Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Looking for IPv6 peering
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Looking for IPv6 peering

melanmelan Member

Recently I've registered RIPE ASN and I would like to get real world experience with BGP, currently peered with Hurricane Electric and NetAssist.. anyone interesting in peering over IPSec or OpenVPN tunnel?
Thanks!

Comments

  • jackbjackb Member, Host Rep

    Dn42 until you know what you're doing.

  • rubenruben Member, Host Rep

    jackb said: Dn42 until you know what you're doing.

    This^
    Most important advice: learn how to build good filters.
    And afterward maybe have a look at this: https://evix.org/

    Thanked by 1melan
  • melanmelan Member

    jackb said: Dn42 until you know what you're doing.

    I had a Dn42 setup on VirtualBox using FreeBSD/OpenBGPD, unfortunately it doesn't work after kernel update on my host, I'l try to fix it...

    ruben said: This^

    Most important advice: learn how to build good filters.
    And afterward maybe have a look at this: https://evix.org/
    I am not sure what should I learn first, Could you please point me good tutorial

    Thanks!

  • rubenruben Member, Host Rep

    melan said: I am not sure what should I learn first, Could you please point me good tutorial

    There are many good pointers out there. Read through eg. Wikis and also the DN42 site, have a look at various documentations of your router software.
    Start by setting up a simple BGP session towards NE & HE with simple filters, announce one prefix. Peer with other networks, talk to people. Some people will help, let them check your config. Start using communities, build sophisticated filters... I think you will learn the most while doing it.
    I use Bird, so https://gitlab.labs.nic.cz/labs/bird/wikis/home also: https://ourtechplanet.com/bgp-fundamentals-part-1/
    Or a book (there is a pdf available on google): BGP - Building Reliable Networks with the Border Gateway Protocol

    Thanked by 2uptime melan
  • dfroedfroe Member, Host Rep

    @melan said: I would like to get real world experience with BGP, currently peered with Hurricane Electric and NetAssist.

    And what exactly feels 'unreal' with your two upstream providers?

    You are dual homed, receive full BGP tables, can announce prefixes, configure filters, and make use of route-maps to modify outbound exports and inbound imports.

    As already mentioned: Unless you know what you're doing, use DN42.
    And please: Do not break the internet. :smiley:

    Thanked by 2uptime ruben
  • melanmelan Member

    dfroe said: And what exactly feels 'unreal' with your two upstream providers?

    I did not meant that using HE or NetAssist is a unreal thing (may be my bad English), without them I am hopeless, just wanted to try with more peers make it 'more real'...

    dfroe said: And please: Do not break the internet. :smiley:

    Sure...will read on it...
    Thanks!

  • dfroedfroe Member, Host Rep

    @melan said:
    I did not meant that using HE or NetAssist is a unreal thing (may be my bad English), without them I am hopeless, just wanted to try with more peers make it 'more real'...

    Don't expect it to feel more real just by increasing the number of peers...

    It most likely won't increase your visibility and some changing AS Path strings shouldn't make you very excited.

    In real life it is not just about to connect to as much peers as possible. You will more likely want to do some traffic engineering like avoiding certain paths or preferring other ones for certain ASNs. Depending on what you want to do, what you want to optimize or what problems you want to solve.

    However if you are searching for another BGP capable VPS you may have a look at First-Root. You can run bird or quagga on it and connect your LAN via any tunneling protocol of your choice. Keep your memory requirements in mind when dealing with full tables. You can get free BGP sessions starting with their 2 GB RAM VPS:

    https://www.lowendtalk.com/discussion/157995/germany-all-flash-kvm-on-redundant-a-b-power-nodes-starting-at-3-eur-month-2fa-novnc-f-com

    There is also combahton / fastpipe with similiar offers:

    https://www.lowendtalk.com/discussion/158036/fastpipe-io-ssd-cloud-servers-kvm-frankfurt-germany-free-bgp-starting-at-2-95

    Maintaining a VPS with linux OS, routing engine, iptables etc. will be more advanced than just having a GRE tunnel. But it can give you more flexibility - if you know what you are doing.

    Thanked by 3First-Root FHR malek
  • @jackb said:
    Dn42 until you know what you're doing.

    tl;dr don’t pull a verizon

  • PureVoltagePureVoltage Member, Patron Provider

    Good option is signing up with a company who has SIX or another exchange that has only a one time fee. Then you can get some real peering in :)

  • First-RootFirst-Root Member, Host Rep
    edited June 2019

    @doghouch said:

    @jackb said:
    Dn42 until you know what you're doing.

    tl;dr don’t pull a verizon

    To be honest, the most providers will filter your announced routes based on your AS or As-Set. What Verizon is doing is insanely stupid and dangerous.

  • @FR_Michael said:

    @doghouch said:

    @jackb said:
    Dn42 until you know what you're doing.

    tl;dr don’t pull a verizon

    To be honest, the most providers will filter your announced routes based on your AS or As-Set. What Verizon is doing is insanely stupid and dangerous.

    I'll admit: I've tried announcing addresses (unused space) that I don't own just to see if the providers that I'm with have working filters.

    tl;dr HE/Choopa/Allstream have working filters :-)

  • First-RootFirst-Root Member, Host Rep

    @doghouch said:

    @FR_Michael said:

    @doghouch said:

    @jackb said:
    Dn42 until you know what you're doing.

    tl;dr don’t pull a verizon

    To be honest, the most providers will filter your announced routes based on your AS or As-Set. What Verizon is doing is insanely stupid and dangerous.

