New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Dn42 until you know what you're doing.
This^
Most important advice: learn how to build good filters.
And afterward maybe have a look at this: https://evix.org/
I had a Dn42 setup on VirtualBox using FreeBSD/OpenBGPD, unfortunately it doesn't work after kernel update on my host, I'l try to fix it...
Most important advice: learn how to build good filters.
And afterward maybe have a look at this: https://evix.org/
I am not sure what should I learn first, Could you please point me good tutorial
Thanks!
There are many good pointers out there. Read through eg. Wikis and also the DN42 site, have a look at various documentations of your router software.
Start by setting up a simple BGP session towards NE & HE with simple filters, announce one prefix. Peer with other networks, talk to people. Some people will help, let them check your config. Start using communities, build sophisticated filters... I think you will learn the most while doing it.
I use Bird, so https://gitlab.labs.nic.cz/labs/bird/wikis/home also: https://ourtechplanet.com/bgp-fundamentals-part-1/
Or a book (there is a pdf available on google): BGP - Building Reliable Networks with the Border Gateway Protocol
And what exactly feels 'unreal' with your two upstream providers?
You are dual homed, receive full BGP tables, can announce prefixes, configure filters, and make use of route-maps to modify outbound exports and inbound imports.
As already mentioned: Unless you know what you're doing, use DN42.
And please: Do not break the internet.
I did not meant that using HE or NetAssist is a unreal thing (may be my bad English), without them I am hopeless, just wanted to try with more peers make it 'more real'...
Sure...will read on it...
Thanks!
Don't expect it to feel more real just by increasing the number of peers...
It most likely won't increase your visibility and some changing AS Path strings shouldn't make you very excited.
In real life it is not just about to connect to as much peers as possible. You will more likely want to do some traffic engineering like avoiding certain paths or preferring other ones for certain ASNs. Depending on what you want to do, what you want to optimize or what problems you want to solve.
However if you are searching for another BGP capable VPS you may have a look at First-Root. You can run bird or quagga on it and connect your LAN via any tunneling protocol of your choice. Keep your memory requirements in mind when dealing with full tables. You can get free BGP sessions starting with their 2 GB RAM VPS:
https://www.lowendtalk.com/discussion/157995/germany-all-flash-kvm-on-redundant-a-b-power-nodes-starting-at-3-eur-month-2fa-novnc-f-com
There is also combahton / fastpipe with similiar offers:
https://www.lowendtalk.com/discussion/158036/fastpipe-io-ssd-cloud-servers-kvm-frankfurt-germany-free-bgp-starting-at-2-95
Maintaining a VPS with linux OS, routing engine, iptables etc. will be more advanced than just having a GRE tunnel. But it can give you more flexibility - if you know what you are doing.
tl;dr don’t pull a verizon
Good option is signing up with a company who has SIX or another exchange that has only a one time fee. Then you can get some real peering in
To be honest, the most providers will filter your announced routes based on your AS or As-Set. What Verizon is doing is insanely stupid and dangerous.
I'll admit: I've tried announcing addresses (unused space) that I don't own just to see if the providers that I'm with have working filters.
tl;dr HE/Choopa/Allstream have working filters :-)
HE has working filters only if your ASN has a PeeringDB record. @doghouch
I had a PeeringDB record when I was testing — it no longer exists though.
It depends on when you did it. Their new system seems to behave like that.
Anyway I managed to hijack stuff successfully so... (with full permission of the "victim" of course)
Currently I have only one active peer that is HE as my NetAssist paths are filtered, that's why I tried to get more peers. as you said it seems my current setup is enough to my learning...
I am looking into that too.. currently running quagga on one of my VPS, but it doesn't support BGP session so using a tunnel
unfortunately I am so far away from SIX... do you mean we can get a port from SIX and put my router in colocation provider?
Yeah, we have customers who do this with us in NY and Seattle to connect up to exchanges. However you have colo and any cross connect costs.
In NY we don't charge for the cross connect just the costs for NYIIX.
However it's a great way to get 1-2u colo and peering for cheap.
looks good. I am still at POC phase and not yet ready for a real setup...do you provide cross connects to custom locations or long distance wireless links (~10 KM from Tukwila, WA )?
PLEASE. Don't join any IXes until you know exactly what you're doing.
With BGP sessions with VPS/dedi providers, they will usually filter you - so even if you mess up, nothing major will happen.
If you mess up on an IX, any mistake can be very costly for everyone involved!
Sure...I am not planned to start anything on an IX soon.. may be not at all..
Hello. We would be glad to set up peering with you. our AS peer for ipv6 is AS6762
You operate Sparkle?
inb4 you announce 8.8.8.0/24 and it actually gets sent out to every peer in the exchange
/no more DNS for u
if I announce anything within my address space allocated by a LIR (/44), it does not make any harm to anyone, right? I am really confused about the statement "Do not break the internet", is it so easy to break it ?
Yes.
If the only route you export is your prefix than yes damage will be kept at minimal unless you start leaking routes than that is a whole new headache
when you don’t know the consequences of announcing 8.8.8.0/24
make sense. then I believe I don't make any harm
I know that google DNS has at least 15% of market share...just for curiosity, what is the penalty for someone intentionally or unintentionally announce someone's address space?
$7.