Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Looking for IPv6 peering
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Looking for IPv6 peering

    melanmelan Member

    Recently I've registered RIPE ASN and I would like to get real world experience with BGP, currently peered with Hurricane Electric and NetAssist.. anyone interesting in peering over IPSec or OpenVPN tunnel?
    Thanks!

    Comments

    • jackbjackb Member, Provider

      Dn42 until you know what you're doing.

      Afterburst - Awesome OpenVZ&KVM VPS in US+EU

    • rubenruben Member, Provider

      jackb said: Dn42 until you know what you're doing.

      This^
      Most important advice: learn how to build good filters.
      And afterward maybe have a look at this: https://evix.org/

      Thanked by 1melan
    • melanmelan Member

      jackb said: Dn42 until you know what you're doing.

      I had a Dn42 setup on VirtualBox using FreeBSD/OpenBGPD, unfortunately it doesn't work after kernel update on my host, I'l try to fix it...

      ruben said: This^

      Most important advice: learn how to build good filters.
      And afterward maybe have a look at this: https://evix.org/
      I am not sure what should I learn first, Could you please point me good tutorial

      Thanks!

    • rubenruben Member, Provider

      melan said: I am not sure what should I learn first, Could you please point me good tutorial

      There are many good pointers out there. Read through eg. Wikis and also the DN42 site, have a look at various documentations of your router software.
      Start by setting up a simple BGP session towards NE & HE with simple filters, announce one prefix. Peer with other networks, talk to people. Some people will help, let them check your config. Start using communities, build sophisticated filters... I think you will learn the most while doing it.
      I use Bird, so https://gitlab.labs.nic.cz/labs/bird/wikis/home also: https://ourtechplanet.com/bgp-fundamentals-part-1/
      Or a book (there is a pdf available on google): BGP - Building Reliable Networks with the Border Gateway Protocol

      Thanked by 2uptime melan
    • dfroedfroe Member, Provider

      @melan said: I would like to get real world experience with BGP, currently peered with Hurricane Electric and NetAssist.

      And what exactly feels 'unreal' with your two upstream providers?

      You are dual homed, receive full BGP tables, can announce prefixes, configure filters, and make use of route-maps to modify outbound exports and inbound imports.

      As already mentioned: Unless you know what you're doing, use DN42.
      And please: Do not break the internet. :smiley:

      Thanked by 2uptime ruben

      IT-Service David Froehlich | Individual network and hosting solutions | AS39083 | RIPE LIR services (IPv4, IPv6, ASN)

    • melanmelan Member

      dfroe said: And what exactly feels 'unreal' with your two upstream providers?

      I did not meant that using HE or NetAssist is a unreal thing (may be my bad English), without them I am hopeless, just wanted to try with more peers make it 'more real'...

      dfroe said: And please: Do not break the internet. :smiley:

      Sure...will read on it...
      Thanks!

    • dfroedfroe Member, Provider

      @melan said:
      I did not meant that using HE or NetAssist is a unreal thing (may be my bad English), without them I am hopeless, just wanted to try with more peers make it 'more real'...

      Don't expect it to feel more real just by increasing the number of peers...

      It most likely won't increase your visibility and some changing AS Path strings shouldn't make you very excited.

      In real life it is not just about to connect to as much peers as possible. You will more likely want to do some traffic engineering like avoiding certain paths or preferring other ones for certain ASNs. Depending on what you want to do, what you want to optimize or what problems you want to solve.

      However if you are searching for another BGP capable VPS you may have a look at First-Root. You can run bird or quagga on it and connect your LAN via any tunneling protocol of your choice. Keep your memory requirements in mind when dealing with full tables. You can get free BGP sessions starting with their 2 GB RAM VPS:

      https://www.lowendtalk.com/discussion/157995/germany-all-flash-kvm-on-redundant-a-b-power-nodes-starting-at-3-eur-month-2fa-novnc-f-com

      There is also combahton / fastpipe with similiar offers:

      https://www.lowendtalk.com/discussion/158036/fastpipe-io-ssd-cloud-servers-kvm-frankfurt-germany-free-bgp-starting-at-2-95

      Maintaining a VPS with linux OS, routing engine, iptables etc. will be more advanced than just having a GRE tunnel. But it can give you more flexibility - if you know what you are doing.

