Re: [nznog] NZIX route server filtering (Was: Hurricane Electric joining APE)

Dear Nathan, On Wed, Oct 24, 2018 at 11:18:34PM +1300, Nathan Ward wrote:

...

On 24/10/2018, at 10:57 PM, Job Snijders wrote:

I was reviewing http://www.nzix.net/getstarted.html - is there any specific reason these route servers are basic unfiltered?

While this isn’t an answer, there’s some history. I imagine others from Citylink themselves will have info on the current state.

They used to be filtered, the config was generated by a script and the process (quagga or zebra or what not) restarted. Meant that BGP sessions flapped whenever there was a policy update, rather than some sort of soft reload. People didn’t like that very much.

Agreed - needing to flap sessions to load a freshly generated configuration is not a great way to do things.

I recall someone was looking at soft reloads, but I don’t know if that got implemented. I imagine current state (i.e. bogons and a prefix limit) is where that got too.

Thanks for the background - at this point (2018) I'd strongly recommend any IXP to not use zebra & quagga, but instead use BIRD and OpenBGPD. Both have the capability to do seamless policy configuration reloads. There are excellent free tools that can help generate feature rich & secure configurations: http://arouteserver.readthedocs.io/ https://www.ixpmanager.org/ Kind regards, Job