUERBY
** Laurent GUERBY
197 9 Raphaël Durand
** Solarus
198 10 Raphaël Durand
** Ajouter son nom...
199 4 Laurent GUERBY
200 13 Laurent GUERBY
Alternative a MP BGP
201 13 Laurent GUERBY
http://tools.ietf.org/html/draft-ietf-idr-bgp-multisession-06
202 13 Laurent GUERBY
203 31 Laurent GUERBY
Add Path
204 31 Laurent GUERBY
http://tools.ietf.org/html/draft-ietf-idr-add-paths-07
205 31 Laurent GUERBY
support in bird ? http://marc.info/?l=bird-users&m=134409996129466&w=2
206 31 Laurent GUERBY
207 2 Laurent GUERBY
h1. Liens
208 2 Laurent GUERBY
209 2 Laurent GUERBY
* http://www.cl.cam.ac.uk/~tgg22/talks/BGP_TUTORIAL_ICNP_2002.ppt
210 11 Laurent GUERBY
* http://www.menog.net/menog-meetings/menog5/presentations/smith-32bit-asn-update.pdf
211 12 Laurent GUERBY
* AS4 http://www.rfc-editor.org/rfc/rfc4893.txt
212 19 Laurent GUERBY
* bonnes pratiques incidents BGP
213 19 Laurent GUERBY
** https://www.sstic.org/media/SSTIC2012/SSTIC-actes/influence_des_bonnes_pratiques_sur_les_incidents_b/SSTIC2012-Slides-influence_des_bonnes_pratiques_sur_les_incidents_bgp-contat_valadon_nataf.pdf
214 35 Laurent GUERBY
* test ping plus UDP http://www.broadband-forum.org/technical/download/TR-143.pdf
215 2 Laurent GUERBY
216 1 Laurent GUERBY
h1. Configuration Toulouse
217 1 Laurent GUERBY
218 1 Laurent GUERBY
<pre>
219 1 Laurent GUERBY
router id 91.224.148.2;
220 1 Laurent GUERBY
define myas = 197422;
221 1 Laurent GUERBY
222 1 Laurent GUERBY
223 1 Laurent GUERBY
protocol device {
224 1 Laurent GUERBY
	scan time 10;
225 1 Laurent GUERBY
        primary "eth0" 91.224.148.3;
226 1 Laurent GUERBY
}
227 1 Laurent GUERBY
228 1 Laurent GUERBY
protocol static static_bgp {
229 1 Laurent GUERBY
	import all;
230 1 Laurent GUERBY
	route 91.224.148.0/23 reject;
231 1 Laurent GUERBY
}
232 1 Laurent GUERBY
233 1 Laurent GUERBY
234 1 Laurent GUERBY
protocol kernel{
235 1 Laurent GUERBY
	import all;
236 1 Laurent GUERBY
	export all;
237 1 Laurent GUERBY
}
238 1 Laurent GUERBY
239 1 Laurent GUERBY
240 1 Laurent GUERBY
function avoid_martians()
241 1 Laurent GUERBY
prefix set martians;
242 1 Laurent GUERBY
{
243 1 Laurent GUERBY
  martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+ ];
244 1 Laurent GUERBY
245 1 Laurent GUERBY
  # Avoid 0.0.0.0/X
246 1 Laurent GUERBY
  if net.ip = 0.0.0.0 then return false;
247 1 Laurent GUERBY
248 1 Laurent GUERBY
  # Avoid too short and too long prefixes
249 1 Laurent GUERBY
  if (net.len < 8) || (net.len > 24) then return false;
250 1 Laurent GUERBY
251 1 Laurent GUERBY
  # Avoid RFC1918 networks
252 1 Laurent GUERBY
  if net ~ martians then return false;
253 1 Laurent GUERBY
  return true;
254 1 Laurent GUERBY
}
255 1 Laurent GUERBY
256 1 Laurent GUERBY
filter bgp_OUT {
257 1 Laurent GUERBY
	if (net ~ [91.224.148.0/23]) then accept;
258 1 Laurent GUERBY
	else reject;
259 1 Laurent GUERBY
}
260 1 Laurent GUERBY
261 1 Laurent GUERBY
262 1 Laurent GUERBY
protocol bgp TOUIX {
263 1 Laurent GUERBY
        local as myas;
264 1 Laurent GUERBY
        neighbor 91.213.236.1 as 47184;
