Projet

Général

Profil

BGP » Historique » Version 184

Laurent GUERBY, 25/09/2016 10:28

1 20 Laurent GUERBY
{{>toc}}
2 20 Laurent GUERBY
3 1 Laurent GUERBY
h1. BGP
4 1 Laurent GUERBY
5 175 Laurent GUERBY
h2. Liens
6 175 Laurent GUERBY
7 1 Laurent GUERBY
Nous utilisons BIRD sous Linux comme routeur BGP
8 1 Laurent GUERBY
9 1 Laurent GUERBY
http://bird.network.cz/
10 1 Laurent GUERBY
11 184 Laurent GUERBY
simulation de l'internet
12 184 Laurent GUERBY
https://www.nsec.io/
13 184 Laurent GUERBY
https://github.com/nsec/the-internet
14 184 Laurent GUERBY
15 14 Laurent GUERBY
blog bgp http://www.renesys.com/blog/
16 15 Laurent GUERBY
flowspec http://www.slideshare.net/sfouant/an-introduction-to-bgp-flow-spec
17 16 Laurent GUERBY
DFZ = Default Free Zone archive http://archive.routeviews.org/
18 17 Laurent GUERBY
http://www.ripe.net/data-tools/stats/ris/routing-information-service
19 65 Laurent GUERBY
https://stat.ripe.net/widget/announced-prefixes
20 17 Laurent GUERBY
http://pch.net/resources/data/routing-tables/archive/
21 17 Laurent GUERBY
http://pch.net/resources/data/routing-tables/mrt-bgp-updates/
22 18 Laurent GUERBY
http://www.nanog.org/meetings/archive/
23 52 Laurent GUERBY
http://tools.ietf.org/html/draft-lapukhov-bgp-routing-large-dc-02
24 14 Laurent GUERBY
25 43 Laurent GUERBY
http://inside.godaddy.com/inside-story-happened-godaddy-com-sept-10-2012/
26 43 Laurent GUERBY
27 67 Laurent GUERBY
liste des communautés des opérateurs http://onesc.net/communities/ via http://www.bortzmeyer.org/7153.html
28 66 Laurent GUERBY
29 55 Laurent GUERBY
http://tools.ietf.org/html/rfc4271#section-9.1 BGP route decision process
30 55 Laurent GUERBY
31 29 Laurent GUERBY
http://www.ipbcop.org/
32 29 Laurent GUERBY
IP Best Current Operational Practices Documented best practices for Engineers by Engineers
33 29 Laurent GUERBY
34 30 Laurent GUERBY
BGP best practices ANSSI
35 30 Laurent GUERBY
https://www.sstic.org/media/SSTIC2012/SSTIC-actes/influence_des_bonnes_pratiques_sur_les_incidents_b/SSTIC2012-Article-influence_des_bonnes_pratiques_sur_les_incidents_bgp-contat_valadon_nataf_2.pdf
36 62 Laurent GUERBY
http://www.ssi.gouv.fr/fr/bonnes-pratiques/recommandations-et-guides/securite-des-reseaux/le-guide-des-bonnes-pratiques-de-configuration-de-bgp.html
37 64 Laurent GUERBY
http://tools.ietf.org/html/draft-ietf-opsec-bgp-security-01
38 179 Laurent GUERBY
http://www.ssi.gouv.fr/uploads/2014/10/rapport_observatoire_2015.pdf
39 30 Laurent GUERBY
40 37 Laurent GUERBY
https://www.ams-ix.net/technical/specifications-descriptions/ams-ix-route-servers
41 37 Laurent GUERBY
42 39 Laurent GUERBY
these LAAS BGP http://www.laas.fr/1-31360-Detail-Soutenance-de-these.php?id=600
43 41 Laurent GUERBY
http://www.laas.fr/1-31706-Publications.php?author=7738
44 1 Laurent GUERBY
http://www.net.t-labs.tu-berlin.de/papers/OMUPMO-OOSICP-11.pdf
45 42 Laurent GUERBY
http://hal.archives-ouvertes.fr/docs/00/60/53/83/PDF/dVirt-virtual_platform.pdf
46 42 Laurent GUERBY
