Projet

Général

Profil

BGP » Historique » Version 19

Laurent GUERBY, 13/06/2012 09:41

1 1 Laurent GUERBY
h1. BGP
2 1 Laurent GUERBY
3 1 Laurent GUERBY
Nous utilisons BIRD sous Linux comme routeur BGP
4 1 Laurent GUERBY
5 1 Laurent GUERBY
http://bird.network.cz/
6 1 Laurent GUERBY
7 14 Laurent GUERBY
blog bgp http://www.renesys.com/blog/
8 15 Laurent GUERBY
flowspec http://www.slideshare.net/sfouant/an-introduction-to-bgp-flow-spec
9 16 Laurent GUERBY
DFZ = Default Free Zone archive http://archive.routeviews.org/
10 17 Laurent GUERBY
http://www.ripe.net/data-tools/stats/ris/routing-information-service
11 17 Laurent GUERBY
http://pch.net/resources/data/routing-tables/archive/
12 17 Laurent GUERBY
http://pch.net/resources/data/routing-tables/mrt-bgp-updates/
13 18 Laurent GUERBY
http://www.nanog.org/meetings/archive/
14 14 Laurent GUERBY
15 3 Laurent GUERBY
h1. Evolutions de la conf BGP
16 3 Laurent GUERBY
17 3 Laurent GUERBY
* http://lists.tetaneutral.net/pipermail/technique/2011-December/000118.html
18 3 Laurent GUERBY
19 5 Laurent GUERBY
TODO: 
20 6 Laurent GUERBY
* mise en place d'un gestionaire de version style git au moins pour documentation
21 5 Laurent GUERBY
* Comment gerer les password MD5 du fichier de conf (les garder secrets tout en publiant le reste)
22 5 Laurent GUERBY
* Atelier ?
23 7 Laurent GUERBY
** Laurent GUERBY
24 9 Raphaël Durand
** Solarus
25 10 Raphaël Durand
** Ajouter son nom...
26 4 Laurent GUERBY
27 13 Laurent GUERBY
Alternative a MP BGP
28 13 Laurent GUERBY
http://tools.ietf.org/html/draft-ietf-idr-bgp-multisession-06
29 13 Laurent GUERBY
30 2 Laurent GUERBY
h1. Liens
31 2 Laurent GUERBY
32 2 Laurent GUERBY
* http://www.cl.cam.ac.uk/~tgg22/talks/BGP_TUTORIAL_ICNP_2002.ppt
33 11 Laurent GUERBY
* http://www.menog.net/menog-meetings/menog5/presentations/smith-32bit-asn-update.pdf
34 12 Laurent GUERBY
* AS4 http://www.rfc-editor.org/rfc/rfc4893.txt
35 19 Laurent GUERBY
* bonnes pratiques incidents BGP
36 19 Laurent GUERBY
** https://www.sstic.org/media/SSTIC2012/SSTIC-actes/influence_des_bonnes_pratiques_sur_les_incidents_b/SSTIC2012-Slides-influence_des_bonnes_pratiques_sur_les_incidents_bgp-contat_valadon_nataf.pdf
37 2 Laurent GUERBY
38 1 Laurent GUERBY
h1. Configuration Toulouse
39 1 Laurent GUERBY
40 1 Laurent GUERBY
<pre>
41 1 Laurent GUERBY
router id 91.224.148.2;
42 1 Laurent GUERBY
define myas = 197422;
43 1 Laurent GUERBY
44 1 Laurent GUERBY
45 1 Laurent GUERBY
protocol device {
46 1 Laurent GUERBY
	scan time 10;
47 1 Laurent GUERBY
        primary "eth0" 91.224.148.3;
48 1 Laurent GUERBY
}
49 1 Laurent GUERBY
50 1 Laurent GUERBY
protocol static static_bgp {
51 1 Laurent GUERBY
	import all;
52 1 Laurent GUERBY
	route 91.224.148.0/23 reject;
53 1 Laurent GUERBY
}
54 1 Laurent GUERBY
55 1 Laurent GUERBY
56 1 Laurent GUERBY
protocol kernel{
57 1 Laurent GUERBY
	import all;
58 1 Laurent GUERBY
	export all;
59 1 Laurent GUERBY
}
60 1 Laurent GUERBY
61 1 Laurent GUERBY
62 1 Laurent GUERBY
function avoid_martians()
63 1 Laurent GUERBY
prefix set martians;
64 1 Laurent GUERBY
{
65 1 Laurent GUERBY
  martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+ ];
66 1 Laurent GUERBY
67 1 Laurent GUERBY
  # Avoid 0.0.0.0/X
68 1 Laurent GUERBY
  if net.ip = 0.0.0.0 then return false;
69 1 Laurent GUERBY
70 1 Laurent GUERBY
  # Avoid too short and too long prefixes
71 1 Laurent GUERBY
  if (net.len < 8) || (net.len > 24) then return false;
72 1 Laurent GUERBY
73 1 Laurent GUERBY
  # Avoid RFC1918 networks
74 1 Laurent GUERBY
  if net ~ martians then return false;
75 1 Laurent GUERBY
  return true;
76 1 Laurent GUERBY
}
77 1 Laurent GUERBY
78 1 Laurent GUERBY
filter bgp_OUT {
79 1 Laurent GUERBY
	if (net ~ [91.224.148.0/23]) then accept;
80 1 Laurent GUERBY
	else reject;
81 1 Laurent GUERBY
}
82 1 Laurent GUERBY
83 1 Laurent GUERBY
84 1 Laurent GUERBY
protocol bgp TOUIX {
85 1 Laurent GUERBY
        local as myas;
86 1 Laurent GUERBY
        neighbor 91.213.236.1 as 47184;
87 1 Laurent GUERBY
        preference 200;
88 1 Laurent GUERBY
        import where avoid_martians();
89 1 Laurent GUERBY
        export filter bgp_OUT;
90 1 Laurent GUERBY
}
91 1 Laurent GUERBY
92 1 Laurent GUERBY
protocol bgp JAGUAR {
93 1 Laurent GUERBY
	 local as myas;
94 1 Laurent GUERBY
	 neighbor 31.172.233.1 as 30781;
95 1 Laurent GUERBY
	 preference 50;
96 1 Laurent GUERBY
         import where avoid_martians();
97 1 Laurent GUERBY
         export filter bgp_OUT;
98 1 Laurent GUERBY
}
99 1 Laurent GUERBY
100 1 Laurent GUERBY
protocol bgp TETANEUTRAL {
101 1 Laurent GUERBY
	local as myas;
102 1 Laurent GUERBY
	neighbor 91.224.148.2 as myas;
103 1 Laurent GUERBY
	preference 100;
104 1 Laurent GUERBY
	import where avoid_martians();
105 1 Laurent GUERBY
	export all;
106 1 Laurent GUERBY
}
107 1 Laurent GUERBY
</pre>