265 1 Laurent GUERBY
        preference 200;
266 1 Laurent GUERBY
        import where avoid_martians();
267 1 Laurent GUERBY
        export filter bgp_OUT;
268 1 Laurent GUERBY
}
269 1 Laurent GUERBY
270 1 Laurent GUERBY
protocol bgp JAGUAR {
271 1 Laurent GUERBY
	 local as myas;
272 1 Laurent GUERBY
	 neighbor 31.172.233.1 as 30781;
273 1 Laurent GUERBY
	 preference 50;
274 1 Laurent GUERBY
         import where avoid_martians();
275 1 Laurent GUERBY
         export filter bgp_OUT;
276 1 Laurent GUERBY
}
277 1 Laurent GUERBY
278 1 Laurent GUERBY
protocol bgp TETANEUTRAL {
279 1 Laurent GUERBY
	local as myas;
280 1 Laurent GUERBY
	neighbor 91.224.148.2 as myas;
281 1 Laurent GUERBY
	preference 100;
282 1 Laurent GUERBY
	import where avoid_martians();
283 1 Laurent GUERBY
	export all;
284 1 Laurent GUERBY
}
285 1 Laurent GUERBY
</pre>
286 20 Laurent GUERBY
287 33 Laurent GUERBY
h1. IRR
288 33 Laurent GUERBY
289 33 Laurent GUERBY
* From nanog:
290 33 Laurent GUERBY
http://www.clarksys.com/blog/2009/09/02/using-irr-with-level3/
291 33 Laurent GUERBY
whois -h filtergen.level3.net "RIPE::YOUR-AS-SET  -searchpath=RIPE;ARIN;RADB -recurseok -warnonly"
292 33 Laurent GUERBY
293 20 Laurent GUERBY
h1. Blackholing
294 20 Laurent GUERBY
295 160 Laurent GUERBY
h2. DECIX
296 160 Laurent GUERBY
297 160 Laurent GUERBY
http://de-cix.net/products-services/de-cix-frankfurt/blackholing/
298 160 Laurent GUERBY
299 24 Laurent GUERBY
h2. Attaques
300 24 Laurent GUERBY
301 24 Laurent GUERBY
* 20120629 http://lists.tetaneutral.net/pipermail/technique/2012-July/000406.html
302 36 Laurent GUERBY
* http://blog.cloudflare.com/65gbps-ddos-no-problem
303 24 Laurent GUERBY
304 1 Laurent GUERBY
h2. URPF
305 34 Laurent GUERBY
306 65 Laurent GUERBY
blacklister une/plusieures sources est relativement complexe à mettre en place sur une petite infrastructure car nécessite la mise en place de l'URPF (Unicast Reverse Path Forwarding).
307 34 Laurent GUERBY
308 34 Laurent GUERBY
http://www.cisco.com/web/about/security/intelligence/ipv6_rtbh.html
309 34 Laurent GUERBY
310 20 Laurent GUERBY
h2. RFC3882 
311 1 Laurent GUERBY
312 22 Laurent GUERBY
* http://www.ietf.org/rfc/rfc3882.txt
313 1 Laurent GUERBY
community AS:666 sur annonce /32 pour balckhole par AS upstream
314 1 Laurent GUERBY
315 22 Laurent GUERBY
* doc CISCO
316 22 Laurent GUERBY
http://www.cisco.com/web/about/security/intelligence/blackhole.pdf
317 22 Laurent GUERBY
318 28 Laurent GUERBY
h2. RFC1997
319 28 Laurent GUERBY
320 28 Laurent GUERBY
* http://www.ietf.org/rfc/rfc1997.txt
321 28 Laurent GUERBY
BGP Communities Attribute
322 28 Laurent GUERBY
323 28 Laurent GUERBY
* doc CISCO
324 28 Laurent GUERBY
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_6-2/bgp_communities.html
325 28 Laurent GUERBY
326 22 Laurent GUERBY
h2. BIRD
327 22 Laurent GUERBY
328 22 Laurent GUERBY
* http://www.mail-archive.com/bird-users@atrey.karlin.mff.cuni.cz/msg01998.html
329 1 Laurent GUERBY
330 24 Laurent GUERBY
h2. Absolight
331 24 Laurent GUERBY