http://hal.archives-ouvertes.fr/docs/00/48/70/74/PDF/Poster_SIGCOMM2010_philippe.pdf
47 40 Laurent GUERBY
48 44 Laurent GUERBY
Le monde sur BGP http://reseaux.blog.lemonde.fr/2012/11/04/routage-enjeu-cyberstrategie/
49 44 Laurent GUERBY
50 45 Laurent GUERBY
coupure free wanadoo http://www.journaldunet.com/solutions/0301/030122_freeft.shtml
51 45 Laurent GUERBY
52 46 Laurent GUERBY
tsunami Japon 2011 et BGP : http://archive.psg.com/111206.conext-quake.pdf
53 46 Laurent GUERBY
54 47 Laurent GUERBY
Session is up on telnet:route-views.routeviews.org username rviews
55 47 Laurent GUERBY
56 48 Laurent GUERBY
BGP book http://www.bortzmeyer.org/files/bgp.html
57 48 Laurent GUERBY
58 49 Laurent GUERBY
Cyclops is able to detect several forms of route hijack attacks http://cyclops.cs.ucla.edu/
59 50 Laurent GUERBY
BGPmon monitors the routing of your prefixes and alerts you in case of an 'interesting' path chang http://www.bgpmon.net/
60 49 Laurent GUERBY
61 53 Laurent GUERBY
http://jointtransit.nl/prices.html
62 53 Laurent GUERBY
63 54 Laurent GUERBY
http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho
64 54 Laurent GUERBY
65 51 Laurent GUERBY
* taille table de routage http://bgp.potaroo.net/
66 1 Laurent GUERBY
67 65 Laurent GUERBY
* BGP	in	2011	 Geoff	Huston	 APNIC http://iepg.org/2011-11-ietf82/2011-11-13-bgp2011.pdf
68 56 Laurent GUERBY
69 57 Laurent GUERBY
* http://pages.cs.wisc.edu/~plonka/netgear-sntp/
70 57 Laurent GUERBY
71 58 Laurent GUERBY
* http://www.afnic.fr/fr/l-afnic-en-bref/actualites/actualites-generales/7114/show/l-observatoire-sur-la-resilience-de-l-internet-francais-publie-son-rapport-2012.html
72 58 Laurent GUERBY
73 59 Laurent GUERBY
* http://www.ris.ripe.net/dashboard/2a01:6600:8000::/40
74 59 Laurent GUERBY
75 60 Laurent GUERBY
* http://www.bortzmeyer.org/6996.html
76 60 Laurent GUERBY
** RFC 6996 : Autonomous System (AS) Reservation for Private Use
77 60 Laurent GUERBY
** http://www.iana.org/assignments/as-numbers
78 60 Laurent GUERBY
79 61 Laurent GUERBY
* Look for TRACEROUTE by SRCGUARDIAN in the Play Store.   It needs network access only...  Doesn't do TCP but does ICMP and UDP traceroutes and displays ASN as well ...
80 61 Laurent GUERBY
81 63 Laurent GUERBY
* http://www.team-cymru.org/Services/Bogons/bgp.html
82 63 Laurent GUERBY
** http://www.team-cymru.org/Services/Bogons/bgp-examples.html#bird-full
83 175 Laurent GUERBY
84 175 Laurent GUERBY
* 3D looking glass  http://as2914.net/#/
85 63 Laurent GUERBY
86 177 Laurent GUERBY
* https://labs.ripe.net/Members/emileaben/has-the-routability-of-longer-than-24-prefixes-changed
87 177 Laurent GUERBY
88 183 Laurent GUERBY
* https://github.com/pavel-odintsov/fastnetmon
89 183 Laurent GUERBY
** FastNetMon - A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFLOW, SnabbSwitch, netmap, PF_RING, PCAP).
90 183 Laurent GUERBY
** What can we do? We can detect hosts in our networks sending or receiving large volumes of packets/bytes/flows per second. We can call an external script to notify you, switch off a server, or blackhole the client.
