Project

General

Profile

The ungleich routing infrastructure » History » Revision 10

Revision 9 (Jin-Guk Kwon, 05/16/2019 08:14 PM) → Revision 10/12 (Nico Schottelius, 05/17/2019 10:08 AM)

h1. The ungleich routing infrastructure 

 {{toc}} 

 h2. Status 

 This article is *IN PROGRESS*. 

 h2. Peer with us! 

 If you have a VM / IPv6 network from us and want to peer with us, the following steps should help you: 

 * Send a request to support -at- ungleich.ch containing your 
 ** ASN 
 ** Networks 

 h3. ungleich routers 

 To BGP peer with us, you will need to establish 2 BGP sessions (for redundancy reasons). The routers depend on the IPv6 that your endpoint has: 

 |_. Your VM is in ... |_. ... then peer with | 
 | 2a0a:e5c0:0:2::/64 | 2a0a:e5c0:0:2::3 2a0a:e5c0:0:2::4 | 
 | 2a0a:e5c0:0:5::/64 | 2a0a:e5c0:0:5::3 2a0a:e5c0:0:5::4 | 
 | 2a0a:e5c0:2:2::/64 | 2a0a:e5c0:2:2::5 2a0a:e5c0:2:2::6 | 

 You will receive the full IPv6 routing table from us. 

 h3. Configuration for you (the peer) 

 If you are using bird for peering, your configuration can look similar to this: 

 <pre> 
 # Adjust filters to your own preference 
 filter from_ungleich { 
   accept; 
 } 
 filter to_ungleich { 
   accept; 
 } 


 protocol bgp ungleichrouter1 { 
	 local as YOURASN; 
	 neighbor SELECT_FROM_TABLE_ABOVE1 as 209898; 

	 import filter from_ungleich; 
	 export filter to_ungleich; 
 } 

 protocol bgp ungleichrouter2 { 
	 local as YOURASN; 
	 neighbor SELECT_FROM_TABLE_ABOVE2 as 209898; 

	 import filter from_ungleich; 
	 export filter to_ungleich; 
 } 

 </pre> 

 h3. Configuration for ungleich 

 These instructions are for ungleich staff. 

 * Create / edit in the cdist type __ungleich_bgp_router: 
 ** ${peer}_v6.conf (very similar to the peer example above) 
 ** bird6.conf: define networks of peer (net_${peer}) 
 ** general.conf: add appropriate filters 
 * Apply bgp configuration or full cdist config 
 ** cdist config -vvp6 -bj5 router{..}.place{..}.ungleich.ch # full 
 ** echo __ungleich_bgp_router | cdist config -i - -vvp6 -bj5 router{..}.place{..}.ungleich.ch # routing only 
 * Verify that config has been applied 
 ** bird6c 
 ** birdc6 conf 
 ** show route protocol $peer 
 * Update our AS-SET at www.ripe.net (currently manually, later via REST API) 
 ** ... 
 * Send an update by mail to init7 & netstream for the new prefixes 
 ** best is via RT 
 <pre> 
 Subject : Configure routing for ASN <...> 

 Hello INIT7/NETSTERAM, 

 we newly peer with a new ASN <ADDASNHERE> which has the networks <ADDNETWORKSHERE>.  

 Can you please add these networks to your whitelist and let us know when they should be reachable? 

 Best, 

 Jin-Guk 
 </pre> 

 h2. RIPE 

 Our networks are registered with ripe. 

 h3. Maintainer 

 All objects should have the *mnt-by* flag of *mnt-ungleich*. This maintainer handle is usable by all our LIR accounts. 


 h3. CLI 

 A cli for accessing RIPE's rest interface is developed on https://code.ungleich.ch/ungleich-public/ungleich-cli