      Thanked by 3First-Root FHR malek

      IT-Service David Froehlich | Individual network and hosting solutions | AS39083 | RIPE LIR services (IPv4, IPv6, ASN)

    • @jackb said:
      Dn42 until you know what you're doing.

      tl;dr don’t pull a verizon

    • PureVoltagePureVoltage Member, Provider

      Good option is signing up with a company who has SIX or another exchange that has only a one time fee. Then you can get some real peering in :)

      PureVoltage Colocation with 6 Global locations, Seattle, LA, New York, Dallas, Chicago, and Amsterdam

    • First-RootFirst-Root Member, Provider
      edited June 2019

      @doghouch said:

      @jackb said:
      Dn42 until you know what you're doing.

      tl;dr don’t pull a verizon

      To be honest, the most providers will filter your announced routes based on your AS or As-Set. What Verizon is doing is insanely stupid and dangerous.

    • @FR_Michael said:

      @doghouch said:

      @jackb said:
      Dn42 until you know what you're doing.

      tl;dr don’t pull a verizon

      To be honest, the most providers will filter your announced routes based on your AS or As-Set. What Verizon is doing is insanely stupid and dangerous.

      I'll admit: I've tried announcing addresses (unused space) that I don't own just to see if the providers that I'm with have working filters.

      tl;dr HE/Choopa/Allstream have working filters :-)

    • First-RootFirst-Root Member, Provider

      @doghouch said:

      @FR_Michael said:

      @doghouch said:

      @jackb said:
      Dn42 until you know what you're doing.

      tl;dr don’t pull a verizon

      To be honest, the most providers will filter your announced routes based on your AS or As-Set. What Verizon is doing is insanely stupid and dangerous.

      I'll admit: I've tried announcing addresses (unused space) that I don't own just to see if the providers that I'm with have working filters.

      tl;dr HE/Choopa/Allstream have working filters :-)

    • FHRFHR Member, Provider

      HE has working filters only if your ASN has a PeeringDB record. @doghouch

      SkylonHost - affordable hourly-billed KVM VPS in Prague, CZ!
      Featuring own high performance network AS202297 | RIPE NCC member | Contact us for IPs/ASNs

    • @FHR said:
      HE has working filters only if your ASN has a PeeringDB record.

      I had a PeeringDB record when I was testing — it no longer exists though.

    • FHRFHR Member, Provider

      @doghouch said:

      @FHR said:
      HE has working filters only if your ASN has a PeeringDB record.

      I had a PeeringDB record when I was testing — it no longer exists though.

      It depends on when you did it. Their new system seems to behave like that.

      Anyway I managed to hijack stuff successfully so... (with full permission of the "victim" of course)

      SkylonHost - affordable hourly-billed KVM VPS in Prague, CZ!
      Featuring own high performance network AS202297 | RIPE NCC member | Contact us for IPs/ASNs

    • melanmelan Member

      dfroe said: In real life it is not just about to connect to as much peers as possible. You will more likely want to do some traffic engineering like avoiding certain paths or preferring other ones for certain ASNs. Depending on what you want to do, what you want to optimize or what problems you want to solve.

      Currently I have only one active peer that is HE as my NetAssist paths are filtered, that's why I tried to get more peers. as you said it seems my current setup is enough to my learning...

      dfroe said: However if you are searching for another BGP capable VPS you may have a look at First-Root. You can run bird or quagga on it and connect your LAN via any tunneling protocol of your choice. Keep your memory requirements in mind when dealing with full tables. You can get free BGP sessions starting with their 2 GB RAM VPS:

      I am looking into that too.. currently running quagga on one of my VPS, but it doesn't support BGP session so using a tunnel

      PureVoltage said: Good option is signing up with a company who has SIX or another exchange that has only a one time fee. Then you can get some real peering in

      unfortunately I am so far away from SIX... do you mean we can get a port from SIX and put my router in colocation provider?