91 183 Laurent GUERBY
92 182 Laurent GUERBY
h2. Baker-s Dozen
93 182 Laurent GUERBY
94 181 Laurent GUERBY
* Baker's Dozen BGP transit players
95 181 Laurent GUERBY
** http://research.dyn.com/2008/12/winners-and-losers-for-2008/
96 181 Laurent GUERBY
** http://research.dyn.com/2009/12/a-bakers-dozen-in-2009/
97 181 Laurent GUERBY
** http://research.dyn.com/2011/01/a-bakers-dozen-2010-edition/
98 181 Laurent GUERBY
** http://research.dyn.com/2012/02/a-bakers-dozen-2011-edition/
99 181 Laurent GUERBY
** http://research.dyn.com/2012/02/a-bakers-dozen-2012-edition/
100 181 Laurent GUERBY
** http://research.dyn.com/2012/02/a-bakers-dozen-2013-edition/
101 181 Laurent GUERBY
** http://research.dyn.com/2012/02/a-bakers-dozen-2014-edition/
102 181 Laurent GUERBY
** http://research.dyn.com/2016/04/a-bakers-dozen-2015-edition/
103 182 Laurent GUERBY
*** https://cdn.vpls.com/wp-content/uploads/WP033-Bakers-Dozen-2015.pdf
104 180 Laurent GUERBY
105 171 Laurent GUERBY
h1. Bird
106 171 Laurent GUERBY
107 171 Laurent GUERBY
h2. Link local IPv6 static route
108 171 Laurent GUERBY
109 171 Laurent GUERBY
<pre>
110 171 Laurent GUERBY
    protocol direct {
111 171 Laurent GUERBY
      interface "eth0";
112 171 Laurent GUERBY
    }
113 171 Laurent GUERBY
114 171 Laurent GUERBY
    protocol static {
115 171 Laurent GUERBY
      route 2001:db8::/32 via fe80::1%eth0;
116 171 Laurent GUERBY
    }
117 171 Laurent GUERBY
</pre>
118 171 Laurent GUERBY
119 172 Laurent GUERBY
h2. Gitoyen BIRD config
120 172 Laurent GUERBY
121 172 Laurent GUERBY
https://code.ffdn.org/gitoyen/bird-config/
122 171 Laurent GUERBY
123 176 Laurent GUERBY
Et autres outils dont le blackholing automatique : https://code.ffdn.org/org/gitoyen
124 176 Laurent GUERBY
125 173 Laurent GUERBY
h2. Misc BIRD Links
126 173 Laurent GUERBY
127 173 Laurent GUERBY
* zeromq integration https://github.com/samrussell/bird/tree/zmqintegration
128 174 Laurent GUERBY
* https://www.netdev01.org/docs/prabhu-linux_ipv4_ipv6_inconsistencies_talk_slides.pdf
129 173 Laurent GUERBY
130 178 Baptiste Jonglez
h1. mrtdump
131 178 Baptiste Jonglez
132 178 Baptiste Jonglez
mrtdump est un format standard pour représenter et stocker des données BGP (table de routage, messages BGP) : https://tools.ietf.org/html/rfc6396
133 178 Baptiste Jonglez
134 178 Baptiste Jonglez
h2. Dump mrtdump avec Bird
135 178 Baptiste Jonglez
136 178 Baptiste Jonglez
h3. Dump de tous les messages BGP échangés avec les pairs
137 178 Baptiste Jonglez
138 178 Baptiste Jonglez
<pre>
139 178 Baptiste Jonglez
mrtdump "/tmp/mrtdump-messages";
140 178 Baptiste Jonglez
mrtdump protocols {messages};
141 178 Baptiste Jonglez
</pre>
142 178 Baptiste Jonglez
143 178 Baptiste Jonglez
Cf. doc bird : http://bird.network.cz/?get_doc&f=bird-3.html#ss3.2
144 178 Baptiste Jonglez
145 178 Baptiste Jonglez
Pour "rotate" le fichier de dump, changer le nom du fichier dans la configuration bird et faire `birdc configure`.
146 178 Baptiste Jonglez
147 178 Baptiste Jonglez
h3. Dump de la table de routage BGP
148 178 Baptiste Jonglez
149 178 Baptiste Jonglez
Ce n'est pas encore possible mais en développement dans Bird, cf. branche *mrtdump* upstream.
150 178 Baptiste Jonglez
151 178 Baptiste Jonglez
Doc : https://gitlab.labs.nic.cz/labs/bird/commit/11fabd2d6b8bc3d6ca86acd3b62fe4deeb4b91b7
152 178 Baptiste Jonglez
153 178 Baptiste Jonglez
h2. Sources de données mrtdump publiques
154 178 Baptiste Jonglez
155 178 Baptiste Jonglez
* RIS (Routing Information Service) :
156 178 Baptiste Jonglez
157 178 Baptiste Jonglez
  * routes BGP collectées par le RIPE depuis plusieurs points d'échanges (16 collecteurs en tout)
158 178 Baptiste Jonglez
  * données collectées et archivées depuis 2001
159 178 Baptiste Jonglez
