The ungleich routing infrastructure¶

• Table of contents
• The ungleich routing infrastructure
  • Status
  • Peer with us!
    • ungleich routers
    • Configuration for you (the peer)
    • Configuration for ungleich
  • RIPE
    • AS-SETS
    • Maintainer
    • CLI

Status¶

This article is IN PROGRESS.

Peer with us!¶

If you have a VM / IPv6 network from us and want to peer with us, the following steps should help you:

• Send a request to support at ungleich.ch containing your
  • ASN
  • Networks

ungleich routers¶

To BGP peer with us, you will need to establish 2 BGP sessions (for redundancy reasons). The routers depend on the IPv6 that your endpoint has:

Your VM is in ...	... then peer with
2a0a:e5c0:0:2::/64	2a0a:e5c0:0:2::3 2a0a:e5c0:0:2::4
2a0a:e5c0:0:5::/64	2a0a:e5c0:0:5::3 2a0a:e5c0:0:5::4
2a0a:e5c0:2:2::/64	2a0a:e5c0:2:2::5 2a0a:e5c0:2:2::6

You will receive the full IPv6 routing table from us.

Configuration for you (the peer)¶

If you are using bird for peering, your configuration can look similar to this:

# Adjust filters to your own preference
filter from_ungleich {
  accept;
}
filter to_ungleich {
  accept;
}

protocol bgp ungleichrouter1 {
    local as YOURASN;
    neighbor SELECT_FROM_TABLE_ABOVE1 as 209898;

    import filter from_ungleich;
    export filter to_ungleich;
}

protocol bgp ungleichrouter2 {
    local as YOURASN;
    neighbor SELECT_FROM_TABLE_ABOVE2 as 209898;

    import filter from_ungleich;
    export filter to_ungleich;
}

Configuration for ungleich¶

These instructions are for ungleich staff.

• Create / edit in the cdist type __ungleich_bgp_router:
  • ${peer}_v6.conf (very similar to the peer example above)
  • bird6.conf: define networks of peer (net_${peer})
  • general.conf: add appropriate filters
• Apply bgp configuration or full cdist config
  • cdist config -vvp6 -bj5 router{..}.place{..}.ungleich.ch # full
  • echo __ungleich_bgp_router | cdist config -i - -vvp6 -bj5 router{..}.place{..}.ungleich.ch # routing only
• Verify that config has been applied
  • bird6c
  • birdc6 conf
  • show route protocol $peer
• Update our AS-SET at www.ripe.net (currently manually, later via REST API)
  • Need to modify "as-ungleich-downstream": add the ASN or the AS-SET of downstream
    • By default add the ASN
    • Use AS-SET if customer supplies us with an AS-SET
• Send an update by mail to init7 & netstream for the new prefixes
  • best is via RT
    

    Subject : Configure routing for ASN <...>
    
    Hello INIT7/NETSTERAM,
    
    we newly peer with a new ASN <ADDASNHERE> which has the networks <ADDNETWORKSHERE>. 
    
    Can you please add these networks to your whitelist and let us know when they should be reachable?
    
    Best,
    
    Jin-Guk
    

RIPE¶

Our networks are registered with ripe.

AS-SETS¶

Our AS is configured with the following AS-SETs (excerpt from whois AS209898):

aut-num:        AS209898
as-name:        ungleich
org:            ORG-UG21-RIPE
import:         from as-ungleich-upstream accept ANY
export:         to as-ungleich-upstream announce as-ungleich
import:         from as-ungleich-downstream accept as-ungleich-downstream
export:         to as-ungleich-downstream announce ANY

• as-ungleich-upstream: contains all our upstreams
• as-ungleich-downstream: contains our downstreams AS-SETS or downstream routes
• as-ungleich: contains our networks and all our downstream networks

Maintainer¶

All objects should have the mnt-by flag of mnt-ungleich. This maintainer handle is usable by all our LIR accounts.

CLI¶

A cli for accessing RIPE's rest interface is developed on https://code.ungleich.ch/ungleich-public/ungleich-cli