332 65 Laurent GUERBY
* communauté 29608:65001 sur /24..32 IPv4 et /41..128 IPv6 => blackhole
333 65 Laurent GUERBY
* test 20120703 IPv4 et IPv6, ça marche et convergence très rapide
334 24 Laurent GUERBY
335 22 Laurent GUERBY
h2. GIXE
336 1 Laurent GUERBY
337 65 Laurent GUERBY
* communauté 31576:666 sur /32 => blackhole
338 65 Laurent GUERBY
* test 20120703 => marche pas encore, signalé et dev a faire coté GIXE pour autoriser les /32
339 1 Laurent GUERBY
340 1 Laurent GUERBY
h2. Jaguar 
341 22 Laurent GUERBY
342 24 Laurent GUERBY
* https://extranet.jaguar-network.com/app/public/index.php?cmd=bgp-policy
343 65 Laurent GUERBY
* demande 20120702 : pas de communauté blackhole actuellement, en reflexion
344 65 Laurent GUERBY
* déploiement de matériel arbor networks, reglage a affiner (pas de detection d'attaque)
345 22 Laurent GUERBY
346 27 Laurent GUERBY
h2. Gitoyen
347 27 Laurent GUERBY
348 65 Laurent GUERBY
* demande 20120704 sur la liste, réponse 20120717
349 28 Laurent GUERBY
* Tata http://noc.easycolocate.nl/Teleglobe_bgp_comm.pdf
350 65 Laurent GUERBY
*** => black-hole route (host route or shorter prefix within customer’s RIR registred assignment) 64999:0
351 28 Laurent GUERBY
* Ielo  whois AS29075 => 29075:0 Null-route/Blackhole
352 32 Laurent GUERBY
* https://pad.ilico.org/p/cleanup-bgp-gitoyen
353 22 Laurent GUERBY
354 22 Laurent GUERBY
h2. France-IX
355 22 Laurent GUERBY
356 25 Laurent GUERBY
* community plan : https://apps.db.ripe.net/whois/lookup/ripe/aut-num/AS51706.html
357 26 Laurent GUERBY
* TODO tester
358 22 Laurent GUERBY
359 22 Laurent GUERBY
h2. Equinix-IX
360 1 Laurent GUERBY
361 26 Laurent GUERBY
* community plan : https://ix.equinix.com/ixp/mlpeCommunityInfo
362 26 Laurent GUERBY
* TODO tester
363 22 Laurent GUERBY
364 1 Laurent GUERBY
h2. TouIX
365 22 Laurent GUERBY
366 26 Laurent GUERBY
* demande acces switch et route server 20120702
367 22 Laurent GUERBY
* TODO
368 1 Laurent GUERBY
369 1 Laurent GUERBY
h2. Hurricane Electric
370 1 Laurent GUERBY
371 26 Laurent GUERBY
* http://www.he.net/adm/
372 1 Laurent GUERBY
* http://www.he.net/adm/blackhole.html
373 1 Laurent GUERBY
* TODO tester
374 28 Laurent GUERBY
375 28 Laurent GUERBY
h2. Sfinx
376 28 Laurent GUERBY
377 28 Laurent GUERBY
* http://www.renater.fr/route-servers-bgp?lang=fr
378 28 Laurent GUERBY
* whois  AS1304 =>
379 28 Laurent GUERBY
remarks:        1304:65281 = Apply NO-EXPORT community
380 28 Laurent GUERBY
remarks:        1304:65282 = Apply NO-ADVERTISE community
381 161 Laurent GUERBY
382 161 Laurent GUERBY
h2. Cogent
383 161 Laurent GUERBY
384 166 Laurent GUERBY
h3. Docs
385 166 Laurent GUERBY
386 161 Laurent GUERBY
* http://www.cogentco.com/files/docs/customer_service/guide/global_cogent_customer_user_guide.pdf
387 162 Laurent GUERBY
** communautés page 21-22
388 169 Laurent GUERBY
* http://www.onesc.net/communities/as174/
389 170 Laurent GUERBY
* https://www.nanog.org/mailinglist/mailarchives/old_archive/2005-03/msg00465.html
390 166 Laurent GUERBY