  * https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris/routing-information-service-ris
160 178 Baptiste Jonglez
  * données en libre accès https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris/ris-raw-data
161 178 Baptiste Jonglez
162 178 Baptiste Jonglez
* Routeviews :
163 178 Baptiste Jonglez
164 178 Baptiste Jonglez
  * même idée, mais moins centré sur l'Europe (projet mené par des américains)
165 178 Baptiste Jonglez
  * http://www.routeviews.org/
166 178 Baptiste Jonglez
  * données en libre accès ftp://archive.routeviews.org/
167 178 Baptiste Jonglez
168 178 Baptiste Jonglez
h2. Exploitation des données mrtdump
169 178 Baptiste Jonglez
170 178 Baptiste Jonglez
* outil historique : *bgpdump* https://bitbucket.org/ripencc/bgpdump/wiki/Home
171 178 Baptiste Jonglez
* plus récent : *bgpstream* https://bgpstream.caida.org/  https://github.com/CAIDA/bgpstream https://pypi.python.org/pypi/pybgpstream
172 178 Baptiste Jonglez
173 178 Baptiste Jonglez
bgpstream est plutôt fait pour récupérer automatiquement les données de RIS et Routeviews (d'ailleurs parfois ça ne marche pas super bien...).  C'est aussi possible de lire des fichiers mrtdump locaux, par exemple avec les bindings python :
174 178 Baptiste Jonglez
175 178 Baptiste Jonglez
<pre>
176 178 Baptiste Jonglez
from _pybgpstream import BGPStream, BGPRecord, BGPElem
177 178 Baptiste Jonglez
record = BGPRecord()
178 178 Baptiste Jonglez
stream = BGPStream()
179 178 Baptiste Jonglez
stream.set_data_interface("singlefile")
180 178 Baptiste Jonglez
stream.set_data_interface_option("singlefile", "rib-file", myfilename)
181 178 Baptiste Jonglez
# Add additional filters here
182 178 Baptiste Jonglez
stream.start()
183 178 Baptiste Jonglez
# etc (cf. tutorial bgpstream)
184 178 Baptiste Jonglez
</pre>
185 178 Baptiste Jonglez
186 178 Baptiste Jonglez
187 38 Laurent GUERBY
h1. TouIX et GIX
188 38 Laurent GUERBY
189 38 Laurent GUERBY
http://touix.net
190 38 Laurent GUERBY
http://wikilulu.net/doku.php?id=articles:gix-howto
191 38 Laurent GUERBY
192 3 Laurent GUERBY
h1. Evolutions de la conf BGP
193 3 Laurent GUERBY
194 3 Laurent GUERBY
* http://lists.tetaneutral.net/pipermail/technique/2011-December/000118.html
195 3 Laurent GUERBY
196 5 Laurent GUERBY
TODO: 
197 6 Laurent GUERBY
* mise en place d'un gestionaire de version style git au moins pour documentation
198 5 Laurent GUERBY
* Comment gerer les password MD5 du fichier de conf (les garder secrets tout en publiant le reste)
199 5 Laurent GUERBY
* Atelier ?
200 7 Laurent GUERBY
** Laurent GUERBY
201 9 Raphaël Durand
** Solarus
202 10 Raphaël Durand
** Ajouter son nom...
203 4 Laurent GUERBY
204 13 Laurent GUERBY
Alternative a MP BGP
205 13 Laurent GUERBY
http://tools.ietf.org/html/draft-ietf-idr-bgp-multisession-06
206 13 Laurent GUERBY
207 31 Laurent GUERBY
Add Path
208 31 Laurent GUERBY
http://tools.ietf.org/html/draft-ietf-idr-add-paths-07
209 31 Laurent GUERBY
support in bird ? http://marc.info/?l=bird-users&m=134409996129466&w=2
210 31 Laurent GUERBY
211 2 Laurent GUERBY
h1. Liens
212 2 Laurent GUERBY
213 2 Laurent GUERBY
* http://www.cl.cam.ac.uk/~tgg22/talks/BGP_TUTORIAL_ICNP_2002.ppt
214 11 Laurent GUERBY
* http://www.menog.net/menog-meetings/menog5/presentations/smith-32bit-asn-update.pdf
215 12 Laurent GUERBY
* AS4 http://www.rfc-editor.org/rfc/rfc4893.txt
216 19 Laurent GUERBY
* bonnes pratiques incidents BGP
217 19 Laurent GUERBY
** https://www.sstic.org/media/SSTIC2012/SSTIC-actes/influence_des_bonnes_pratiques_sur_les_incidents_b/SSTIC2012-Slides-influence_des_bonnes_pratiques_sur_les_incidents_bgp-contat_valadon_nataf.pdf
218 35 Laurent GUERBY
* test ping plus UDP http://www.broadband-forum.org/technical/download/TR-143.pdf
219 2 Laurent GUERBY
