The ungleich routing infrastructure » History » Version 12
Nico Schottelius, 05/20/2019 12:46 PM
| 1 | 1 | Nico Schottelius | h1. The ungleich routing infrastructure |
|---|---|---|---|
| 2 | |||
| 3 | 4 | Nico Schottelius | {{toc}} |
| 4 | |||
| 5 | 1 | Nico Schottelius | h2. Status |
| 6 | |||
| 7 | This article is *IN PROGRESS*. |
||
| 8 | |||
| 9 | 2 | Nico Schottelius | h2. Peer with us! |
| 10 | 1 | Nico Schottelius | |
| 11 | 2 | Nico Schottelius | If you have a VM / IPv6 network from us and want to peer with us, the following steps should help you: |
| 12 | 1 | Nico Schottelius | |
| 13 | 2 | Nico Schottelius | * Send a request to support -at- ungleich.ch containing your |
| 14 | ** ASN |
||
| 15 | ** Networks |
||
| 16 | |||
| 17 | h3. ungleich routers |
||
| 18 | |||
| 19 | To BGP peer with us, you will need to establish 2 BGP sessions (for redundancy reasons). The routers depend on the IPv6 that your endpoint has: |
||
| 20 | |||
| 21 | 3 | Nico Schottelius | |_. Your VM is in ... |_. ... then peer with | |
| 22 | 2 | Nico Schottelius | | 2a0a:e5c0:0:2::/64 | 2a0a:e5c0:0:2::3 2a0a:e5c0:0:2::4 | |
| 23 | | 2a0a:e5c0:0:5::/64 | 2a0a:e5c0:0:5::3 2a0a:e5c0:0:5::4 | |
||
| 24 | | 2a0a:e5c0:2:2::/64 | 2a0a:e5c0:2:2::5 2a0a:e5c0:2:2::6 | |
||
| 25 | |||
| 26 | You will receive the full IPv6 routing table from us. |
||
| 27 | 4 | Nico Schottelius | |
| 28 | h3. Configuration for you (the peer) |
||
| 29 | |||
| 30 | If you are using bird for peering, your configuration can look similar to this: |
||
| 31 | |||
| 32 | <pre> |
||
| 33 | # Adjust filters to your own preference |
||
| 34 | filter from_ungleich { |
||
| 35 | accept; |
||
| 36 | } |
||
| 37 | filter to_ungleich { |
||
| 38 | accept; |
||
| 39 | } |
||
| 40 | |||
| 41 | |||
| 42 | protocol bgp ungleichrouter1 { |
||
| 43 | local as YOURASN; |
||
| 44 | neighbor SELECT_FROM_TABLE_ABOVE1 as 209898; |
||
| 45 | |||
| 46 | import filter from_ungleich; |
||
| 47 | export filter to_ungleich; |
||
| 48 | } |
||
| 49 | |||
| 50 | protocol bgp ungleichrouter2 { |
||
| 51 | local as YOURASN; |
||
| 52 | neighbor SELECT_FROM_TABLE_ABOVE2 as 209898; |
||
| 53 | |||
| 54 | import filter from_ungleich; |
||
| 55 | export filter to_ungleich; |
||
| 56 | } |
||
| 57 | |||
| 58 | </pre> |
||
| 59 | |||
| 60 | h3. Configuration for ungleich |
||
| 61 | |||
| 62 | These instructions are for ungleich staff. |
||
| 63 | |||
| 64 | * Create / edit in the cdist type __ungleich_bgp_router: |
||
| 65 | ** ${peer}_v6.conf (very similar to the peer example above) |
||
| 66 | ** bird6.conf: define networks of peer (net_${peer}) |
||
| 67 | ** general.conf: add appropriate filters |
||
| 68 | * Apply bgp configuration or full cdist config |
||
| 69 | ** cdist config -vvp6 -bj5 router{..}.place{..}.ungleich.ch # full |
||
| 70 | ** echo __ungleich_bgp_router | cdist config -i - -vvp6 -bj5 router{..}.place{..}.ungleich.ch # routing only |
||
| 71 | * Verify that config has been applied |
||
| 72 | ** bird6c |
||
| 73 | 8 | Jin-Guk Kwon | ** birdc6 conf |
| 74 | 4 | Nico Schottelius | ** show route protocol $peer |
| 75 | 10 | Nico Schottelius | * Update our AS-SET at www.ripe.net (currently manually, later via REST API) |
| 76 | 12 | Nico Schottelius | ** Need to modify "as-ungleich-downstream": add the ASN or the AS-SET of downstream |
| 77 | *** By default add the ASN |
||
| 78 | *** Use AS-SET if customer supplies us with an AS-SET |
||
| 79 | 5 | Nico Schottelius | * Send an update by mail to init7 & netstream for the new prefixes |
| 80 | ** best is via RT |
||
| 81 | 7 | Jin-Guk Kwon | <pre> |
| 82 | 9 | Jin-Guk Kwon | Subject : Configure routing for ASN <...> |
| 83 | |||
| 84 | 7 | Jin-Guk Kwon | Hello INIT7/NETSTERAM, |
| 85 | |||
| 86 | we newly peer with a new ASN <ADDASNHERE> which has the networks <ADDNETWORKSHERE>. |
||
| 87 | |||
| 88 | Can you please add these networks to your whitelist and let us know when they should be reachable? |
||
| 89 | |||
| 90 | Best, |
||
| 91 | |||
| 92 | Jin-Guk |
||
| 93 | 8 | Jin-Guk Kwon | </pre> |
| 94 | 2 | Nico Schottelius | |
| 95 | 1 | Nico Schottelius | h2. RIPE |
| 96 | |||
| 97 | Our networks are registered with ripe. |
||
| 98 | |||
| 99 | 11 | Nico Schottelius | h3. AS-SETS |
| 100 | |||
| 101 | Our AS is configured with the following AS-SETs (excerpt from @whois AS209898@): |
||
| 102 | |||
| 103 | <pre> |
||
| 104 | aut-num: AS209898 |
||
| 105 | as-name: ungleich |
||
| 106 | org: ORG-UG21-RIPE |
||
| 107 | import: from as-ungleich-upstream accept ANY |
||
| 108 | export: to as-ungleich-upstream announce as-ungleich |
||
| 109 | import: from as-ungleich-downstream accept as-ungleich-downstream |
||
| 110 | export: to as-ungleich-downstream announce ANY |
||
| 111 | </pre> |
||
| 112 | |||
| 113 | * as-ungleich-upstream: contains all our upstreams |
||
| 114 | * as-ungleich-downstream: contains our downstreams AS-SETS or downstream routes |
||
| 115 | * as-ungleich: contains *our* networks and all our downstream networks |
||
| 116 | |||
| 117 | |||
| 118 | 1 | Nico Schottelius | h3. Maintainer |
| 119 | |||
| 120 | All objects should have the *mnt-by* flag of *mnt-ungleich*. This maintainer handle is usable by all our LIR accounts. |
||
| 121 | 2 | Nico Schottelius | |
| 122 | |||
| 123 | h3. CLI |
||
| 124 | |||
| 125 | A cli for accessing RIPE's rest interface is developed on https://code.ungleich.ch/ungleich-public/ungleich-cli |