Yes!
Sent from my iPhone
On 8/02/2012, at 5:09 PM, "Andy Linton"
I've posted the slides I used at NZNOG at http://nzix.net/IXes.pdf
In summary:
The current system requires CityLink staff to process the updates posted to the relevant IX Change Routes page e.g. http://wix.nzix.net/cgi-bin/ChangeRoutes.cgi and this also creates work for staff at the ISPs requesting the changes. It also creates a number of updates to this list which are probably ignored by most of you.
We intend to change the scripts that generate the IPv4 Route Server configs as follows:
1) Construct a basic filter list that excludes 'bogons', default and prefixes over /24 e.g.
! Bogon filters made from Team Cymru data ! Retrieved 'http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt' (159 by tes) ip prefix-list filtered-routes seq 5 deny 0.0.0.0/8 ip prefix-list filtered-routes seq 10 deny 10.0.0.0/8 ip prefix-list filtered-routes seq 15 deny 127.0.0.0/8 ip prefix-list filtered-routes seq 20 deny 169.254.0.0/16 ip prefix-list filtered-routes seq 25 deny 172.16.0.0/12 ip prefix-list filtered-routes seq 30 deny 192.0.0.0/24 ip prefix-list filtered-routes seq 35 deny 192.0.2.0/24 ip prefix-list filtered-routes seq 40 deny 192.168.0.0/16 ip prefix-list filtered-routes seq 45 deny 198.18.0.0/15 ip prefix-list filtered-routes seq 50 deny 198.51.100.0/24 ip prefix-list filtered-routes seq 55 deny 203.0.113.0/24 ip prefix-list filtered-routes seq 60 deny 224.0.0.0/3 ! ! Don't allow default or prefixes over /24 ! ip prefix-list filtered-routes seq 65 deny 0.0.0.0/32 ip prefix-list filtered-routes seq 70 permit 0.0.0.0/0 le 24
2) Construct a bgp setup for each peer that looks like this:
!++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! BGP setup for 'citylink-corp-wn014-rt1' !++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! router bgp 9439 neighbor 202.7.0.221 remote-as 132040 neighbor 202.7.0.221 description citylink-corp-wn014-rt1 neighbor 202.7.0.221 transparent-nexthop neighbor 202.7.0.221 remove-private-AS neighbor 202.7.0.221 prefix-list filtered-routes in neighbor 202.7.0.221 prefix-list filtered-routes out neighbor 202.7.0.221 maximum-prefix 2000 neighbor 202.7.0.221 passive exit
3) Include AS path filtering to exclude routes that have leaked from the other NZ exchanges.
We'll also be doing similar things with the IPv6 Route Servers using /48 as the relevant prefix size.
What will this mean for you if you peer with the route servers?
1) You won't need to update your filters when you add/change/delete networks. 2) If you advertise prefixes from /25 to /29 to the route servers they won't be accepted. 3) If you've been using longer prefixes to do traffic engineering, you'll need to do something else. 4) You'll need to take more care with what routes you send to the Route Servers and with what routes you accept from them.
Why are we doing this?
To make things more straightforward and save costs.
When do we plan to do this?
Soon. Like this month - so if you've got issues with this then please contact us directly at peering(a)citylink.co.nz
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog