BGP » Historique » Version 177
Laurent GUERBY, 13/09/2015 13:45
1 | 20 | Laurent GUERBY | {{>toc}} |
---|---|---|---|
2 | 20 | Laurent GUERBY | |
3 | 1 | Laurent GUERBY | h1. BGP |
4 | 1 | Laurent GUERBY | |
5 | 175 | Laurent GUERBY | h2. Liens |
6 | 175 | Laurent GUERBY | |
7 | 1 | Laurent GUERBY | Nous utilisons BIRD sous Linux comme routeur BGP |
8 | 1 | Laurent GUERBY | |
9 | 1 | Laurent GUERBY | http://bird.network.cz/ |
10 | 1 | Laurent GUERBY | |
11 | 14 | Laurent GUERBY | blog bgp http://www.renesys.com/blog/ |
12 | 15 | Laurent GUERBY | flowspec http://www.slideshare.net/sfouant/an-introduction-to-bgp-flow-spec |
13 | 16 | Laurent GUERBY | DFZ = Default Free Zone archive http://archive.routeviews.org/ |
14 | 17 | Laurent GUERBY | http://www.ripe.net/data-tools/stats/ris/routing-information-service |
15 | 65 | Laurent GUERBY | https://stat.ripe.net/widget/announced-prefixes |
16 | 17 | Laurent GUERBY | http://pch.net/resources/data/routing-tables/archive/ |
17 | 17 | Laurent GUERBY | http://pch.net/resources/data/routing-tables/mrt-bgp-updates/ |
18 | 18 | Laurent GUERBY | http://www.nanog.org/meetings/archive/ |
19 | 52 | Laurent GUERBY | http://tools.ietf.org/html/draft-lapukhov-bgp-routing-large-dc-02 |
20 | 14 | Laurent GUERBY | |
21 | 43 | Laurent GUERBY | http://inside.godaddy.com/inside-story-happened-godaddy-com-sept-10-2012/ |
22 | 43 | Laurent GUERBY | |
23 | 67 | Laurent GUERBY | liste des communautés des opérateurs http://onesc.net/communities/ via http://www.bortzmeyer.org/7153.html |
24 | 66 | Laurent GUERBY | |
25 | 55 | Laurent GUERBY | http://tools.ietf.org/html/rfc4271#section-9.1 BGP route decision process |
26 | 55 | Laurent GUERBY | |
27 | 29 | Laurent GUERBY | http://www.ipbcop.org/ |
28 | 29 | Laurent GUERBY | IP Best Current Operational Practices Documented best practices for Engineers by Engineers |
29 | 29 | Laurent GUERBY | |
30 | 30 | Laurent GUERBY | BGP best practices ANSSI |
31 | 30 | Laurent GUERBY | https://www.sstic.org/media/SSTIC2012/SSTIC-actes/influence_des_bonnes_pratiques_sur_les_incidents_b/SSTIC2012-Article-influence_des_bonnes_pratiques_sur_les_incidents_bgp-contat_valadon_nataf_2.pdf |
32 | 62 | Laurent GUERBY | http://www.ssi.gouv.fr/fr/bonnes-pratiques/recommandations-et-guides/securite-des-reseaux/le-guide-des-bonnes-pratiques-de-configuration-de-bgp.html |
33 | 64 | Laurent GUERBY | http://tools.ietf.org/html/draft-ietf-opsec-bgp-security-01 |
34 | 30 | Laurent GUERBY | |
35 | 37 | Laurent GUERBY | https://www.ams-ix.net/technical/specifications-descriptions/ams-ix-route-servers |
36 | 37 | Laurent GUERBY | |
37 | 39 | Laurent GUERBY | these LAAS BGP http://www.laas.fr/1-31360-Detail-Soutenance-de-these.php?id=600 |
38 | 41 | Laurent GUERBY | http://www.laas.fr/1-31706-Publications.php?author=7738 |
39 | 1 | Laurent GUERBY | http://www.net.t-labs.tu-berlin.de/papers/OMUPMO-OOSICP-11.pdf |
40 | 42 | Laurent GUERBY | http://hal.archives-ouvertes.fr/docs/00/60/53/83/PDF/dVirt-virtual_platform.pdf |
41 | 42 | Laurent GUERBY | http://hal.archives-ouvertes.fr/docs/00/48/70/74/PDF/Poster_SIGCOMM2010_philippe.pdf |
42 | 40 | Laurent GUERBY | |
43 | 44 | Laurent GUERBY | Le monde sur BGP http://reseaux.blog.lemonde.fr/2012/11/04/routage-enjeu-cyberstrategie/ |
44 | 44 | Laurent GUERBY | |
45 | 45 | Laurent GUERBY | coupure free wanadoo http://www.journaldunet.com/solutions/0301/030122_freeft.shtml |
46 | 45 | Laurent GUERBY | |
47 | 46 | Laurent GUERBY | tsunami Japon 2011 et BGP : http://archive.psg.com/111206.conext-quake.pdf |
48 | 46 | Laurent GUERBY | |
49 | 47 | Laurent GUERBY | Session is up on telnet:route-views.routeviews.org username rviews |
50 | 47 | Laurent GUERBY | |
51 | 48 | Laurent GUERBY | BGP book http://www.bortzmeyer.org/files/bgp.html |
52 | 48 | Laurent GUERBY | |
53 | 49 | Laurent GUERBY | Cyclops is able to detect several forms of route hijack attacks http://cyclops.cs.ucla.edu/ |
54 | 50 | Laurent GUERBY | BGPmon monitors the routing of your prefixes and alerts you in case of an 'interesting' path chang http://www.bgpmon.net/ |
55 | 49 | Laurent GUERBY | |
56 | 53 | Laurent GUERBY | http://jointtransit.nl/prices.html |
57 | 53 | Laurent GUERBY | |
58 | 54 | Laurent GUERBY | http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho |
59 | 54 | Laurent GUERBY | |
60 | 51 | Laurent GUERBY | * taille table de routage http://bgp.potaroo.net/ |
61 | 1 | Laurent GUERBY | |
62 | 65 | Laurent GUERBY | * BGP in 2011 Geoff Huston APNIC http://iepg.org/2011-11-ietf82/2011-11-13-bgp2011.pdf |
63 | 56 | Laurent GUERBY | |
64 | 57 | Laurent GUERBY | * http://pages.cs.wisc.edu/~plonka/netgear-sntp/ |
65 | 57 | Laurent GUERBY | |
66 | 58 | Laurent GUERBY | * http://www.afnic.fr/fr/l-afnic-en-bref/actualites/actualites-generales/7114/show/l-observatoire-sur-la-resilience-de-l-internet-francais-publie-son-rapport-2012.html |
67 | 58 | Laurent GUERBY | |
68 | 59 | Laurent GUERBY | * http://www.ris.ripe.net/dashboard/2a01:6600:8000::/40 |
69 | 59 | Laurent GUERBY | |
70 | 60 | Laurent GUERBY | * http://www.bortzmeyer.org/6996.html |
71 | 60 | Laurent GUERBY | ** RFC 6996 : Autonomous System (AS) Reservation for Private Use |
72 | 60 | Laurent GUERBY | ** http://www.iana.org/assignments/as-numbers |
73 | 60 | Laurent GUERBY | |
74 | 61 | Laurent GUERBY | * Look for TRACEROUTE by SRCGUARDIAN in the Play Store. It needs network access only... Doesn't do TCP but does ICMP and UDP traceroutes and displays ASN as well ... |
75 | 61 | Laurent GUERBY | |
76 | 63 | Laurent GUERBY | * http://www.team-cymru.org/Services/Bogons/bgp.html |
77 | 63 | Laurent GUERBY | ** http://www.team-cymru.org/Services/Bogons/bgp-examples.html#bird-full |
78 | 175 | Laurent GUERBY | |
79 | 175 | Laurent GUERBY | * 3D looking glass http://as2914.net/#/ |
80 | 63 | Laurent GUERBY | |
81 | 177 | Laurent GUERBY | * https://labs.ripe.net/Members/emileaben/has-the-routability-of-longer-than-24-prefixes-changed |
82 | 177 | Laurent GUERBY | |
83 | 171 | Laurent GUERBY | h1. Bird |
84 | 171 | Laurent GUERBY | |
85 | 171 | Laurent GUERBY | h2. Link local IPv6 static route |
86 | 171 | Laurent GUERBY | |
87 | 171 | Laurent GUERBY | <pre> |
88 | 171 | Laurent GUERBY | protocol direct { |
89 | 171 | Laurent GUERBY | interface "eth0"; |
90 | 171 | Laurent GUERBY | } |
91 | 171 | Laurent GUERBY | |
92 | 171 | Laurent GUERBY | protocol static { |
93 | 171 | Laurent GUERBY | route 2001:db8::/32 via fe80::1%eth0; |
94 | 171 | Laurent GUERBY | } |
95 | 171 | Laurent GUERBY | </pre> |
96 | 171 | Laurent GUERBY | |
97 | 172 | Laurent GUERBY | h2. Gitoyen BIRD config |
98 | 172 | Laurent GUERBY | |
99 | 172 | Laurent GUERBY | https://code.ffdn.org/gitoyen/bird-config/ |
100 | 171 | Laurent GUERBY | |
101 | 176 | Laurent GUERBY | Et autres outils dont le blackholing automatique : https://code.ffdn.org/org/gitoyen |
102 | 176 | Laurent GUERBY | |
103 | 173 | Laurent GUERBY | h2. Misc BIRD Links |
104 | 173 | Laurent GUERBY | |
105 | 173 | Laurent GUERBY | * zeromq integration https://github.com/samrussell/bird/tree/zmqintegration |
106 | 174 | Laurent GUERBY | * https://www.netdev01.org/docs/prabhu-linux_ipv4_ipv6_inconsistencies_talk_slides.pdf |
107 | 173 | Laurent GUERBY | |
108 | 38 | Laurent GUERBY | h1. TouIX et GIX |
109 | 38 | Laurent GUERBY | |
110 | 38 | Laurent GUERBY | http://touix.net |
111 | 38 | Laurent GUERBY | http://wikilulu.net/doku.php?id=articles:gix-howto |
112 | 38 | Laurent GUERBY | |
113 | 3 | Laurent GUERBY | h1. Evolutions de la conf BGP |
114 | 3 | Laurent GUERBY | |
115 | 3 | Laurent GUERBY | * http://lists.tetaneutral.net/pipermail/technique/2011-December/000118.html |
116 | 3 | Laurent GUERBY | |
117 | 5 | Laurent GUERBY | TODO: |
118 | 6 | Laurent GUERBY | * mise en place d'un gestionaire de version style git au moins pour documentation |
119 | 5 | Laurent GUERBY | * Comment gerer les password MD5 du fichier de conf (les garder secrets tout en publiant le reste) |
120 | 5 | Laurent GUERBY | * Atelier ? |
121 | 7 | Laurent GUERBY | ** Laurent GUERBY |
122 | 9 | Raphaël Durand | ** Solarus |
123 | 10 | Raphaël Durand | ** Ajouter son nom... |
124 | 4 | Laurent GUERBY | |
125 | 13 | Laurent GUERBY | Alternative a MP BGP |
126 | 13 | Laurent GUERBY | http://tools.ietf.org/html/draft-ietf-idr-bgp-multisession-06 |
127 | 13 | Laurent GUERBY | |
128 | 31 | Laurent GUERBY | Add Path |
129 | 31 | Laurent GUERBY | http://tools.ietf.org/html/draft-ietf-idr-add-paths-07 |
130 | 31 | Laurent GUERBY | support in bird ? http://marc.info/?l=bird-users&m=134409996129466&w=2 |
131 | 31 | Laurent GUERBY | |
132 | 2 | Laurent GUERBY | h1. Liens |
133 | 2 | Laurent GUERBY | |
134 | 2 | Laurent GUERBY | * http://www.cl.cam.ac.uk/~tgg22/talks/BGP_TUTORIAL_ICNP_2002.ppt |
135 | 11 | Laurent GUERBY | * http://www.menog.net/menog-meetings/menog5/presentations/smith-32bit-asn-update.pdf |
136 | 12 | Laurent GUERBY | * AS4 http://www.rfc-editor.org/rfc/rfc4893.txt |
137 | 19 | Laurent GUERBY | * bonnes pratiques incidents BGP |
138 | 19 | Laurent GUERBY | ** https://www.sstic.org/media/SSTIC2012/SSTIC-actes/influence_des_bonnes_pratiques_sur_les_incidents_b/SSTIC2012-Slides-influence_des_bonnes_pratiques_sur_les_incidents_bgp-contat_valadon_nataf.pdf |
139 | 35 | Laurent GUERBY | * test ping plus UDP http://www.broadband-forum.org/technical/download/TR-143.pdf |
140 | 2 | Laurent GUERBY | |
141 | 1 | Laurent GUERBY | h1. Configuration Toulouse |
142 | 1 | Laurent GUERBY | |
143 | 1 | Laurent GUERBY | <pre> |
144 | 1 | Laurent GUERBY | router id 91.224.148.2; |
145 | 1 | Laurent GUERBY | define myas = 197422; |
146 | 1 | Laurent GUERBY | |
147 | 1 | Laurent GUERBY | |
148 | 1 | Laurent GUERBY | protocol device { |
149 | 1 | Laurent GUERBY | scan time 10; |
150 | 1 | Laurent GUERBY | primary "eth0" 91.224.148.3; |
151 | 1 | Laurent GUERBY | } |
152 | 1 | Laurent GUERBY | |
153 | 1 | Laurent GUERBY | protocol static static_bgp { |
154 | 1 | Laurent GUERBY | import all; |
155 | 1 | Laurent GUERBY | route 91.224.148.0/23 reject; |
156 | 1 | Laurent GUERBY | } |
157 | 1 | Laurent GUERBY | |
158 | 1 | Laurent GUERBY | |
159 | 1 | Laurent GUERBY | protocol kernel{ |
160 | 1 | Laurent GUERBY | import all; |
161 | 1 | Laurent GUERBY | export all; |
162 | 1 | Laurent GUERBY | } |
163 | 1 | Laurent GUERBY | |
164 | 1 | Laurent GUERBY | |
165 | 1 | Laurent GUERBY | function avoid_martians() |
166 | 1 | Laurent GUERBY | prefix set martians; |
167 | 1 | Laurent GUERBY | { |
168 | 1 | Laurent GUERBY | martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+ ]; |
169 | 1 | Laurent GUERBY | |
170 | 1 | Laurent GUERBY | # Avoid 0.0.0.0/X |
171 | 1 | Laurent GUERBY | if net.ip = 0.0.0.0 then return false; |
172 | 1 | Laurent GUERBY | |
173 | 1 | Laurent GUERBY | # Avoid too short and too long prefixes |
174 | 1 | Laurent GUERBY | if (net.len < 8) || (net.len > 24) then return false; |
175 | 1 | Laurent GUERBY | |
176 | 1 | Laurent GUERBY | # Avoid RFC1918 networks |
177 | 1 | Laurent GUERBY | if net ~ martians then return false; |
178 | 1 | Laurent GUERBY | return true; |
179 | 1 | Laurent GUERBY | } |
180 | 1 | Laurent GUERBY | |
181 | 1 | Laurent GUERBY | filter bgp_OUT { |
182 | 1 | Laurent GUERBY | if (net ~ [91.224.148.0/23]) then accept; |
183 | 1 | Laurent GUERBY | else reject; |
184 | 1 | Laurent GUERBY | } |
185 | 1 | Laurent GUERBY | |
186 | 1 | Laurent GUERBY | |
187 | 1 | Laurent GUERBY | protocol bgp TOUIX { |
188 | 1 | Laurent GUERBY | local as myas; |
189 | 1 | Laurent GUERBY | neighbor 91.213.236.1 as 47184; |
190 | 1 | Laurent GUERBY | preference 200; |
191 | 1 | Laurent GUERBY | import where avoid_martians(); |
192 | 1 | Laurent GUERBY | export filter bgp_OUT; |
193 | 1 | Laurent GUERBY | } |
194 | 1 | Laurent GUERBY | |
195 | 1 | Laurent GUERBY | protocol bgp JAGUAR { |
196 | 1 | Laurent GUERBY | local as myas; |
197 | 1 | Laurent GUERBY | neighbor 31.172.233.1 as 30781; |
198 | 1 | Laurent GUERBY | preference 50; |
199 | 1 | Laurent GUERBY | import where avoid_martians(); |
200 | 1 | Laurent GUERBY | export filter bgp_OUT; |
201 | 1 | Laurent GUERBY | } |
202 | 1 | Laurent GUERBY | |
203 | 1 | Laurent GUERBY | protocol bgp TETANEUTRAL { |
204 | 1 | Laurent GUERBY | local as myas; |
205 | 1 | Laurent GUERBY | neighbor 91.224.148.2 as myas; |
206 | 1 | Laurent GUERBY | preference 100; |
207 | 1 | Laurent GUERBY | import where avoid_martians(); |
208 | 1 | Laurent GUERBY | export all; |
209 | 1 | Laurent GUERBY | } |
210 | 1 | Laurent GUERBY | </pre> |
211 | 20 | Laurent GUERBY | |
212 | 33 | Laurent GUERBY | h1. IRR |
213 | 33 | Laurent GUERBY | |
214 | 33 | Laurent GUERBY | * From nanog: |
