Projet

Général

Profil

BGP » Historique » Version 177

Laurent GUERBY, 13/09/2015 13:45

1 20 Laurent GUERBY
{{>toc}}
2 20 Laurent GUERBY
3 1 Laurent GUERBY
h1. BGP
4 1 Laurent GUERBY
5 175 Laurent GUERBY
h2. Liens
6 175 Laurent GUERBY
7 1 Laurent GUERBY
Nous utilisons BIRD sous Linux comme routeur BGP
8 1 Laurent GUERBY
9 1 Laurent GUERBY
http://bird.network.cz/
10 1 Laurent GUERBY
11 14 Laurent GUERBY
blog bgp http://www.renesys.com/blog/
12 15 Laurent GUERBY
flowspec http://www.slideshare.net/sfouant/an-introduction-to-bgp-flow-spec
13 16 Laurent GUERBY
DFZ = Default Free Zone archive http://archive.routeviews.org/
14 17 Laurent GUERBY
http://www.ripe.net/data-tools/stats/ris/routing-information-service
15 65 Laurent GUERBY
https://stat.ripe.net/widget/announced-prefixes
16 17 Laurent GUERBY
http://pch.net/resources/data/routing-tables/archive/
17 17 Laurent GUERBY
http://pch.net/resources/data/routing-tables/mrt-bgp-updates/
18 18 Laurent GUERBY
http://www.nanog.org/meetings/archive/
19 52 Laurent GUERBY
http://tools.ietf.org/html/draft-lapukhov-bgp-routing-large-dc-02
20 14 Laurent GUERBY
21 43 Laurent GUERBY
http://inside.godaddy.com/inside-story-happened-godaddy-com-sept-10-2012/
22 43 Laurent GUERBY
23 67 Laurent GUERBY
liste des communautés des opérateurs http://onesc.net/communities/ via http://www.bortzmeyer.org/7153.html
24 66 Laurent GUERBY
25 55 Laurent GUERBY
http://tools.ietf.org/html/rfc4271#section-9.1 BGP route decision process
26 55 Laurent GUERBY
27 29 Laurent GUERBY
http://www.ipbcop.org/
28 29 Laurent GUERBY
IP Best Current Operational Practices Documented best practices for Engineers by Engineers
29 29 Laurent GUERBY
30 30 Laurent GUERBY
BGP best practices ANSSI
31 30 Laurent GUERBY
https://www.sstic.org/media/SSTIC2012/SSTIC-actes/influence_des_bonnes_pratiques_sur_les_incidents_b/SSTIC2012-Article-influence_des_bonnes_pratiques_sur_les_incidents_bgp-contat_valadon_nataf_2.pdf
32 62 Laurent GUERBY
http://www.ssi.gouv.fr/fr/bonnes-pratiques/recommandations-et-guides/securite-des-reseaux/le-guide-des-bonnes-pratiques-de-configuration-de-bgp.html
33 64 Laurent GUERBY
http://tools.ietf.org/html/draft-ietf-opsec-bgp-security-01
34 30 Laurent GUERBY
35 37 Laurent GUERBY
https://www.ams-ix.net/technical/specifications-descriptions/ams-ix-route-servers
36 37 Laurent GUERBY
37 39 Laurent GUERBY
these LAAS BGP http://www.laas.fr/1-31360-Detail-Soutenance-de-these.php?id=600
38 41 Laurent GUERBY
http://www.laas.fr/1-31706-Publications.php?author=7738
39 1 Laurent GUERBY
http://www.net.t-labs.tu-berlin.de/papers/OMUPMO-OOSICP-11.pdf
40 42 Laurent GUERBY
http://hal.archives-ouvertes.fr/docs/00/60/53/83/PDF/dVirt-virtual_platform.pdf
41 42 Laurent GUERBY
http://hal.archives-ouvertes.fr/docs/00/48/70/74/PDF/Poster_SIGCOMM2010_philippe.pdf
42 40 Laurent GUERBY
43 44 Laurent GUERBY
Le monde sur BGP http://reseaux.blog.lemonde.fr/2012/11/04/routage-enjeu-cyberstrategie/
44 44 Laurent GUERBY
45 45 Laurent GUERBY
coupure free wanadoo http://www.journaldunet.com/solutions/0301/030122_freeft.shtml
46 45 Laurent GUERBY
47 46 Laurent GUERBY
tsunami Japon 2011 et BGP : http://archive.psg.com/111206.conext-quake.pdf
48 46 Laurent GUERBY
49 47 Laurent GUERBY
Session is up on telnet:route-views.routeviews.org username rviews
50 47 Laurent GUERBY
51 48 Laurent GUERBY
BGP book http://www.bortzmeyer.org/files/bgp.html
52 48 Laurent GUERBY
53 49 Laurent GUERBY
Cyclops is able to detect several forms of route hijack attacks http://cyclops.cs.ucla.edu/
54 50 Laurent GUERBY