    • PureVoltagePureVoltage Member, Provider

      @melan said:

      unfortunately I am so far away from SIX... do you mean we can get a port from SIX and put my router in colocation provider?

      Yeah, we have customers who do this with us in NY and Seattle to connect up to exchanges. However you have colo and any cross connect costs.
      In NY we don't charge for the cross connect just the costs for NYIIX.

      However it's a great way to get 1-2u colo and peering for cheap.

      PureVoltage Colocation with 6 Global locations, Seattle, LA, New York, Dallas, Chicago, and Amsterdam

    • melanmelan Member

      PureVoltage said: Yeah, we have customers who do this with us in NY and Seattle to connect up to exchanges. However you have colo and any cross connect costs.

      looks good. I am still at POC phase and not yet ready for a real setup...do you provide cross connects to custom locations or long distance wireless links (~10 KM from Tukwila, WA )?

    • FHRFHR Member, Provider

      PLEASE. Don't join any IXes until you know exactly what you're doing.

      With BGP sessions with VPS/dedi providers, they will usually filter you - so even if you mess up, nothing major will happen.

      If you mess up on an IX, any mistake can be very costly for everyone involved!

      SkylonHost - affordable hourly-billed KVM VPS in Prague, CZ!
      Featuring own high performance network AS202297 | RIPE NCC member | Contact us for IPs/ASNs

    • melanmelan Member

      FHR said: PLEASE. Don't join any IXes until you know exactly what you're doing.

      Sure...I am not planned to start anything on an IX soon.. may be not at all..

    • Hello. We would be glad to set up peering with you. our AS peer for ipv6 is AS6762

    • FHRFHR Member, Provider

      @DignusData said:
      Hello. We would be glad to set up peering with you. our AS peer for ipv6 is AS6762

      You operate Sparkle?

      SkylonHost - affordable hourly-billed KVM VPS in Prague, CZ!
      Featuring own high performance network AS202297 | RIPE NCC member | Contact us for IPs/ASNs

    • @FHR said:
      PLEASE. Don't join any IXes until you know exactly what you're doing.

      With BGP sessions with VPS/dedi providers, they will usually filter you - so even if you mess up, nothing major will happen.

      If you mess up on an IX, any mistake can be very costly for everyone involved!

      inb4 you announce 8.8.8.0/24 and it actually gets sent out to every peer in the exchange

      /no more DNS for u

    • melanmelan Member

      doghouch said: inb4 you announce 8.8.8.0/24 and it actually gets sent out to every peer in the exchange

      if I announce anything within my address space allocated by a LIR (/44), it does not make any harm to anyone, right? I am really confused about the statement "Do not break the internet", is it so easy to break it ? :)

    • FHRFHR Member, Provider

      melan said: is it so easy to break it?

      Yes.

      SkylonHost - affordable hourly-billed KVM VPS in Prague, CZ!
      Featuring own high performance network AS202297 | RIPE NCC member | Contact us for IPs/ASNs

    • @melan said:

      doghouch said: inb4 you announce 8.8.8.0/24 and it actually gets sent out to every peer in the exchange

      if I announce anything within my address space allocated by a LIR (/44), it does not make any harm to anyone, right? I am really confused about the statement "Do not break the internet", is it so easy to break it ? :)

      If the only route you export is your prefix than yes damage will be kept at minimal unless you start leaking routes than that is a whole new headache

      Typical guy alexneo.net

      Peering AS135103

    • @FHR said:

      melan said: is it so easy to break it?

      Yes.

      when you don’t know the consequences of announcing 8.8.8.0/24

    • melanmelan Member

      alexnjh said: If the only route you export is your prefix than yes damage will be kept at minimal unless you start leaking routes than that is a whole new headache

      make sense. then I believe I don't make any harm

      doghouch said: when you don’t know the consequences of announcing 8.8.8.0/24

      I know that google DNS has at least 15% of market share...just for curiosity, what is the penalty for someone intentionally or unintentionally announce someone's address space?

    • IonSwitch_StanIonSwitch_Stan Member, Host Rep

      penalty for someone intentionally or unintentionally announce someone's address space?

      $7.

    Sign In or Register to comment.