BGP » Historique » Version 12
Version 11 (Laurent GUERBY, 03/01/2012 08:06) → Version 12/192 (Laurent GUERBY, 03/01/2012 08:09)
h1. BGP
Nous utilisons BIRD sous Linux comme routeur BGP
http://bird.network.cz/
h1. Evolutions de la conf BGP
* http://lists.tetaneutral.net/pipermail/technique/2011-December/000118.html
TODO:
* mise en place d'un gestionaire de version style git au moins pour documentation
* Comment gerer les password MD5 du fichier de conf (les garder secrets tout en publiant le reste)
* Atelier ?
** Laurent GUERBY
** Solarus
** Ajouter son nom...
h1. Liens
* http://www.cl.cam.ac.uk/~tgg22/talks/BGP_TUTORIAL_ICNP_2002.ppt
* http://www.menog.net/menog-meetings/menog5/presentations/smith-32bit-asn-update.pdf
* AS4 http://www.rfc-editor.org/rfc/rfc4893.txt
h1. Configuration Toulouse
<pre>
router id 91.224.148.2;
define myas = 197422;
protocol device {
scan time 10;
primary "eth0" 91.224.148.3;
}
protocol static static_bgp {
import all;
route 91.224.148.0/23 reject;
}
protocol kernel{
import all;
export all;
}
function avoid_martians()
prefix set martians;
{
martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+ ];
# Avoid 0.0.0.0/X
if net.ip = 0.0.0.0 then return false;
# Avoid too short and too long prefixes
if (net.len < 8) || (net.len > 24) then return false;
# Avoid RFC1918 networks
if net ~ martians then return false;
return true;
}
filter bgp_OUT {
if (net ~ [91.224.148.0/23]) then accept;
else reject;
}
protocol bgp TOUIX {
local as myas;
neighbor 91.213.236.1 as 47184;
preference 200;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp JAGUAR {
local as myas;
neighbor 31.172.233.1 as 30781;
preference 50;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp TETANEUTRAL {
local as myas;
neighbor 91.224.148.2 as myas;
preference 100;
import where avoid_martians();
export all;
}
</pre>
Nous utilisons BIRD sous Linux comme routeur BGP
http://bird.network.cz/
h1. Evolutions de la conf BGP
* http://lists.tetaneutral.net/pipermail/technique/2011-December/000118.html
TODO:
* mise en place d'un gestionaire de version style git au moins pour documentation
* Comment gerer les password MD5 du fichier de conf (les garder secrets tout en publiant le reste)
* Atelier ?
** Laurent GUERBY
** Solarus
** Ajouter son nom...
h1. Liens
* http://www.cl.cam.ac.uk/~tgg22/talks/BGP_TUTORIAL_ICNP_2002.ppt
* http://www.menog.net/menog-meetings/menog5/presentations/smith-32bit-asn-update.pdf
* AS4 http://www.rfc-editor.org/rfc/rfc4893.txt
h1. Configuration Toulouse
<pre>
router id 91.224.148.2;
define myas = 197422;
protocol device {
scan time 10;
primary "eth0" 91.224.148.3;
}
protocol static static_bgp {
import all;
route 91.224.148.0/23 reject;
}
protocol kernel{
import all;
export all;
}
function avoid_martians()
prefix set martians;
{
martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+ ];
# Avoid 0.0.0.0/X
if net.ip = 0.0.0.0 then return false;
# Avoid too short and too long prefixes
if (net.len < 8) || (net.len > 24) then return false;
# Avoid RFC1918 networks
if net ~ martians then return false;
return true;
}
filter bgp_OUT {
if (net ~ [91.224.148.0/23]) then accept;
else reject;
}
protocol bgp TOUIX {
local as myas;
neighbor 91.213.236.1 as 47184;
preference 200;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp JAGUAR {
local as myas;
neighbor 31.172.233.1 as 30781;
preference 50;
import where avoid_martians();
export filter bgp_OUT;
}
protocol bgp TETANEUTRAL {
local as myas;
neighbor 91.224.148.2 as myas;
preference 100;
import where avoid_martians();
export all;
}
</pre>