BGPmon monitors the routing of your prefixes and alerts you in case of an 'interesting' path chang http://www.bgpmon.net/
55 49 Laurent GUERBY
56 53 Laurent GUERBY
http://jointtransit.nl/prices.html
57 53 Laurent GUERBY
58 54 Laurent GUERBY
http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho
59 54 Laurent GUERBY
60 51 Laurent GUERBY
* taille table de routage http://bgp.potaroo.net/
61 1 Laurent GUERBY
62 65 Laurent GUERBY
* BGP	in	2011	 Geoff	Huston	 APNIC http://iepg.org/2011-11-ietf82/2011-11-13-bgp2011.pdf
63 56 Laurent GUERBY
64 57 Laurent GUERBY
* http://pages.cs.wisc.edu/~plonka/netgear-sntp/
65 57 Laurent GUERBY
66 58 Laurent GUERBY
* http://www.afnic.fr/fr/l-afnic-en-bref/actualites/actualites-generales/7114/show/l-observatoire-sur-la-resilience-de-l-internet-francais-publie-son-rapport-2012.html
67 58 Laurent GUERBY
68 59 Laurent GUERBY
* http://www.ris.ripe.net/dashboard/2a01:6600:8000::/40
69 59 Laurent GUERBY
70 60 Laurent GUERBY
* http://www.bortzmeyer.org/6996.html
71 60 Laurent GUERBY
** RFC 6996 : Autonomous System (AS) Reservation for Private Use
72 60 Laurent GUERBY
** http://www.iana.org/assignments/as-numbers
73 60 Laurent GUERBY
74 61 Laurent GUERBY
* Look for TRACEROUTE by SRCGUARDIAN in the Play Store.   It needs network access only...  Doesn't do TCP but does ICMP and UDP traceroutes and displays ASN as well ...
75 61 Laurent GUERBY
76 63 Laurent GUERBY
* http://www.team-cymru.org/Services/Bogons/bgp.html
77 63 Laurent GUERBY
** http://www.team-cymru.org/Services/Bogons/bgp-examples.html#bird-full
78 175 Laurent GUERBY
79 175 Laurent GUERBY
* 3D looking glass  http://as2914.net/#/
80 63 Laurent GUERBY
81 177 Laurent GUERBY
* https://labs.ripe.net/Members/emileaben/has-the-routability-of-longer-than-24-prefixes-changed
82 177 Laurent GUERBY
83 171 Laurent GUERBY
h1. Bird
84 171 Laurent GUERBY
85 171 Laurent GUERBY
h2. Link local IPv6 static route
86 171 Laurent GUERBY
87 171 Laurent GUERBY
<pre>
88 171 Laurent GUERBY
    protocol direct {
89 171 Laurent GUERBY
      interface "eth0";
90 171 Laurent GUERBY
    }
91 171 Laurent GUERBY
92 171 Laurent GUERBY
    protocol static {
93 171 Laurent GUERBY
      route 2001:db8::/32 via fe80::1%eth0;
94 171 Laurent GUERBY
    }
95 171 Laurent GUERBY
</pre>
96 171 Laurent GUERBY
97 172 Laurent GUERBY
h2. Gitoyen BIRD config
98 172 Laurent GUERBY
99 172 Laurent GUERBY
https://code.ffdn.org/gitoyen/bird-config/
100 171 Laurent GUERBY
101 176 Laurent GUERBY
Et autres outils dont le blackholing automatique : https://code.ffdn.org/org/gitoyen
102 176 Laurent GUERBY
103 173 Laurent GUERBY
h2. Misc BIRD Links
104 173 Laurent GUERBY
105 173 Laurent GUERBY
* zeromq integration https://github.com/samrussell/bird/tree/zmqintegration
106 174 Laurent GUERBY
* https://www.netdev01.org/docs/prabhu-linux_ipv4_ipv6_inconsistencies_talk_slides.pdf
107 173 Laurent GUERBY
108 38 Laurent GUERBY
h1. TouIX et GIX
109 38 Laurent GUERBY
110 38 Laurent GUERBY
http://touix.net
111 38 Laurent GUERBY
http://wikilulu.net/doku.php?id=articles:gix-howto
112 38 Laurent GUERBY
113 3 Laurent GUERBY
h1. Evolutions de la conf BGP
114 3 Laurent GUERBY
115 3 Laurent GUERBY
* http://lists.tetaneutral.net/pipermail/technique/2011-December/000118.html
116 3 Laurent GUERBY
117 5 Laurent GUERBY
TODO: 
118 6 Laurent GUERBY
* mise en place d'un gestionaire de version style git au moins pour documentation
119 5 Laurent GUERBY
* Comment gerer les password MD5 du fichier de conf (les garder secrets tout en publiant le reste)
120 5 Laurent GUERBY
* Atelier ?