220 1 Laurent GUERBY
h1. Configuration Toulouse
221 1 Laurent GUERBY
222 1 Laurent GUERBY
<pre>
223 1 Laurent GUERBY
router id 91.224.148.2;
224 1 Laurent GUERBY
define myas = 197422;
225 1 Laurent GUERBY
226 1 Laurent GUERBY
227 1 Laurent GUERBY
protocol device {
228 1 Laurent GUERBY
	scan time 10;
229 1 Laurent GUERBY
        primary "eth0" 91.224.148.3;
230 1 Laurent GUERBY
}
231 1 Laurent GUERBY
232 1 Laurent GUERBY
protocol static static_bgp {
233 1 Laurent GUERBY
	import all;
234 1 Laurent GUERBY
	route 91.224.148.0/23 reject;
235 1 Laurent GUERBY
}
236 1 Laurent GUERBY
237 1 Laurent GUERBY
238 1 Laurent GUERBY
protocol kernel{
239 1 Laurent GUERBY
	import all;
240 1 Laurent GUERBY
	export all;
241 1 Laurent GUERBY
}
242 1 Laurent GUERBY
243 1 Laurent GUERBY
244 1 Laurent GUERBY
function avoid_martians()
245 1 Laurent GUERBY
prefix set martians;
246 1 Laurent GUERBY
{
247 1 Laurent GUERBY
  martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+ ];
248 1 Laurent GUERBY
249 1 Laurent GUERBY
  # Avoid 0.0.0.0/X
250 1 Laurent GUERBY
  if net.ip = 0.0.0.0 then return false;
251 1 Laurent GUERBY
252 1 Laurent GUERBY
  # Avoid too short and too long prefixes
253 1 Laurent GUERBY
  if (net.len < 8) || (net.len > 24) then return false;
254 1 Laurent GUERBY
255 1 Laurent GUERBY
  # Avoid RFC1918 networks
256 1 Laurent GUERBY
  if net ~ martians then return false;
257 1 Laurent GUERBY
  return true;
258 1 Laurent GUERBY
}
259 1 Laurent GUERBY
260 1 Laurent GUERBY
filter bgp_OUT {
261 1 Laurent GUERBY
	if (net ~ [91.224.148.0/23]) then accept;
262 1 Laurent GUERBY
	else reject;
263 1 Laurent GUERBY
}
264 1 Laurent GUERBY
265 1 Laurent GUERBY
266 1 Laurent GUERBY
protocol bgp TOUIX {
267 1 Laurent GUERBY
        local as myas;
268 1 Laurent GUERBY
        neighbor 91.213.236.1 as 47184;
269 1 Laurent GUERBY
        preference 200;
270 1 Laurent GUERBY
        import where avoid_martians();
271 1 Laurent GUERBY
        export filter bgp_OUT;
272 1 Laurent GUERBY
}
273 1 Laurent GUERBY
274 1 Laurent GUERBY
protocol bgp JAGUAR {
275 1 Laurent GUERBY
	 local as myas;
276 1 Laurent GUERBY
	 neighbor 31.172.233.1 as 30781;
277 1 Laurent GUERBY
	 preference 50;
278 1 Laurent GUERBY
         import where avoid_martians();
279 1 Laurent GUERBY
         export filter bgp_OUT;
280 1 Laurent GUERBY
}
281 1 Laurent GUERBY
282 1 Laurent GUERBY
protocol bgp TETANEUTRAL {
283 1 Laurent GUERBY
	local as myas;
284 1 Laurent GUERBY
	neighbor 91.224.148.2 as myas;
285 1 Laurent GUERBY
	preference 100;
286 1 Laurent GUERBY
	import where avoid_martians();
287 1 Laurent GUERBY
	export all;
288 1 Laurent GUERBY
}
289 1 Laurent GUERBY
</pre>
290 20 Laurent GUERBY
291 33 Laurent GUERBY
h1. IRR
292 33 Laurent GUERBY
293 33 Laurent GUERBY
* From nanog:
294 33 Laurent GUERBY
http://www.clarksys.com/blog/2009/09/02/using-irr-with-level3/
295 33 Laurent GUERBY
whois -h filtergen.level3.net "RIPE::YOUR-AS-SET  -searchpath=RIPE;ARIN;RADB -recurseok -warnonly"
296 33 Laurent GUERBY
297 20 Laurent GUERBY
h1. Blackholing
298 20 Laurent GUERBY
299 160 Laurent GUERBY
h2. DECIX
300 160 Laurent GUERBY
301 160 Laurent GUERBY
http://de-cix.net/products-services/de-cix-frankfurt/blackholing/
302 160 Laurent GUERBY
303 24 Laurent GUERBY
h2. Attaques
304 24 Laurent GUERBY
305 24 Laurent GUERBY
* 20120629 http://lists.tetaneutral.net/pipermail/technique/2012-July/000406.html
306 36 Laurent GUERBY
* http://blog.cloudflare.com/65gbps-ddos-no-problem
307 24 Laurent GUERBY
308 1 Laurent GUERBY
h2. URPF
309 34 Laurent GUERBY
310 65 Laurent GUERBY
blacklister une/plusieures sources est relativement complexe à mettre en place sur une petite infrastructure car nécessite la mise en place de l'URPF (Unicast Reverse Path Forwarding).
