Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Offering BGP Session to VPS clients. Any downsides?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Offering BGP Session to VPS clients. Any downsides?

CloudxtnyHostCloudxtnyHost Member, Host Rep

I have always assumed that BGP sessions are only really necessary between providers but I have a VPS client asking if it's something We can offer and I am a little worried about the implications. At the expense of sounding naive, why would you need to setup a BGP session on a VPS?

Thanked by 1mcgree

Comments

  • JamChoiJamChoi Member
    edited October 2021

    It's me(: ticket id is #961429

    I'm studying how to use BGP.

    I have my own ASN, only for edu now.

    At the same time, I have a blog for VPS review, there is a tag about providers who suppport BGP Session

  • dfroedfroe Member, Host Rep

    If you want to learn how to use BGP, use DN42 or simply create you own lab with GNS3 where you can play with dozens of routers, create all kind of scenarios and mess up things, much more educating than just announcing a subnet on the public internet.

  • @dfroe said:
    If you want to learn how to use BGP, use DN42 or simply create you own lab with GNS3 where you can play with dozens of routers, create all kind of scenarios and mess up things, much more educating than just announcing a subnet on the public internet.

    Of course you are right, I can use DN42 or GNS3 instead of the very poor IPv6 subnet, but I also have the right to choose which one to use, don’t I? :smile:

  • stratagemstratagem Member, Host Rep

    Provided you confirm correct ROAs etc and ensure you have setup filtering correctly, then there is nothing wrong with it. We have a session up with @JamChoi currently.

  • If you are worried that the person who is learning bgp will let your network outage. You are not a good provider. BGP for VPS can let customer build their own network. BYO IP can let us receive less abuse such as BT/spam. Why do you question that

  • I'm on shared hosting, and need bgp too.:)

  • ZappieZappie Member, Host Rep, LIR

    Like others said. You should get your network set up to stage that it’s idiot proof. You can never trust your client to have proper config and your filters and policies should be implemented and be strict. If you have proper rules I place the worse your client can do is simply take their own asn down

    Thanked by 2JamChoi mcgree
  • stratagemstratagem Member, Host Rep

    @onemanshow said:
    I'm on shared hosting, and need bgp too.:)

    Shared hosting won't let you run a BGP daemon such as Bird. You'll need a small VPS at the least.

  • @onemanshow said:
    I'm on shared hosting, and need bgp too.:)

    You need VPS to run BGP, you can see my reviwe from my blog (It's for Chinese User, you may need a translator) or http://bgp.services/ (I tried to send an email to BGP.Service to provide more records, but they didn't seem to reply.)

  • I think dedicated servers should provide BGP services, VPS looks a bit ridiculous and DN42 is better if you really want to test it.

  • mcgreemcgree Member
    edited October 2021

    I'm not upstream myself, but I've seen a lot of people's route filters are directly import all/export all, and I don't think it's very good, at least, you have to have some knowledge of the network, and I don't think a single-host BGP session is necessarily a good thing, and there are a lot of Players who like to use tunnel access just to refresh the number of Peers on HE, before there is a person who wants to buy a 4-digit ASN?

    I have another question, should I be allowed to access port 25 when using my own IP? (Thoughts on abuse)

    Thanked by 1CloudxtnyHost
  • @mcgree said:
    I'm not upstream myself, but I've seen a lot of people's route filters are directly import all/export all, and I don't think it's very good, at least, you have to have some knowledge of the network, and I don't think a single-host BGP session is necessarily a good thing, and there are a lot of Players who like to use tunnel access just to refresh the number of Peers on HE, before there is a person who wants to buy a 4-digit ASN?

    I have another question, should I be allowed to access port 25 when using my own IP? (Thoughts on abuse)

    I see, to be honest, I have as least 12 Upstreams(now from bgp.tools AS53667, AS34927, AS202297, AS212815, AS6939, AS397373, AS208478, AS36369, AS20473, AS53356, AS41108 and AS59947) and I have joined in KleyReX, LocIX Frankfurt(10Gbps) and UNM-Exch Canada-West.

    I also use tunnel access to join some Virtual IX(PyramIX, HamroIX) and peer with my friends.

    :smile:

  • jarjar Patron Provider, Top Host, Veteran

    @stratagem said:
    Provided you confirm correct ROAs etc and ensure you have setup filtering correctly, then there is nothing wrong with it. We have a session up with @JamChoi currently.

    Now you have to write a postmortem for a privacy breach.