121 7 Laurent GUERBY
** Laurent GUERBY
122 9 Raphaël Durand
** Solarus
123 10 Raphaël Durand
** Ajouter son nom...
124 4 Laurent GUERBY
125 13 Laurent GUERBY
Alternative a MP BGP
126 13 Laurent GUERBY
http://tools.ietf.org/html/draft-ietf-idr-bgp-multisession-06
127 13 Laurent GUERBY
128 31 Laurent GUERBY
Add Path
129 31 Laurent GUERBY
http://tools.ietf.org/html/draft-ietf-idr-add-paths-07
130 31 Laurent GUERBY
support in bird ? http://marc.info/?l=bird-users&m=134409996129466&w=2
131 31 Laurent GUERBY
132 2 Laurent GUERBY
h1. Liens
133 2 Laurent GUERBY
134 2 Laurent GUERBY
* http://www.cl.cam.ac.uk/~tgg22/talks/BGP_TUTORIAL_ICNP_2002.ppt
135 11 Laurent GUERBY
* http://www.menog.net/menog-meetings/menog5/presentations/smith-32bit-asn-update.pdf
136 12 Laurent GUERBY
* AS4 http://www.rfc-editor.org/rfc/rfc4893.txt
137 19 Laurent GUERBY
* bonnes pratiques incidents BGP
138 19 Laurent GUERBY
** https://www.sstic.org/media/SSTIC2012/SSTIC-actes/influence_des_bonnes_pratiques_sur_les_incidents_b/SSTIC2012-Slides-influence_des_bonnes_pratiques_sur_les_incidents_bgp-contat_valadon_nataf.pdf
139 35 Laurent GUERBY
* test ping plus UDP http://www.broadband-forum.org/technical/download/TR-143.pdf
140 2 Laurent GUERBY
141 1 Laurent GUERBY
h1. Configuration Toulouse
142 1 Laurent GUERBY
143 1 Laurent GUERBY
<pre>
144 1 Laurent GUERBY
router id 91.224.148.2;
145 1 Laurent GUERBY
define myas = 197422;
146 1 Laurent GUERBY
147 1 Laurent GUERBY
148 1 Laurent GUERBY
protocol device {
149 1 Laurent GUERBY
	scan time 10;
150 1 Laurent GUERBY
        primary "eth0" 91.224.148.3;
151 1 Laurent GUERBY
}
152 1 Laurent GUERBY
153 1 Laurent GUERBY
protocol static static_bgp {
154 1 Laurent GUERBY
	import all;
155 1 Laurent GUERBY
	route 91.224.148.0/23 reject;
156 1 Laurent GUERBY
}
157 1 Laurent GUERBY
158 1 Laurent GUERBY
159 1 Laurent GUERBY
protocol kernel{
160 1 Laurent GUERBY
	import all;
161 1 Laurent GUERBY
	export all;
162 1 Laurent GUERBY
}
163 1 Laurent GUERBY
164 1 Laurent GUERBY
165 1 Laurent GUERBY
function avoid_martians()
166 1 Laurent GUERBY
prefix set martians;
167 1 Laurent GUERBY
{
168 1 Laurent GUERBY
  martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+ ];
169 1 Laurent GUERBY
170 1 Laurent GUERBY
  # Avoid 0.0.0.0/X
171 1 Laurent GUERBY
  if net.ip = 0.0.0.0 then return false;
172 1 Laurent GUERBY
173 1 Laurent GUERBY
  # Avoid too short and too long prefixes
174 1 Laurent GUERBY
  if (net.len < 8) || (net.len > 24) then return false;