311 34 Laurent GUERBY
312 34 Laurent GUERBY
http://www.cisco.com/web/about/security/intelligence/ipv6_rtbh.html
313 34 Laurent GUERBY
314 20 Laurent GUERBY
h2. RFC3882 
315 1 Laurent GUERBY
316 22 Laurent GUERBY
* http://www.ietf.org/rfc/rfc3882.txt
317 1 Laurent GUERBY
community AS:666 sur annonce /32 pour balckhole par AS upstream
318 1 Laurent GUERBY
319 22 Laurent GUERBY
* doc CISCO
320 22 Laurent GUERBY
http://www.cisco.com/web/about/security/intelligence/blackhole.pdf
321 22 Laurent GUERBY
322 28 Laurent GUERBY
h2. RFC1997
323 28 Laurent GUERBY
324 28 Laurent GUERBY
* http://www.ietf.org/rfc/rfc1997.txt
325 28 Laurent GUERBY
BGP Communities Attribute
326 28 Laurent GUERBY
327 28 Laurent GUERBY
* doc CISCO
328 28 Laurent GUERBY
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_6-2/bgp_communities.html
329 28 Laurent GUERBY
330 22 Laurent GUERBY
h2. BIRD
331 22 Laurent GUERBY
332 22 Laurent GUERBY
* http://www.mail-archive.com/bird-users@atrey.karlin.mff.cuni.cz/msg01998.html
333 1 Laurent GUERBY
334 24 Laurent GUERBY
h2. Absolight
335 24 Laurent GUERBY
336 65 Laurent GUERBY
* communauté 29608:65001 sur /24..32 IPv4 et /41..128 IPv6 => blackhole
337 65 Laurent GUERBY
* test 20120703 IPv4 et IPv6, ça marche et convergence très rapide
338 24 Laurent GUERBY
339 22 Laurent GUERBY
h2. GIXE
340 1 Laurent GUERBY
341 65 Laurent GUERBY
* communauté 31576:666 sur /32 => blackhole
342 65 Laurent GUERBY
* test 20120703 => marche pas encore, signalé et dev a faire coté GIXE pour autoriser les /32
343 1 Laurent GUERBY
344 1 Laurent GUERBY
h2. Jaguar 
345 22 Laurent GUERBY
346 24 Laurent GUERBY
* https://extranet.jaguar-network.com/app/public/index.php?cmd=bgp-policy
347 65 Laurent GUERBY
* demande 20120702 : pas de communauté blackhole actuellement, en reflexion
348 65 Laurent GUERBY
* déploiement de matériel arbor networks, reglage a affiner (pas de detection d'attaque)
349 22 Laurent GUERBY
350 27 Laurent GUERBY
h2. Gitoyen
351 27 Laurent GUERBY
352 65 Laurent GUERBY
* demande 20120704 sur la liste, réponse 20120717
353 28 Laurent GUERBY
* Tata http://noc.easycolocate.nl/Teleglobe_bgp_comm.pdf
354 65 Laurent GUERBY
*** => black-hole route (host route or shorter prefix within customer’s RIR registred assignment) 64999:0
355 28 Laurent GUERBY
* Ielo  whois AS29075 => 29075:0 Null-route/Blackhole
356 32 Laurent GUERBY
* https://pad.ilico.org/p/cleanup-bgp-gitoyen
357 22 Laurent GUERBY
358 22 Laurent GUERBY
h2. France-IX
359 22 Laurent GUERBY
360 25 Laurent GUERBY
* community plan : https://apps.db.ripe.net/whois/lookup/ripe/aut-num/AS51706.html
361 26 Laurent GUERBY
* TODO tester
362 22 Laurent GUERBY
363 22 Laurent GUERBY
h2. Equinix-IX
364 1 Laurent GUERBY
365 26 Laurent GUERBY
* community plan : https://ix.equinix.com/ixp/mlpeCommunityInfo
366 26 Laurent GUERBY
* TODO tester
367 22 Laurent GUERBY
368 1 Laurent GUERBY
h2. TouIX
369 22 Laurent GUERBY
370 26 Laurent GUERBY
* demande acces switch et route server 20120702
371 22 Laurent GUERBY
* TODO
372 1 Laurent GUERBY
373 1 Laurent GUERBY
h2. Hurricane Electric
374 1 Laurent GUERBY
375 26 Laurent GUERBY
* http://www.he.net/adm/
376 1 Laurent GUERBY
* http://www.he.net/adm/blackhole.html
377 1 Laurent GUERBY
* TODO tester
378 28 Laurent GUERBY
379 28 Laurent GUERBY
h2. Sfinx
380 28 Laurent GUERBY
381 28 Laurent GUERBY
* http://www.renater.fr/route-servers-bgp?lang=fr