    I'll admit: I've tried announcing addresses (unused space) that I don't own just to see if the providers that I'm with have working filters.

    tl;dr HE/Choopa/Allstream have working filters :-)

  • FHRFHR Member, Host Rep

    HE has working filters only if your ASN has a PeeringDB record. @doghouch

  • @FHR said:
    HE has working filters only if your ASN has a PeeringDB record.

    I had a PeeringDB record when I was testing — it no longer exists though.

  • FHRFHR Member, Host Rep

    @doghouch said:

    @FHR said:
    HE has working filters only if your ASN has a PeeringDB record.

    I had a PeeringDB record when I was testing — it no longer exists though.

    It depends on when you did it. Their new system seems to behave like that.

    Anyway I managed to hijack stuff successfully so... (with full permission of the "victim" of course)

  • melanmelan Member

    dfroe said: In real life it is not just about to connect to as much peers as possible. You will more likely want to do some traffic engineering like avoiding certain paths or preferring other ones for certain ASNs. Depending on what you want to do, what you want to optimize or what problems you want to solve.

    Currently I have only one active peer that is HE as my NetAssist paths are filtered, that's why I tried to get more peers. as you said it seems my current setup is enough to my learning...

    dfroe said: However if you are searching for another BGP capable VPS you may have a look at First-Root. You can run bird or quagga on it and connect your LAN via any tunneling protocol of your choice. Keep your memory requirements in mind when dealing with full tables. You can get free BGP sessions starting with their 2 GB RAM VPS:

    I am looking into that too.. currently running quagga on one of my VPS, but it doesn't support BGP session so using a tunnel

    PureVoltage said: Good option is signing up with a company who has SIX or another exchange that has only a one time fee. Then you can get some real peering in

    unfortunately I am so far away from SIX... do you mean we can get a port from SIX and put my router in colocation provider?

  • PureVoltagePureVoltage Member, Patron Provider

    @melan said:

    unfortunately I am so far away from SIX... do you mean we can get a port from SIX and put my router in colocation provider?

    Yeah, we have customers who do this with us in NY and Seattle to connect up to exchanges. However you have colo and any cross connect costs.
    In NY we don't charge for the cross connect just the costs for NYIIX.

    However it's a great way to get 1-2u colo and peering for cheap.

  • melanmelan Member

    PureVoltage said: Yeah, we have customers who do this with us in NY and Seattle to connect up to exchanges. However you have colo and any cross connect costs.

    looks good. I am still at POC phase and not yet ready for a real setup...do you provide cross connects to custom locations or long distance wireless links (~10 KM from Tukwila, WA )?

  • FHRFHR Member, Host Rep

    PLEASE. Don't join any IXes until you know exactly what you're doing.

    With BGP sessions with VPS/dedi providers, they will usually filter you - so even if you mess up, nothing major will happen.

    If you mess up on an IX, any mistake can be very costly for everyone involved!

  • melanmelan Member

    FHR said: PLEASE. Don't join any IXes until you know exactly what you're doing.

    Sure...I am not planned to start anything on an IX soon.. may be not at all..

  • Hello. We would be glad to set up peering with you. our AS peer for ipv6 is AS6762

  • FHRFHR Member, Host Rep

    @DignusData said:
    Hello. We would be glad to set up peering with you. our AS peer for ipv6 is AS6762

    You operate Sparkle?

  • @FHR said:
    PLEASE. Don't join any IXes until you know exactly what you're doing.

    With BGP sessions with VPS/dedi providers, they will usually filter you - so even if you mess up, nothing major will happen.

    If you mess up on an IX, any mistake can be very costly for everyone involved!

    inb4 you announce 8.8.8.0/24 and it actually gets sent out to every peer in the exchange

    /no more DNS for u

  • melanmelan Member

    doghouch said: inb4 you announce 8.8.8.0/24 and it actually gets sent out to every peer in the exchange

    if I announce anything within my address space allocated by a LIR (/44), it does not make any harm to anyone, right? I am really confused about the statement "Do not break the internet", is it so easy to break it ? :)

  • FHRFHR Member, Host Rep

    melan said: is it so easy to break it?

    Yes.

  • @melan said:

    doghouch said: inb4 you announce 8.8.8.0/24 and it actually gets sent out to every peer in the exchange

    if I announce anything within my address space allocated by a LIR (/44), it does not make any harm to anyone, right? I am really confused about the statement "Do not break the internet", is it so easy to break it ? :)

    If the only route you export is your prefix than yes damage will be kept at minimal unless you start leaking routes than that is a whole new headache

  • @FHR said:

    melan said: is it so easy to break it?

    Yes.

    when you don’t know the consequences of announcing 8.8.8.0/24

  • melanmelan Member

    alexnjh said: If the only route you export is your prefix than yes damage will be kept at minimal unless you start leaking routes than that is a whole new headache

    make sense. then I believe I don't make any harm

    doghouch said: when you don’t know the consequences of announcing 8.8.8.0/24

    I know that google DNS has at least 15% of market share...just for curiosity, what is the penalty for someone intentionally or unintentionally announce someone's address space?

  • IonSwitch_StanIonSwitch_Stan Member, Host Rep

    penalty for someone intentionally or unintentionally announce someone's address space?

    $7.

Sign In or Register to comment.