215 | 33 | Laurent GUERBY | http://www.clarksys.com/blog/2009/09/02/using-irr-with-level3/ |
216 | 33 | Laurent GUERBY | whois -h filtergen.level3.net "RIPE::YOUR-AS-SET -searchpath=RIPE;ARIN;RADB -recurseok -warnonly" |
217 | 33 | Laurent GUERBY | |
218 | 20 | Laurent GUERBY | h1. Blackholing |
219 | 20 | Laurent GUERBY | |
220 | 160 | Laurent GUERBY | h2. DECIX |
221 | 160 | Laurent GUERBY | |
222 | 160 | Laurent GUERBY | http://de-cix.net/products-services/de-cix-frankfurt/blackholing/ |
223 | 160 | Laurent GUERBY | |
224 | 24 | Laurent GUERBY | h2. Attaques |
225 | 24 | Laurent GUERBY | |
226 | 24 | Laurent GUERBY | * 20120629 http://lists.tetaneutral.net/pipermail/technique/2012-July/000406.html |
227 | 36 | Laurent GUERBY | * http://blog.cloudflare.com/65gbps-ddos-no-problem |
228 | 24 | Laurent GUERBY | |
229 | 1 | Laurent GUERBY | h2. URPF |
230 | 34 | Laurent GUERBY | |
231 | 65 | Laurent GUERBY | blacklister une/plusieures sources est relativement complexe à mettre en place sur une petite infrastructure car nécessite la mise en place de l'URPF (Unicast Reverse Path Forwarding). |
232 | 34 | Laurent GUERBY | |
233 | 34 | Laurent GUERBY | http://www.cisco.com/web/about/security/intelligence/ipv6_rtbh.html |
234 | 34 | Laurent GUERBY | |
235 | 20 | Laurent GUERBY | h2. RFC3882 |
236 | 1 | Laurent GUERBY | |
237 | 22 | Laurent GUERBY | * http://www.ietf.org/rfc/rfc3882.txt |
238 | 1 | Laurent GUERBY | community AS:666 sur annonce /32 pour balckhole par AS upstream |
239 | 1 | Laurent GUERBY | |
240 | 22 | Laurent GUERBY | * doc CISCO |
241 | 22 | Laurent GUERBY | http://www.cisco.com/web/about/security/intelligence/blackhole.pdf |
242 | 22 | Laurent GUERBY | |
243 | 28 | Laurent GUERBY | h2. RFC1997 |
244 | 28 | Laurent GUERBY | |
245 | 28 | Laurent GUERBY | * http://www.ietf.org/rfc/rfc1997.txt |
246 | 28 | Laurent GUERBY | BGP Communities Attribute |
247 | 28 | Laurent GUERBY | |
248 | 28 | Laurent GUERBY | * doc CISCO |
249 | 28 | Laurent GUERBY | http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_6-2/bgp_communities.html |
250 | 28 | Laurent GUERBY | |
251 | 22 | Laurent GUERBY | h2. BIRD |
252 | 22 | Laurent GUERBY | |
253 | 22 | Laurent GUERBY | * http://www.mail-archive.com/bird-users@atrey.karlin.mff.cuni.cz/msg01998.html |
254 | 1 | Laurent GUERBY | |
255 | 24 | Laurent GUERBY | h2. Absolight |
256 | 24 | Laurent GUERBY | |
257 | 65 | Laurent GUERBY | * communauté 29608:65001 sur /24..32 IPv4 et /41..128 IPv6 => blackhole |
258 | 65 | Laurent GUERBY | * test 20120703 IPv4 et IPv6, ça marche et convergence très rapide |
259 | 24 | Laurent GUERBY | |
260 | 22 | Laurent GUERBY | h2. GIXE |
261 | 1 | Laurent GUERBY | |
262 | 65 | Laurent GUERBY | * communauté 31576:666 sur /32 => blackhole |
263 | 65 | Laurent GUERBY | * test 20120703 => marche pas encore, signalé et dev a faire coté GIXE pour autoriser les /32 |
264 | 1 | Laurent GUERBY | |
265 | 1 | Laurent GUERBY | h2. Jaguar |
266 | 22 | Laurent GUERBY | |
267 | 24 | Laurent GUERBY | * https://extranet.jaguar-network.com/app/public/index.php?cmd=bgp-policy |
268 | 65 | Laurent GUERBY | * demande 20120702 : pas de communauté blackhole actuellement, en reflexion |