175 1 Laurent GUERBY
176 1 Laurent GUERBY
  # Avoid RFC1918 networks
177 1 Laurent GUERBY
  if net ~ martians then return false;
178 1 Laurent GUERBY
  return true;
179 1 Laurent GUERBY
}
180 1 Laurent GUERBY
181 1 Laurent GUERBY
filter bgp_OUT {
182 1 Laurent GUERBY
	if (net ~ [91.224.148.0/23]) then accept;
183 1 Laurent GUERBY
	else reject;
184 1 Laurent GUERBY
}
185 1 Laurent GUERBY
186 1 Laurent GUERBY
187 1 Laurent GUERBY
protocol bgp TOUIX {
188 1 Laurent GUERBY
        local as myas;
189 1 Laurent GUERBY
        neighbor 91.213.236.1 as 47184;
190 1 Laurent GUERBY
        preference 200;
191 1 Laurent GUERBY
        import where avoid_martians();
192 1 Laurent GUERBY
        export filter bgp_OUT;
193 1 Laurent GUERBY
}
194 1 Laurent GUERBY
195 1 Laurent GUERBY
protocol bgp JAGUAR {
196 1 Laurent GUERBY
	 local as myas;
197 1 Laurent GUERBY
	 neighbor 31.172.233.1 as 30781;
198 1 Laurent GUERBY
	 preference 50;
199 1 Laurent GUERBY
         import where avoid_martians();
200 1 Laurent GUERBY
         export filter bgp_OUT;
201 1 Laurent GUERBY
}
202 1 Laurent GUERBY
203 1 Laurent GUERBY
protocol bgp TETANEUTRAL {
204 1 Laurent GUERBY
	local as myas;
205 1 Laurent GUERBY
	neighbor 91.224.148.2 as myas;
206 1 Laurent GUERBY
	preference 100;
207 1 Laurent GUERBY
	import where avoid_martians();
208 1 Laurent GUERBY
	export all;
209 1 Laurent GUERBY
}
210 1 Laurent GUERBY
</pre>
211 20 Laurent GUERBY
212 33 Laurent GUERBY
h1. IRR
213 33 Laurent GUERBY
214 33 Laurent GUERBY
* From nanog:
215 33 Laurent GUERBY
http://www.clarksys.com/blog/2009/09/02/using-irr-with-level3/
216 33 Laurent GUERBY
whois -h filtergen.level3.net "RIPE::YOUR-AS-SET  -searchpath=RIPE;ARIN;RADB -recurseok -warnonly"
217 33 Laurent GUERBY
218 20 Laurent GUERBY
h1. Blackholing
219 20 Laurent GUERBY
220 160 Laurent GUERBY
h2. DECIX
221 160 Laurent GUERBY
222 160 Laurent GUERBY
http://de-cix.net/products-services/de-cix-frankfurt/blackholing/
223 160 Laurent GUERBY
224 24 Laurent GUERBY
h2. Attaques
225 24 Laurent GUERBY
226 24 Laurent GUERBY
* 20120629 http://lists.tetaneutral.net/pipermail/technique/2012-July/000406.html
227 36 Laurent GUERBY
* http://blog.cloudflare.com/65gbps-ddos-no-problem
228 24 Laurent GUERBY
229 1 Laurent GUERBY
h2. URPF
230 34 Laurent GUERBY
231 65 Laurent GUERBY
blacklister une/plusieures sources est relativement complexe à mettre en place sur une petite infrastructure car nécessite la mise en place de l'URPF (Unicast Reverse Path Forwarding).
