Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


BGP communities you’d want with your BGP powered VPS?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

BGP communities you’d want with your BGP powered VPS?

FranciscoFrancisco Top Host, Host Rep, Veteran

Hello everyone,

With 2FA and ISO uploading now rolled out into Stallion I’ll be focusing on our next big addon: BGP sessions. This will allow you to announce your IP space (or if you don’t have any, do load balancing via ECMP of your slice instances).

The big thing I’m wanting to know is what BGP communities would you want access to? The main ones I see so far would be:

  • Control which upstream your route goes out of (be it a full allow/deny, or prepends)
  • Informational communities to know which upstream it was learned from
  • Blackholing an IP address

Do you see a need to prepend against users within the location? So, other customers?

Once we got the communities and such worked out we figure we can get this built out in a couple weeks, depending on how busy I get with the New York upgrades.

Thanks!

Francisco

Comments

  • Sounds great! Even more interesting since (afaik) no other providers do BGP sessions on VPS in Las Vegas nor Luxembourg.

    It's nice to have:

    • Communities passthrough to upstream
    • Lower local preference within the location
    • 1x, 2x, 3x prepend or no announce per upstream/peer, preferably ASN-based

    Also, I like to see those implemented using extended or large communities so that they don't collide with upstream's.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @udonworld said: Also, I like to see those implemented using extended or large communities so that they don't collide with upstream's.

    Basically everything under my AS would be large communities :) I wouldn't want to be excluding AS32 users.

    A few others have asked for tagging of all BGP users. I've been spending a bit of time tonight playing with BIRD and I think it'll go pretty nicely.

    Passthrough would be no problem.

    Francisco

  • zenkizenki Member

    Exciting! I would like blackhole communities.

    By the way, when it releases, will it be available in all locations?

  • lorianlorian Member

    @Francisco Will you offer DDOS-Protection for BGP, too?

  • HxxxHxxx Member

    Great, thanks Francisco

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @lorian said:
    @Francisco Will you offer DDOS-Protection for BGP, too?

    Not for free, no. No one does that.

    @HyperK9 said:
    Exciting! I would like blackhole communities.

    By the way, when it releases, will it be available in all locations?

    Blackhole will be there as well as our autonull will automagically catch all subnets.

    Yes, since there's no hardware requirements to deploy this we can roll out all locations at the same time :) New York will join NYIIX with the Ryzen move and if there's enough demand (maybe a fee of sorts, not sure) we can look at joining LU-CIX.

    Francisco

    Thanked by 1zenki
  • SplitIceSplitIce Member, Host Rep
    • No export, No announce (including IX) and 1-3 prepends per upstream
    • 0:$ASN passed through to IX (but not transit)
    • All other communities that are not yours passed through to all peers
    • /32 nullroute community

    To prevent conflicts you can always use some space from within your own ASN or private ASNs. Private ASN range is usually better.

  • SplitIceSplitIce Member, Host Rep

    A knowledgebase page with your transit & peers and their coded ASNs would also be nice. Too many providers refuse to publish theirs making it more difficult than it needs to be to TE BGP.

    Thanked by 1maverickp
  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @SplitIce said: To prevent conflicts you can always use some space from within your own ASN or private ASNs. Private ASN range is usually better.

    We'll be using large communities for all "Frantech" stuff, minus nullroutes which will use the standard :666.

    We'll pass through all communities to upstreams as well as normalize adding/prepending to those upstreams.

    Users will be able to put 53667:109:174 to stop announcements to Cogent or 53667:109:6939 to stop announcements to HE.

    Francisco

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @SplitIce said:
    A knowledgebase page with your transit & peers and their coded ASNs would also be nice. Too many providers refuse to publish theirs making it more difficult than it needs to be to TE BGP.

    I'll document the 'always the same between all locations' right in the BGP page of each session (it'll show as a new tab in the Networking section of a VPS). For location specific a KB article would be good.

    Francisco

Sign In or Register to comment.