269 | 65 | Laurent GUERBY | * déploiement de matériel arbor networks, reglage a affiner (pas de detection d'attaque) |
270 | 22 | Laurent GUERBY | |
271 | 27 | Laurent GUERBY | h2. Gitoyen |
272 | 27 | Laurent GUERBY | |
273 | 65 | Laurent GUERBY | * demande 20120704 sur la liste, réponse 20120717 |
274 | 28 | Laurent GUERBY | * Tata http://noc.easycolocate.nl/Teleglobe_bgp_comm.pdf |
275 | 65 | Laurent GUERBY | *** => black-hole route (host route or shorter prefix within customer’s RIR registred assignment) 64999:0 |
276 | 28 | Laurent GUERBY | * Ielo whois AS29075 => 29075:0 Null-route/Blackhole |
277 | 32 | Laurent GUERBY | * https://pad.ilico.org/p/cleanup-bgp-gitoyen |
278 | 22 | Laurent GUERBY | |
279 | 22 | Laurent GUERBY | h2. France-IX |
280 | 22 | Laurent GUERBY | |
281 | 25 | Laurent GUERBY | * community plan : https://apps.db.ripe.net/whois/lookup/ripe/aut-num/AS51706.html |
282 | 26 | Laurent GUERBY | * TODO tester |
283 | 22 | Laurent GUERBY | |
284 | 22 | Laurent GUERBY | h2. Equinix-IX |
285 | 1 | Laurent GUERBY | |
286 | 26 | Laurent GUERBY | * community plan : https://ix.equinix.com/ixp/mlpeCommunityInfo |
287 | 26 | Laurent GUERBY | * TODO tester |
288 | 22 | Laurent GUERBY | |
289 | 1 | Laurent GUERBY | h2. TouIX |
290 | 22 | Laurent GUERBY | |
291 | 26 | Laurent GUERBY | * demande acces switch et route server 20120702 |
292 | 22 | Laurent GUERBY | * TODO |
293 | 1 | Laurent GUERBY | |
294 | 1 | Laurent GUERBY | h2. Hurricane Electric |
295 | 1 | Laurent GUERBY | |
296 | 26 | Laurent GUERBY | * http://www.he.net/adm/ |
297 | 1 | Laurent GUERBY | * http://www.he.net/adm/blackhole.html |
298 | 1 | Laurent GUERBY | * TODO tester |
299 | 28 | Laurent GUERBY | |
300 | 28 | Laurent GUERBY | h2. Sfinx |
301 | 28 | Laurent GUERBY | |
302 | 28 | Laurent GUERBY | * http://www.renater.fr/route-servers-bgp?lang=fr |
303 | 28 | Laurent GUERBY | * whois AS1304 => |
304 | 28 | Laurent GUERBY | remarks: 1304:65281 = Apply NO-EXPORT community |
305 | 28 | Laurent GUERBY | remarks: 1304:65282 = Apply NO-ADVERTISE community |
306 | 161 | Laurent GUERBY | |
307 | 161 | Laurent GUERBY | h2. Cogent |
308 | 161 | Laurent GUERBY | |
309 | 166 | Laurent GUERBY | h3. Docs |
310 | 166 | Laurent GUERBY | |
311 | 161 | Laurent GUERBY | * http://www.cogentco.com/files/docs/customer_service/guide/global_cogent_customer_user_guide.pdf |
312 | 162 | Laurent GUERBY | ** communautés page 21-22 |
313 | 169 | Laurent GUERBY | * http://www.onesc.net/communities/as174/ |
314 | 170 | Laurent GUERBY | * https://www.nanog.org/mailinglist/mailarchives/old_archive/2005-03/msg00465.html |
315 | 166 | Laurent GUERBY | * https://www.nanog.org/meetings/nanog45/presentations/Sunday/RAS_traceroute_N45.pdf |
316 | 1 | Laurent GUERBY | |
317 | 162 | Laurent GUERBY | France / Benelux: |
318 | 162 | Laurent GUERBY | +33 1 49 03 1818 (Hotline) |
319 | 162 | Laurent GUERBY | +33 1 49 03 1803 (fax) |
320 | 162 | Laurent GUERBY | fr-support@cogentco.com (maintenance and repair) |
321 | 162 | Laurent GUERBY | bnl-support@cogentco.com (maintenance and repair)) |
322 | 162 | Laurent GUERBY | billingeu@cogentco.com (billing, customer care) |