232 34 Laurent GUERBY
233 34 Laurent GUERBY
http://www.cisco.com/web/about/security/intelligence/ipv6_rtbh.html
234 34 Laurent GUERBY
235 20 Laurent GUERBY
h2. RFC3882 
236 1 Laurent GUERBY
237 22 Laurent GUERBY
* http://www.ietf.org/rfc/rfc3882.txt
238 1 Laurent GUERBY
community AS:666 sur annonce /32 pour balckhole par AS upstream
239 1 Laurent GUERBY
240 22 Laurent GUERBY
* doc CISCO
241 22 Laurent GUERBY
http://www.cisco.com/web/about/security/intelligence/blackhole.pdf
242 22 Laurent GUERBY
243 28 Laurent GUERBY
h2. RFC1997
244 28 Laurent GUERBY
245 28 Laurent GUERBY
* http://www.ietf.org/rfc/rfc1997.txt
246 28 Laurent GUERBY
BGP Communities Attribute
247 28 Laurent GUERBY
248 28 Laurent GUERBY
* doc CISCO
249 28 Laurent GUERBY
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_6-2/bgp_communities.html
250 28 Laurent GUERBY
251 22 Laurent GUERBY
h2. BIRD
252 22 Laurent GUERBY
253 22 Laurent GUERBY
* http://www.mail-archive.com/bird-users@atrey.karlin.mff.cuni.cz/msg01998.html
254 1 Laurent GUERBY
255 24 Laurent GUERBY
h2. Absolight
256 24 Laurent GUERBY
257 65 Laurent GUERBY
* communauté 29608:65001 sur /24..32 IPv4 et /41..128 IPv6 => blackhole
258 65 Laurent GUERBY
* test 20120703 IPv4 et IPv6, ça marche et convergence très rapide
259 24 Laurent GUERBY
260 22 Laurent GUERBY
h2. GIXE
261 1 Laurent GUERBY
262 65 Laurent GUERBY
* communauté 31576:666 sur /32 => blackhole
263 65 Laurent GUERBY
* test 20120703 => marche pas encore, signalé et dev a faire coté GIXE pour autoriser les /32
264 1 Laurent GUERBY
265 1 Laurent GUERBY
h2. Jaguar 
266 22 Laurent GUERBY
267 24 Laurent GUERBY
* https://extranet.jaguar-network.com/app/public/index.php?cmd=bgp-policy
268 65 Laurent GUERBY
* demande 20120702 : pas de communauté blackhole actuellement, en reflexion
269 65 Laurent GUERBY
* déploiement de matériel arbor networks, reglage a affiner (pas de detection d'attaque)
270 22 Laurent GUERBY
271 27 Laurent GUERBY
h2. Gitoyen
272 27 Laurent GUERBY
273 65 Laurent GUERBY
* demande 20120704 sur la liste, réponse 20120717
274 28 Laurent GUERBY
* Tata http://noc.easycolocate.nl/Teleglobe_bgp_comm.pdf
275 65 Laurent GUERBY
*** => black-hole route (host route or shorter prefix within customer’s RIR registred assignment) 64999:0
276 28 Laurent GUERBY
* Ielo  whois AS29075 => 29075:0 Null-route/Blackhole
277 32 Laurent GUERBY
* https://pad.ilico.org/p/cleanup-bgp-gitoyen
278 22 Laurent GUERBY
279 22 Laurent GUERBY
h2. France-IX
280 22 Laurent GUERBY
281 25 Laurent GUERBY
* community plan : https://apps.db.ripe.net/whois/lookup/ripe/aut-num/AS51706.html
282 26 Laurent GUERBY
* TODO tester
283 22 Laurent GUERBY
284 22 Laurent GUERBY
h2. Equinix-IX
285 1 Laurent GUERBY
286 26 Laurent GUERBY
* community plan : https://ix.equinix.com/ixp/mlpeCommunityInfo
287 26 Laurent GUERBY
* TODO tester
288 22 Laurent GUERBY
289 1 Laurent GUERBY
h2. TouIX
290 22 Laurent GUERBY
291 26 Laurent GUERBY
* demande acces switch et route server 20120702
292 22 Laurent GUERBY
* TODO
293 1 Laurent GUERBY
294 1 Laurent GUERBY
h2. Hurricane Electric
295 1 Laurent GUERBY
296 26 Laurent GUERBY
* http://www.he.net/adm/
297 1 Laurent GUERBY
* http://www.he.net/adm/blackhole.html
298 1 Laurent GUERBY
* TODO tester
299 28 Laurent GUERBY
300 28 Laurent GUERBY
h2. Sfinx
301 28 Laurent GUERBY
302 28 Laurent GUERBY
* http://www.renater.fr/route-servers-bgp?lang=fr
