Project

General

Profile

Actions

The ungleich routing infrastructure

Status

This article is IN PROGRESS.

Peer with us!

If you have a VM / IPv6 network from us and want to peer with us, the following steps should help you:

  • Send a request to support at ungleich.ch containing your
    • ASN
    • Networks

ungleich routers

To BGP peer with us, you will need to establish 2 BGP sessions (for redundancy reasons). The routers depend on the IPv6 that your endpoint has:

Your VM is in ... ... then peer with
2a0a:e5c0:0:2::/64 2a0a:e5c0:0:2::3 2a0a:e5c0:0:2::4
2a0a:e5c0:0:5::/64 2a0a:e5c0:0:5::3 2a0a:e5c0:0:5::4
2a0a:e5c0:2:2::/64 2a0a:e5c0:2:2::5 2a0a:e5c0:2:2::6

You will receive the full IPv6 routing table from us.

Configuration for you (the peer)

If you are using bird for peering, your configuration can look similar to this:

# Adjust filters to your own preference
filter from_ungleich {
  accept;
}
filter to_ungleich {
  accept;
}

protocol bgp ungleichrouter1 {
    local as YOURASN;
    neighbor SELECT_FROM_TABLE_ABOVE1 as 209898;

    import filter from_ungleich;
    export filter to_ungleich;
}

protocol bgp ungleichrouter2 {
    local as YOURASN;
    neighbor SELECT_FROM_TABLE_ABOVE2 as 209898;

    import filter from_ungleich;
    export filter to_ungleich;
}

Configuration for ungleich

These instructions are for ungleich staff.

  • Create / edit in the cdist type __ungleich_bgp_router:
    • ${peer}_v6.conf (very similar to the peer example above)
    • bird6.conf: define networks of peer (net_${peer})
    • general.conf: add appropriate filters
  • Apply bgp configuration or full cdist config
    • cdist config -vvp6 -bj5 router{..}.place{..}.ungleich.ch # full
    • echo __ungleich_bgp_router | cdist config -i - -vvp6 -bj5 router{..}.place{..}.ungleich.ch # routing only
  • Verify that config has been applied
    • bird6c
    • birdc6 conf
    • show route protocol $peer
  • Update our AS-SET at www.ripe.net (currently manually, later via REST API)
    • Need to modify "as-ungleich-downstream": add the ASN or the AS-SET of downstream
      • By default add the ASN
      • Use AS-SET if customer supplies us with an AS-SET
  • Send an update by mail to init7 & netstream for the new prefixes
    • best is via RT
      Subject : Configure routing for ASN <...>
      
      Hello INIT7/NETSTERAM,
      
      we newly peer with a new ASN <ADDASNHERE> which has the networks <ADDNETWORKSHERE>. 
      
      Can you please add these networks to your whitelist and let us know when they should be reachable?
      
      Best,
      
      Jin-Guk
      

RIPE

Our networks are registered with ripe.

AS-SETS

Our AS is configured with the following AS-SETs (excerpt from whois AS209898):

aut-num:        AS209898
as-name:        ungleich
org:            ORG-UG21-RIPE
import:         from as-ungleich-upstream accept ANY
export:         to as-ungleich-upstream announce as-ungleich
import:         from as-ungleich-downstream accept as-ungleich-downstream
export:         to as-ungleich-downstream announce ANY
  • as-ungleich-upstream: contains all our upstreams
  • as-ungleich-downstream: contains our downstreams AS-SETS or downstream routes
  • as-ungleich: contains our networks and all our downstream networks

Maintainer

All objects should have the mnt-by flag of mnt-ungleich. This maintainer handle is usable by all our LIR accounts.

CLI

A cli for accessing RIPE's rest interface is developed on https://code.ungleich.ch/ungleich-public/ungleich-cli

Updated by Nico Schottelius 6 months ago · 12 revisions