323 | 162 | Laurent GUERBY | All Customers in Europe can also contact the European Cogent Customer Support team |
324 | 162 | Laurent GUERBY | using the generic email address for Europe: eu-support@cogentco.com |
325 | 162 | Laurent GUERBY | |
326 | 164 | Laurent GUERBY | Livré comme demandé sur rocade optique Fullsave : |
327 | 164 | Laurent GUERBY | Livré sur TLS01.CB.KD-05/A.To02.03&04 (tiroir optique N°2, fibre 03&04). |
328 | 165 | Laurent GUERBY | Cogent physical port te0/0/2/3-rcr11.tls01 |
329 | 164 | Laurent GUERBY | |
330 | 163 | Laurent GUERBY | Order ID/Service ID: 1-166108500 |
331 | 163 | Laurent GUERBY | Service Type: EU_L3_ON_10GE_BURST |
332 | 163 | Laurent GUERBY | Commitment: 1000.0 MBps |
333 | 163 | Laurent GUERBY | Service Address: 125 bis ch du Sang de Serp |
334 | 163 | Laurent GUERBY | livraison dans baie Fullsave / salle LAP Te0/0/2/3 rcr01.tls01 -- > TLS01.CB.KD-05/A.To02.03&04 |
335 | 163 | Laurent GUERBY | Toulouse, FR France 31000 |
336 | 163 | Laurent GUERBY | Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014 |
337 | 163 | Laurent GUERBY | |
338 | 163 | Laurent GUERBY | Order ID/Service ID: 1-166108524 |
339 | 163 | Laurent GUERBY | Service Type: EU_L3_ON_IPV6DSTACK_FLAT |
340 | 163 | Laurent GUERBY | Commitment: 0.0 MBps |
341 | 163 | Laurent GUERBY | Service Address: 125 bis ch du Sang de Serp |
342 | 163 | Laurent GUERBY | IPv6s fort port order 1-166108500 |
343 | 163 | Laurent GUERBY | Toulouse, FR France 31000 |
344 | 163 | Laurent GUERBY | Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014 |
345 | 163 | Laurent GUERBY | |
346 | 163 | Laurent GUERBY | Order ID/Service ID: 1-166108512 |
347 | 163 | Laurent GUERBY | Service Type: EU_L0_ON_XCFIBER_FLAT |
348 | 163 | Laurent GUERBY | Commitment: 0.0 MBps |
349 | 163 | Laurent GUERBY | Service Address: 125 bis ch du Sang de Serp |
350 | 163 | Laurent GUERBY | Te0/0/2/3 rcr01.tls01 -- > TLS01.CB.KD-05/A.To02.03&04 port order 1-166108500 |
351 | 163 | Laurent GUERBY | Toulouse, FR France 31000 |
352 | 163 | Laurent GUERBY | Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014 |
353 | 162 | Laurent GUERBY | |
354 | 162 | Laurent GUERBY | h3. Config initiale BGP Cogent |
355 | 162 | Laurent GUERBY | |
356 | 161 | Laurent GUERBY | <pre> |
357 | 161 | Laurent GUERBY | root@h7:~# cat /etc/bird/bird.conf |
358 | 161 | Laurent GUERBY | router id 149.11.58.74; |
359 | 161 | Laurent GUERBY | |
360 | 161 | Laurent GUERBY | define myas = 197422; |
361 | 161 | Laurent GUERBY | |
362 | 161 | Laurent GUERBY | timeformat base iso long; |
363 | 161 | Laurent GUERBY | timeformat log iso long; |
364 | 161 | Laurent GUERBY | timeformat protocol iso long; |
365 | 161 | Laurent GUERBY | timeformat route iso long; |
366 | 161 | Laurent GUERBY | |
367 | 161 | Laurent GUERBY | log "/var/log/bird/bird-20140527.log" all; |
368 | 161 | Laurent GUERBY | |
369 | 161 | Laurent GUERBY | debug commands 2; |
370 | 161 | Laurent GUERBY | |
371 | 161 | Laurent GUERBY | debug protocols { states, events }; |
372 | 161 | Laurent GUERBY | |
373 | 161 | Laurent GUERBY | protocol device { |
374 | 161 | Laurent GUERBY | scan time 10; |
375 | 161 | Laurent GUERBY | } |
376 | 161 | Laurent GUERBY | |
377 | 161 | Laurent GUERBY | protocol kernel { |
378 | 161 | Laurent GUERBY | import all; |
379 | 161 | Laurent GUERBY | export all; |
380 | 161 | Laurent GUERBY | learn; |
381 | 161 | Laurent GUERBY | } |
382 | 161 | Laurent GUERBY | |
383 | 161 | Laurent GUERBY | filter bgp_OUT { |
384 | 167 | Laurent GUERBY | if (net ~ [91.224.148.0/23, 80.67.182.0/24, 89.234.156.0/23]) then { |
385 | 167 | Laurent GUERBY | accept; |
386 | 167 | Laurent GUERBY | } |
387 | 161 | Laurent GUERBY | reject; |
388 | 161 | Laurent GUERBY | } |
389 | 161 | Laurent GUERBY | |
390 | 161 | Laurent GUERBY | filter bgp_IN_PEERING { |
391 | 161 | Laurent GUERBY | accept; |
392 | 161 | Laurent GUERBY | } |
393 | 161 | Laurent GUERBY | |
394 | 161 | Laurent GUERBY | protocol bgp COGENT_TLS00 { |
395 | 161 | Laurent GUERBY | local as myas; |
396 | 161 | Laurent GUERBY | neighbor 149.11.58.73 as 174; |
397 | 161 | Laurent GUERBY | import filter bgp_IN_PEERING; |
398 | 161 | Laurent GUERBY | export filter bgp_OUT; |
399 | 161 | Laurent GUERBY | } |
400 | 161 | Laurent GUERBY | root@h7:~# cat /etc/bird/bird6.conf |
401 | 161 | Laurent GUERBY | router id 149.11.58.74; |
402 | 161 | Laurent GUERBY | |
403 | 161 | Laurent GUERBY | define myas = 197422; |
404 | 161 | Laurent GUERBY | |
405 | 161 | Laurent GUERBY | timeformat base iso long; |
406 | 161 | Laurent GUERBY | timeformat log iso long; |
407 | 161 | Laurent GUERBY | timeformat protocol iso long; |
408 | 161 | Laurent GUERBY | timeformat route iso long; |
409 | 161 | Laurent GUERBY | |
410 | 161 | Laurent GUERBY | log "/var/log/bird/bird6-20140527.log" all; |
411 | 161 | Laurent GUERBY | |
412 | 161 | Laurent GUERBY | debug commands 2; |
413 | 161 | Laurent GUERBY | |
414 | 161 | Laurent GUERBY | debug protocols { states, events }; |
415 | 161 | Laurent GUERBY | |
416 | 161 | Laurent GUERBY | listen bgp v6only; |
417 | 161 | Laurent GUERBY | |
418 | 161 | Laurent GUERBY | protocol device { |
419 | 161 | Laurent GUERBY | scan time 10; |
420 | 161 | Laurent GUERBY | } |
421 | 161 | Laurent GUERBY | |
422 | 161 | Laurent GUERBY | protocol kernel { |
423 | 161 | Laurent GUERBY | import all; |
424 | 161 | Laurent GUERBY | export all; |
425 | 161 | Laurent GUERBY | learn; |
426 | 161 | Laurent GUERBY | } |
427 | 161 | Laurent GUERBY | |
428 | 161 | Laurent GUERBY | filter bgp_OUT_6 { |
429 | 168 | Laurent GUERBY | if (net ~ [2a01:6600:8000::/40]) then { |
430 | 168 | Laurent GUERBY | accept; |
431 | 168 | Laurent GUERBY | } |
432 | 161 | Laurent GUERBY | reject; |
433 | 161 | Laurent GUERBY | } |
434 | 161 | Laurent GUERBY | |
435 | 161 | Laurent GUERBY | filter bgp_IN_PEERING_6 { |
436 | 161 | Laurent GUERBY | accept; |
437 | 161 | Laurent GUERBY | } |
438 | 161 | Laurent GUERBY | |
439 | 161 | Laurent GUERBY | protocol bgp COGENT_TLS00_6 { |
440 | 161 | Laurent GUERBY | local as myas; |
441 | 161 | Laurent GUERBY | neighbor 2001:978:2:68::8:1 as 174; |
442 | 161 | Laurent GUERBY | import filter bgp_IN_PEERING_6; |
443 | 161 | Laurent GUERBY | export filter bgp_OUT_6; |
444 | 161 | Laurent GUERBY | } |
445 | 161 | Laurent GUERBY | </pre> |