303 28 Laurent GUERBY
* whois  AS1304 =>
304 28 Laurent GUERBY
remarks:        1304:65281 = Apply NO-EXPORT community
305 28 Laurent GUERBY
remarks:        1304:65282 = Apply NO-ADVERTISE community
306 161 Laurent GUERBY
307 161 Laurent GUERBY
h2. Cogent
308 161 Laurent GUERBY
309 166 Laurent GUERBY
h3. Docs
310 166 Laurent GUERBY
311 161 Laurent GUERBY
* http://www.cogentco.com/files/docs/customer_service/guide/global_cogent_customer_user_guide.pdf
312 162 Laurent GUERBY
** communautés page 21-22
313 169 Laurent GUERBY
* http://www.onesc.net/communities/as174/
314 170 Laurent GUERBY
* https://www.nanog.org/mailinglist/mailarchives/old_archive/2005-03/msg00465.html
315 166 Laurent GUERBY
* https://www.nanog.org/meetings/nanog45/presentations/Sunday/RAS_traceroute_N45.pdf
316 1 Laurent GUERBY
317 162 Laurent GUERBY
France / Benelux:
318 162 Laurent GUERBY
+33 1 49 03 1818 (Hotline)
319 162 Laurent GUERBY
+33 1 49 03 1803 (fax)
320 162 Laurent GUERBY
fr-support@cogentco.com (maintenance and repair)
321 162 Laurent GUERBY
bnl-support@cogentco.com (maintenance and repair))
322 162 Laurent GUERBY
billingeu@cogentco.com (billing, customer care)
323 162 Laurent GUERBY
All Customers in Europe can also contact the European Cogent Customer Support team
324 162 Laurent GUERBY
using the generic email address for Europe: eu-support@cogentco.com 
325 162 Laurent GUERBY
326 164 Laurent GUERBY
Livré comme demandé sur rocade optique Fullsave :
327 164 Laurent GUERBY
Livré sur TLS01.CB.KD-05/A.To02.03&04 (tiroir optique N°2, fibre 03&04).
328 165 Laurent GUERBY
Cogent physical port te0/0/2/3-rcr11.tls01
329 164 Laurent GUERBY
330 163 Laurent GUERBY
Order ID/Service ID: 1-166108500
331 163 Laurent GUERBY
Service Type: EU_L3_ON_10GE_BURST
332 163 Laurent GUERBY
Commitment: 1000.0 MBps
333 163 Laurent GUERBY
Service Address: 125 bis ch du Sang de Serp
334 163 Laurent GUERBY
livraison dans baie Fullsave / salle LAP Te0/0/2/3 rcr01.tls01 -- > TLS01.CB.KD-05/A.To02.03&04
335 163 Laurent GUERBY
Toulouse, FR France 31000
336 163 Laurent GUERBY
Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014
337 163 Laurent GUERBY
338 163 Laurent GUERBY
Order ID/Service ID: 1-166108524
339 163 Laurent GUERBY
Service Type: EU_L3_ON_IPV6DSTACK_FLAT
340 163 Laurent GUERBY
Commitment: 0.0 MBps
341 163 Laurent GUERBY
Service Address: 125 bis ch du Sang de Serp
342 163 Laurent GUERBY
IPv6s fort port order 1-166108500
343 163 Laurent GUERBY
Toulouse, FR France 31000
344 163 Laurent GUERBY
Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014
345 163 Laurent GUERBY
346 163 Laurent GUERBY
Order ID/Service ID: 1-166108512
347 163 Laurent GUERBY
Service Type: EU_L0_ON_XCFIBER_FLAT
348 163 Laurent GUERBY
Commitment: 0.0 MBps
349 163 Laurent GUERBY
Service Address: 125 bis ch du Sang de Serp
350 163 Laurent GUERBY
Te0/0/2/3 rcr01.tls01 -- > TLS01.CB.KD-05/A.To02.03&04 port order 1-166108500
351 163 Laurent GUERBY
Toulouse, FR France 31000
352 163 Laurent GUERBY
Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014
353 162 Laurent GUERBY
354 162 Laurent GUERBY
h3. Config initiale BGP Cogent
355 162 Laurent GUERBY
356 161 Laurent GUERBY
<pre>
357 161 Laurent GUERBY
root@h7:~# cat /etc/bird/bird.conf
358 161 Laurent GUERBY
router id 149.11.58.74;
359 161 Laurent GUERBY
360 161 Laurent GUERBY
define myas = 197422;
361 161 Laurent GUERBY