382 28 Laurent GUERBY
* whois  AS1304 =>
383 28 Laurent GUERBY
remarks:        1304:65281 = Apply NO-EXPORT community
384 28 Laurent GUERBY
remarks:        1304:65282 = Apply NO-ADVERTISE community
385 161 Laurent GUERBY
386 161 Laurent GUERBY
h2. Cogent
387 161 Laurent GUERBY
388 166 Laurent GUERBY
h3. Docs
389 166 Laurent GUERBY
390 161 Laurent GUERBY
* http://www.cogentco.com/files/docs/customer_service/guide/global_cogent_customer_user_guide.pdf
391 162 Laurent GUERBY
** communautés page 21-22
392 169 Laurent GUERBY
* http://www.onesc.net/communities/as174/
393 170 Laurent GUERBY
* https://www.nanog.org/mailinglist/mailarchives/old_archive/2005-03/msg00465.html
394 166 Laurent GUERBY
* https://www.nanog.org/meetings/nanog45/presentations/Sunday/RAS_traceroute_N45.pdf
395 1 Laurent GUERBY
396 162 Laurent GUERBY
France / Benelux:
397 162 Laurent GUERBY
+33 1 49 03 1818 (Hotline)
398 162 Laurent GUERBY
+33 1 49 03 1803 (fax)
399 162 Laurent GUERBY
fr-support@cogentco.com (maintenance and repair)
400 162 Laurent GUERBY
bnl-support@cogentco.com (maintenance and repair))
401 162 Laurent GUERBY
billingeu@cogentco.com (billing, customer care)
402 162 Laurent GUERBY
All Customers in Europe can also contact the European Cogent Customer Support team
403 162 Laurent GUERBY
using the generic email address for Europe: eu-support@cogentco.com 
404 162 Laurent GUERBY
405 164 Laurent GUERBY
Livré comme demandé sur rocade optique Fullsave :
406 164 Laurent GUERBY
Livré sur TLS01.CB.KD-05/A.To02.03&04 (tiroir optique N°2, fibre 03&04).
407 165 Laurent GUERBY
Cogent physical port te0/0/2/3-rcr11.tls01
408 164 Laurent GUERBY
409 163 Laurent GUERBY
Order ID/Service ID: 1-166108500
410 163 Laurent GUERBY
Service Type: EU_L3_ON_10GE_BURST
411 163 Laurent GUERBY
Commitment: 1000.0 MBps
412 163 Laurent GUERBY
Service Address: 125 bis ch du Sang de Serp
413 163 Laurent GUERBY
livraison dans baie Fullsave / salle LAP Te0/0/2/3 rcr01.tls01 -- > TLS01.CB.KD-05/A.To02.03&04
414 163 Laurent GUERBY
Toulouse, FR France 31000
415 163 Laurent GUERBY
Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014
416 163 Laurent GUERBY
417 163 Laurent GUERBY
Order ID/Service ID: 1-166108524
418 163 Laurent GUERBY
Service Type: EU_L3_ON_IPV6DSTACK_FLAT
419 163 Laurent GUERBY
Commitment: 0.0 MBps
420 163 Laurent GUERBY
Service Address: 125 bis ch du Sang de Serp
421 163 Laurent GUERBY
IPv6s fort port order 1-166108500
422 163 Laurent GUERBY
Toulouse, FR France 31000
423 163 Laurent GUERBY
Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014
424 163 Laurent GUERBY
425 163 Laurent GUERBY
Order ID/Service ID: 1-166108512
426 163 Laurent GUERBY
Service Type: EU_L0_ON_XCFIBER_FLAT
427 163 Laurent GUERBY
Commitment: 0.0 MBps
428 163 Laurent GUERBY
Service Address: 125 bis ch du Sang de Serp
429 163 Laurent GUERBY
Te0/0/2/3 rcr01.tls01 -- > TLS01.CB.KD-05/A.To02.03&04 port order 1-166108500
430 163 Laurent GUERBY
Toulouse, FR France 31000
431 163 Laurent GUERBY
Your service acceptance date is 27-May-2014 and your billing start date is 27-May-2014
432 162 Laurent GUERBY
433 162 Laurent GUERBY
h3. Config initiale BGP Cogent
434 162 Laurent GUERBY
435 161 Laurent GUERBY
<pre>
436 161 Laurent GUERBY
root@h7:~# cat /etc/bird/bird.conf
437 161 Laurent GUERBY
router id 149.11.58.74;
438 161 Laurent GUERBY
439 161 Laurent GUERBY
define myas = 197422;
440 161 Laurent GUERBY