    I kid :joy:

    Thanked by 1stratagem
  • typicalGtaTGtypicalGtaTG Member, Host Rep

    @Zappie said:
    Like others said. You should get your network set up to stage that it’s idiot proof. You can never trust your client to have proper config and your filters and policies should be implemented and be strict. If you have proper rules I place the worse your client can do is simply take their own asn down

    A great person once said "Nothing is idiot proof" and I know the person, because he's an idiot... he's also me.

    Thanked by 1Zappie
  • jmgcaguiclajmgcaguicla Member
    edited October 2021

    @JamChoi said:
    Of course you are right, I can use DN42 or GNS3 instead of the very poor IPv6 subnet, but I also have the right to choose which one to use, don’t I? :smile:

    Provider also has a right to deny your request, doesn't it? :smile:

  • stratagemstratagem Member, Host Rep

    @typicalGtaTG said:

    A great person once said "Nothing is idiot proof" and I know the person, because he's an idiot... he's also me.

    I agree with the sentiment, but short of a bug in whichever daemon is serving your BGP sessions any provider side issues caused by a downstream are on the provider for buggering up their filters.

    Thanked by 1typicalGtaTG
  • JeDaYoshiJeDaYoshi Member
    edited October 2021

    I operate an ASN alongside a group of friends. We use it for education, but we also do other things such as provide IPv6 to our servers and personal computers/networks which don't have any operational IPv6 (and in cases like mine, it's currently not possible to get IPv6 with any providers). We also deal with a bunch of services, although nothing commercial atm.

    I personally am up for VPS providers that support BGP sessions, since we can keep the budget low while also being able to deal with that properly. I'm not sure we have a lot of money to throw it purely to dedicated servers, even though in the LowEnd market you can count in your hand how much of them let you have BGP sessions or to bring your own IPs afaik.

    Yeah, there are some little issues - but as long as you verify the user has ownership to the IP ranges they want to announce (RPKI/ROAs) and have some limits (such as how much prefixes can an user announce, to avoid getting your sessions tripped by your upstreams...) it should be fine. But this is the standpoint of a customer. :)

  • @jmgcaguicla said:

    @JamChoi said:
    Of course you are right, I can use DN42 or GNS3 instead of the very poor IPv6 subnet, but I also have the right to choose which one to use, don’t I? :smile:

    Provider also has a right to deny your request, doesn't it? :smile:

    yep, this is his right, but I just ask Do you support BGP Session? not Hey bro, you must establishe BGP Session with me

    And to be honest, CloudxtnyHost doesn't deny my request

  • CloudxtnyHostCloudxtnyHost Member, Host Rep

    To be fair I don't see anything particularly wrong with it, as long as no pernicious intentions are afoot . Just curious why anyone would want to do it on a VPS, So all of this has been riveting insight.

  • JeDaYoshiJeDaYoshi Member
    edited October 2021

    @CloudxtnyHost said:
    Just curious why anyone would want to do it on a VPS, So all of this has been riveting insight.

    One of the use-cases are what I mentioned. Not everyone wants to get a full-blown dedicated server to use as a router, some people want to keep things separated, or sometimes budget gets in the middle. Or if you want to do anycasted stuff with minimal things or some which are not as resource-intensive (aka. tunnelling/DNS/small CDN/etc.) - you don't need a lot of resources to do it, so a VPS is an understandable choice for it.

    Obviously there are more use-cases, but these are the first that come to mind.

  • @CloudxtnyHost said:
    Just curious why anyone would want to do it on a VPS

    BGP route collectors are a common use case which doesn't involve any announcements

  • stratagemstratagem Member, Host Rep

    @JeDaYoshi said:
    have some limits (such as how much prefixes can an user announce, to avoid getting >your sessions tripped by your upstreams...) it should be fine. But this is the standpoint >of a customer. :)

    If your upstreams are binning your sessions for having a large amount of valid prefixes then I'd be looking for new upstreams.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @stratagem said: If your upstreams are binning your sessions for having a large amount of valid prefixes then I'd be looking for new upstreams.

    Just ask for a prefix increase? Many upstreams will have hard prefix limits to stop anything funny from happening but then will gladly increase it.

    Francisco

    Thanked by 1JeDaYoshi
  • @stratagem said:
    If your upstreams are binning your sessions for having a large amount of valid prefixes then I'd be looking for new upstreams.

    I mention this pretty much for the reason @Francisco mentions - although I've not ran into any issues when validly announcing prefixes myself.

  • stratagemstratagem Member, Host Rep

    If it were a crazy increase (I don't know, 200% extra prefixes or something) then sure but don't drop a session, email/phone the NOC line instead first is all I'm saying otherwise.

Sign In or Register to comment.