* https://www.nanog.org/meetings/nanog45/presentations/Sunday/RAS_traceroute_N45.pdf
391 1 Laurent GUERBY
392 162 Laurent GUERBY
France / Benelux:
393 162 Laurent GUERBY
+33 1 49 03 1818 (Hotline)
394 162 Laurent GUERBY
+33 1 49 03 1803 (fax)
395 162 Laurent GUERBY
fr-support@cogentco.com (maintenance and repair)
396 162 Laurent GUERBY
bnl-support@cogentco.com (maintenance and repair))
397 162 Laurent GUERBY
billingeu@cogentco.com (billing, customer care)
398 162 Laurent GUERBY
All Customers in Europe can also contact the European Cogent Customer Support team
399 162 Laurent GUERBY
using the generic email address for Europe: eu-support@cogentco.com 
400 162 Laurent GUERBY
401 164 Laurent GUERBY
Livré comme demandé sur rocade optique Fullsave :
402 164 Laurent GUERBY
Livré sur TLS01.CB.KD-05/A.To02.03&04 (tiroir optique N°2, fibre 03&04).
403 165 Laurent GUERBY
Cogent physical port te0/0/2/3-rcr11.tls01
404 164 Laurent GUERBY
405 163 Laurent GUERBY
Order ID/Service ID: 1-166108500
406 163 Laurent GUERBY
Service Type: EU_L3_ON_10GE_BURST
407 163 Laurent GUERBY
Commitment: 1000.0 MBps
408 163 Laurent GUERBY
Service Address: 125 bis ch du Sang de Serp
409 163 Laurent GUERBY
livraison dans baie Fullsave / salle LAP Te0/0/2/3 rcr01.tls01 -- > TLS01.CB.KD-05/A.To02.03&04
410 163 Laurent GUERBY
Toulouse, FR France 31000
411 163 Laurent GUERBY
Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014
412 163 Laurent GUERBY
413 163 Laurent GUERBY
Order ID/Service ID: 1-166108524
414 163 Laurent GUERBY
Service Type: EU_L3_ON_IPV6DSTACK_FLAT
415 163 Laurent GUERBY
Commitment: 0.0 MBps
416 163 Laurent GUERBY
Service Address: 125 bis ch du Sang de Serp
417 163 Laurent GUERBY
IPv6s fort port order 1-166108500
418 163 Laurent GUERBY
Toulouse, FR France 31000
419 163 Laurent GUERBY
Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014
420 163 Laurent GUERBY
421 163 Laurent GUERBY
Order ID/Service ID: 1-166108512
422 163 Laurent GUERBY
Service Type: EU_L0_ON_XCFIBER_FLAT
423 163 Laurent GUERBY
Commitment: 0.0 MBps
424 163 Laurent GUERBY
Service Address: 125 bis ch du Sang de Serp
425 163 Laurent GUERBY
Te0/0/2/3 rcr01.tls01 -- > TLS01.CB.KD-05/A.To02.03&04 port order 1-166108500
426 163 Laurent GUERBY
Toulouse, FR France 31000
427 163 Laurent GUERBY
Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014
428 162 Laurent GUERBY
429 162 Laurent GUERBY
h3. Config initiale BGP Cogent
430 162 Laurent GUERBY
431 161 Laurent GUERBY
<pre>
432 161 Laurent GUERBY
root@h7:~# cat /etc/bird/bird.conf
433 161 Laurent GUERBY
router id 149.11.58.74;
434 161 Laurent GUERBY
435 161 Laurent GUERBY
define myas = 197422;
436 161 Laurent GUERBY
437 161 Laurent GUERBY
timeformat base     iso long;
438 161 Laurent GUERBY
timeformat log      iso long;
439 161 Laurent GUERBY
timeformat protocol iso long;
440 161 Laurent GUERBY
timeformat route    iso long;
441 161 Laurent GUERBY
442 161 Laurent GUERBY
log "/var/log/bird/bird-20140527.log" all;
443 161 Laurent GUERBY
444 161 Laurent GUERBY
debug commands 2;