441 161 Laurent GUERBY
timeformat base     iso long;
442 161 Laurent GUERBY
timeformat log      iso long;
443 161 Laurent GUERBY
timeformat protocol iso long;
444 161 Laurent GUERBY
timeformat route    iso long;
445 161 Laurent GUERBY
446 161 Laurent GUERBY
log "/var/log/bird/bird-20140527.log" all;
447 161 Laurent GUERBY
448 161 Laurent GUERBY
debug commands 2;
449 161 Laurent GUERBY
450 161 Laurent GUERBY
debug protocols { states, events };
451 161 Laurent GUERBY
452 161 Laurent GUERBY
protocol device {
453 161 Laurent GUERBY
        scan time 10;
454 161 Laurent GUERBY
}
455 161 Laurent GUERBY
456 161 Laurent GUERBY
protocol kernel {
457 161 Laurent GUERBY
        import all;
458 161 Laurent GUERBY
        export all;
459 161 Laurent GUERBY
        learn;
460 161 Laurent GUERBY
}
461 161 Laurent GUERBY
462 161 Laurent GUERBY
filter bgp_OUT {
463 167 Laurent GUERBY
        if (net ~ [91.224.148.0/23, 80.67.182.0/24, 89.234.156.0/23]) then {
464 167 Laurent GUERBY
          accept;
465 167 Laurent GUERBY
        }
466 161 Laurent GUERBY
        reject;
467 161 Laurent GUERBY
}
468 161 Laurent GUERBY
469 161 Laurent GUERBY
filter bgp_IN_PEERING {
470 161 Laurent GUERBY
       accept;
471 161 Laurent GUERBY
}
472 161 Laurent GUERBY
473 161 Laurent GUERBY
protocol bgp COGENT_TLS00 {
474 161 Laurent GUERBY
        local as myas;
475 161 Laurent GUERBY
        neighbor 149.11.58.73 as 174;
476 161 Laurent GUERBY
        import filter bgp_IN_PEERING;
477 161 Laurent GUERBY
        export filter bgp_OUT;
478 161 Laurent GUERBY
}
479 161 Laurent GUERBY
root@h7:~# cat /etc/bird/bird6.conf
480 161 Laurent GUERBY
router id 149.11.58.74;
481 161 Laurent GUERBY
482 161 Laurent GUERBY
define myas = 197422;
483 161 Laurent GUERBY
484 161 Laurent GUERBY
timeformat base     iso long;
485 161 Laurent GUERBY
timeformat log      iso long;
486 161 Laurent GUERBY
timeformat protocol iso long;
487 161 Laurent GUERBY
timeformat route    iso long;
488 161 Laurent GUERBY
489 161 Laurent GUERBY
log "/var/log/bird/bird6-20140527.log" all;
490 161 Laurent GUERBY
491 161 Laurent GUERBY
debug commands 2;
492 161 Laurent GUERBY
493 161 Laurent GUERBY
debug protocols { states, events };
494 161 Laurent GUERBY
495 161 Laurent GUERBY
listen bgp v6only;
496 161 Laurent GUERBY
497 161 Laurent GUERBY
protocol device {
498 161 Laurent GUERBY
        scan time 10;
499 161 Laurent GUERBY
}
500 161 Laurent GUERBY
501 161 Laurent GUERBY
protocol kernel {
502 161 Laurent GUERBY
        import all;
503 161 Laurent GUERBY
        export all;
504 161 Laurent GUERBY
        learn;
505 161 Laurent GUERBY
}
506 161 Laurent GUERBY
507 161 Laurent GUERBY
filter bgp_OUT_6 {
508 168 Laurent GUERBY
        if (net ~ [2a01:6600:8000::/40]) then {
509 168 Laurent GUERBY
          accept;
510 168 Laurent GUERBY
        }
511 161 Laurent GUERBY
        reject;
512 161 Laurent GUERBY
}
513 161 Laurent GUERBY
514 161 Laurent GUERBY
filter bgp_IN_PEERING_6 {
515 161 Laurent GUERBY
       accept;
516 161 Laurent GUERBY
}
517 161 Laurent GUERBY
518 161 Laurent GUERBY
protocol bgp COGENT_TLS00_6 {
519 161 Laurent GUERBY
        local as myas;
520 161 Laurent GUERBY
        neighbor 2001:978:2:68::8:1 as 174;
521 161 Laurent GUERBY
        import filter bgp_IN_PEERING_6;
522 161 Laurent GUERBY
        export filter bgp_OUT_6;
523 161 Laurent GUERBY
}
524 161 Laurent GUERBY
</pre>