362 161 Laurent GUERBY
timeformat base     iso long;
363 161 Laurent GUERBY
timeformat log      iso long;
364 161 Laurent GUERBY
timeformat protocol iso long;
365 161 Laurent GUERBY
timeformat route    iso long;
366 161 Laurent GUERBY
367 161 Laurent GUERBY
log "/var/log/bird/bird-20140527.log" all;
368 161 Laurent GUERBY
369 161 Laurent GUERBY
debug commands 2;
370 161 Laurent GUERBY
371 161 Laurent GUERBY
debug protocols { states, events };
372 161 Laurent GUERBY
373 161 Laurent GUERBY
protocol device {
374 161 Laurent GUERBY
        scan time 10;
375 161 Laurent GUERBY
}
376 161 Laurent GUERBY
377 161 Laurent GUERBY
protocol kernel {
378 161 Laurent GUERBY
        import all;
379 161 Laurent GUERBY
        export all;
380 161 Laurent GUERBY
        learn;
381 161 Laurent GUERBY
}
382 161 Laurent GUERBY
383 161 Laurent GUERBY
filter bgp_OUT {
384 167 Laurent GUERBY
        if (net ~ [91.224.148.0/23, 80.67.182.0/24, 89.234.156.0/23]) then {
385 167 Laurent GUERBY
          accept;
386 167 Laurent GUERBY
        }
387 161 Laurent GUERBY
        reject;
388 161 Laurent GUERBY
}
389 161 Laurent GUERBY
390 161 Laurent GUERBY
filter bgp_IN_PEERING {
391 161 Laurent GUERBY
       accept;
392 161 Laurent GUERBY
}
393 161 Laurent GUERBY
394 161 Laurent GUERBY
protocol bgp COGENT_TLS00 {
395 161 Laurent GUERBY
        local as myas;
396 161 Laurent GUERBY
        neighbor 149.11.58.73 as 174;
397 161 Laurent GUERBY
        import filter bgp_IN_PEERING;
398 161 Laurent GUERBY
        export filter bgp_OUT;
399 161 Laurent GUERBY
}
400 161 Laurent GUERBY
root@h7:~# cat /etc/bird/bird6.conf
401 161 Laurent GUERBY
router id 149.11.58.74;
402 161 Laurent GUERBY
403 161 Laurent GUERBY
define myas = 197422;
404 161 Laurent GUERBY
405 161 Laurent GUERBY
timeformat base     iso long;
406 161 Laurent GUERBY
timeformat log      iso long;
407 161 Laurent GUERBY
timeformat protocol iso long;
408 161 Laurent GUERBY
timeformat route    iso long;
409 161 Laurent GUERBY
410 161 Laurent GUERBY
log "/var/log/bird/bird6-20140527.log" all;
411 161 Laurent GUERBY
412 161 Laurent GUERBY
debug commands 2;
413 161 Laurent GUERBY
414 161 Laurent GUERBY
debug protocols { states, events };
415 161 Laurent GUERBY
416 161 Laurent GUERBY
listen bgp v6only;
417 161 Laurent GUERBY
418 161 Laurent GUERBY
protocol device {
419 161 Laurent GUERBY
        scan time 10;
420 161 Laurent GUERBY
}
421 161 Laurent GUERBY
422 161 Laurent GUERBY
protocol kernel {
423 161 Laurent GUERBY
        import all;
424 161 Laurent GUERBY
        export all;
425 161 Laurent GUERBY
        learn;
426 161 Laurent GUERBY
}
427 161 Laurent GUERBY
428 161 Laurent GUERBY
filter bgp_OUT_6 {
429 168 Laurent GUERBY
        if (net ~ [2a01:6600:8000::/40]) then {
430 168 Laurent GUERBY
          accept;
431 168 Laurent GUERBY
        }
432 161 Laurent GUERBY
        reject;
433 161 Laurent GUERBY
}
434 161 Laurent GUERBY
435 161 Laurent GUERBY
filter bgp_IN_PEERING_6 {
436 161 Laurent GUERBY
       accept;
437 161 Laurent GUERBY
}
438 161 Laurent GUERBY
439 161 Laurent GUERBY
protocol bgp COGENT_TLS00_6 {
440 161 Laurent GUERBY
        local as myas;
441 161 Laurent GUERBY
        neighbor 2001:978:2:68::8:1 as 174;
442 161 Laurent GUERBY
        import filter bgp_IN_PEERING_6;
443 161 Laurent GUERBY
        export filter bgp_OUT_6;
444 161 Laurent GUERBY
}
445 161 Laurent GUERBY
</pre>