445 161 Laurent GUERBY
446 161 Laurent GUERBY
debug protocols { states, events };
447 161 Laurent GUERBY
448 161 Laurent GUERBY
protocol device {
449 161 Laurent GUERBY
        scan time 10;
450 161 Laurent GUERBY
}
451 161 Laurent GUERBY
452 161 Laurent GUERBY
protocol kernel {
453 161 Laurent GUERBY
        import all;
454 161 Laurent GUERBY
        export all;
455 161 Laurent GUERBY
        learn;
456 161 Laurent GUERBY
}
457 161 Laurent GUERBY
458 161 Laurent GUERBY
filter bgp_OUT {
459 167 Laurent GUERBY
        if (net ~ [91.224.148.0/23, 80.67.182.0/24, 89.234.156.0/23]) then {
460 167 Laurent GUERBY
          accept;
461 167 Laurent GUERBY
        }
462 161 Laurent GUERBY
        reject;
463 161 Laurent GUERBY
}
464 161 Laurent GUERBY
465 161 Laurent GUERBY
filter bgp_IN_PEERING {
466 161 Laurent GUERBY
       accept;
467 161 Laurent GUERBY
}
468 161 Laurent GUERBY
469 161 Laurent GUERBY
protocol bgp COGENT_TLS00 {
470 161 Laurent GUERBY
        local as myas;
471 161 Laurent GUERBY
        neighbor 149.11.58.73 as 174;
472 161 Laurent GUERBY
        import filter bgp_IN_PEERING;
473 161 Laurent GUERBY
        export filter bgp_OUT;
474 161 Laurent GUERBY
}
475 161 Laurent GUERBY
root@h7:~# cat /etc/bird/bird6.conf
476 161 Laurent GUERBY
router id 149.11.58.74;
477 161 Laurent GUERBY
478 161 Laurent GUERBY
define myas = 197422;
479 161 Laurent GUERBY
480 161 Laurent GUERBY
timeformat base     iso long;
481 161 Laurent GUERBY
timeformat log      iso long;
482 161 Laurent GUERBY
timeformat protocol iso long;
483 161 Laurent GUERBY
timeformat route    iso long;
484 161 Laurent GUERBY
485 161 Laurent GUERBY
log "/var/log/bird/bird6-20140527.log" all;
486 161 Laurent GUERBY
487 161 Laurent GUERBY
debug commands 2;
488 161 Laurent GUERBY
489 161 Laurent GUERBY
debug protocols { states, events };
490 161 Laurent GUERBY
491 161 Laurent GUERBY
listen bgp v6only;
492 161 Laurent GUERBY
493 161 Laurent GUERBY
protocol device {
494 161 Laurent GUERBY
        scan time 10;
495 161 Laurent GUERBY
}
496 161 Laurent GUERBY
497 161 Laurent GUERBY
protocol kernel {
498 161 Laurent GUERBY
        import all;
499 161 Laurent GUERBY
        export all;
500 161 Laurent GUERBY
        learn;
501 161 Laurent GUERBY
}
502 161 Laurent GUERBY
503 161 Laurent GUERBY
filter bgp_OUT_6 {
504 168 Laurent GUERBY
        if (net ~ [2a01:6600:8000::/40]) then {
505 168 Laurent GUERBY
          accept;
506 168 Laurent GUERBY
        }
507 161 Laurent GUERBY
        reject;
508 161 Laurent GUERBY
}
509 161 Laurent GUERBY
510 161 Laurent GUERBY
filter bgp_IN_PEERING_6 {
511 161 Laurent GUERBY
       accept;
512 161 Laurent GUERBY
}
513 161 Laurent GUERBY
514 161 Laurent GUERBY
protocol bgp COGENT_TLS00_6 {
515 161 Laurent GUERBY
        local as myas;
516 161 Laurent GUERBY
        neighbor 2001:978:2:68::8:1 as 174;
517 161 Laurent GUERBY
        import filter bgp_IN_PEERING_6;
518 161 Laurent GUERBY
        export filter bgp_OUT_6;
519 161 Laurent GUERBY
}
520 161 Laurent GUERBY
</pre>