BGP communities you’d want with your BGP powered VPS?

Francisco

Hello everyone,

With 2FA and ISO uploading now rolled out into Stallion I’ll be focusing on our next big addon: BGP sessions. This will allow you to announce your IP space (or if you don’t have any, do load balancing via ECMP of your slice instances).

The big thing I’m wanting to know is what BGP communities would you want access to? The main ones I see so far would be:

• Control which upstream your route goes out of (be it a full allow/deny, or prepends)
• Informational communities to know which upstream it was learned from
• Blackholing an IP address

Do you see a need to prepend against users within the location? So, other customers?

Once we got the communities and such worked out we figure we can get this built out in a couple weeks, depending on how busy I get with the New York upgrades.

Thanks!

Francisco

udonworld

Sounds great! Even more interesting since (afaik) no other providers do BGP sessions on VPS in Las Vegas nor Luxembourg.

It's nice to have:

• Communities passthrough to upstream
• Lower local preference within the location
• 1x, 2x, 3x prepend or no announce per upstream/peer, preferably ASN-based

Also, I like to see those implemented using extended or large communities so that they don't collide with upstream's.

Francisco

@udonworld said: Also, I like to see those implemented using extended or large communities so that they don't collide with upstream's.

Basically everything under my AS would be large communities I wouldn't want to be excluding AS32 users.

A few others have asked for tagging of all BGP users. I've been spending a bit of time tonight playing with BIRD and I think it'll go pretty nicely.

Passthrough would be no problem.

Francisco

zenki

Exciting! I would like blackhole communities.

By the way, when it releases, will it be available in all locations?

lorian

@Francisco Will you offer DDOS-Protection for BGP, too?

Hxxx

Great, thanks Francisco

Francisco

@lorian said:
@Francisco Will you offer DDOS-Protection for BGP, too?

Not for free, no. No one does that.

@HyperK9 said:
Exciting! I would like blackhole communities.

By the way, when it releases, will it be available in all locations?

Blackhole will be there as well as our autonull will automagically catch all subnets.

Yes, since there's no hardware requirements to deploy this we can roll out all locations at the same time New York will join NYIIX with the Ryzen move and if there's enough demand (maybe a fee of sorts, not sure) we can look at joining LU-CIX.

Francisco

SplitIce

• No export, No announce (including IX) and 1-3 prepends per upstream
• 0:$ASN passed through to IX (but not transit)
• All other communities that are not yours passed through to all peers
• /32 nullroute community

To prevent conflicts you can always use some space from within your own ASN or private ASNs. Private ASN range is usually better.

SplitIce

A knowledgebase page with your transit & peers and their coded ASNs would also be nice. Too many providers refuse to publish theirs making it more difficult than it needs to be to TE BGP.

Francisco

@SplitIce said: To prevent conflicts you can always use some space from within your own ASN or private ASNs. Private ASN range is usually better.

We'll be using large communities for all "Frantech" stuff, minus nullroutes which will use the standard :666.

We'll pass through all communities to upstreams as well as normalize adding/prepending to those upstreams.

Users will be able to put 53667:109:174 to stop announcements to Cogent or 53667:109:6939 to stop announcements to HE.

Francisco

Francisco

@SplitIce said:
A knowledgebase page with your transit & peers and their coded ASNs would also be nice. Too many providers refuse to publish theirs making it more difficult than it needs to be to TE BGP.

I'll document the 'always the same between all locations' right in the BGP page of each session (it'll show as a new tab in the Networking section of a VPS). For location specific a KB article would be good.

Francisco