All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Is it possible to access BGP anywhere for free? / IPv6 block anyone?
Hi folks,
this might be one of those stupid questions, but I really wanted to ask. I'm a computer engineer interested in networking, and dealing with BGP is one of those pending issues for me. I was able to study and use most of the protocols, but finding access to a real BGP session has been the hardest task for me.
I understand the security issues involved with BGP, but I wonder if it's possible to have access in a way that I can't announce but only resolve routes.
I think HE allows access to a BGP session when you want to announce a IPv6 block, but I don't own any of this blocks.
Can anybody shed some light on this?
Is it possible to access BGP without announcing?
Is it possible to access BGP through HE when bringing my IPv6 block? In that case, can anybody provide me one of these? :P
Thanks,
lm
Comments
BGP looking glass from one of the bandwidth carriers is an option. Other option is to get someone with access to lookup routes for you.
If you're in the RIPE service region, you can get a Provider Independent IPv6 network and an AS Number from them. Then, you can use Tunnelbroker with a BGP tunnel.
How much would that cost?
Providers generally charge from 100 - 200 EUR setup/year for that. And before the cheap LET pissers are complaing: yes, it is fair to charge for this service. There is work involved and the provider needs to be RIPE LIR that costs almost 4k in the first year, plus another 2k/yr after.
Tunnelbroker/BGP = free
That seems like a rather cheap way to get an own address space to play around with. Do you know if Ripe usually accepts IPv6 PI requests from individuals (or small companies)?
Yes, did that several times now.
Yes, they do. I own 3x PI IPv6. If you require more than one, you have to provide good documentation.
But as written before, it costs money and you have to request throug a Spnsoring LIR.
Thanks, that sounds really interesting. Although i guess 100€/year is a bit expensive for a toy project
It generally becomes more expensive anyway. Many also want an ASN... That is often charged.
Then some native BGP Session generally costs some money.
Etc, etc
Or just use GNS3 to get some virtual Cisco switches, link them up with some VirtualBox VMs as well and build a BGP testlab.
http://www.getnetworking.net/ got a few BGP labs you could try to replicate and extend.
Another alternative for learning is dn42 but playing around in the real world is much more fun
Thank you for your comments!
I am really surprised by dn42 project, and it led me to ChaosVPN. I will definitely experiment with those before jumping into the public internet world.
Cool, looking at dn42 now as well.
Any security implications other than securing my node properly? They don't route any traffic to the outside like TOR, right? I'd like to install this on several VPS and then have a nice internal network and also peering in the different locations
@patrick7
Where can I find a LIR that does this?
i can give you a /48 you can announce everywhere, have to charge for ASNs though.
I'd filter received prefixes just incase someone announces something they shouldn't be, last time I played with DN42 there were a lot of announcements for RFC1918 space outside the DN42 ip ranges.
Also if the router/network you are testing DN42 is on is carrying live traffic (such as your home router) then configure the appropriate ACL/Firewall rules.
RIPE operates a list of LIRs: https://www.ripe.net/membership/indices/
I think the /48 offered by william is not independent. That means, you can use it, but you don't own it (as you do with PI).
Exactly, my offer is sub-delegated PA (=you can create your own smaller subnet RIPE entries yourself and it is fully on your data) space, not transferable PI (which costs you 50EUR on your RIPE account, i can offer this for around 100EUR/year).
Also just got started with dn42, always wanted to mess around with such stuff too and ofcourse dn42 is way cooler than using a 3-4 virtual Cisco switches. Tell me if you should get everything up and running, would be nice to get some additional peerings!
http://tb.netassist.ua/ also gives you BGP over tunnel if you have a public ASN and IP space. RIPE ASNs cost around 100EUR one time (HE+Netassist tunnel = multihomed, solid reason for an ASN), IP space costs you from nothing (PA) to ~100EUR/year (PI, hard to justify anything larger than a /48).
Yes, it's hard to justify, but it's possible. They had to involve their management about my second request :-) My third request was accepted after some (stupid) questions (are you using the assigments in the same network? -> No, as you can see in the network plan) ;-)
Is getting an own ASN really as easy as saying that you need to be multihomed using HE and Netassist and paying 100€ one time, even for individuals? Are there any recurring costs?
Yes, also for individuals, requires a scan of your ID/Passport however. RIPE currently does not charge for ASNs so there should be no or low recurring costs in the 25-50EUR area.
There are no recurring fees for an ASN. It's also easy to receive one as an individual.
Yes, it's easy. You have to provide an unique routing policy (means: 2 different as numbers you peer with).
Actually they are planning to remove the multihoming requirement for ASNs.
And you would need to pay the LIR each year for the "independent resource" - ASN in this case.
no @rds100 - ASNs are now free and not within the 50EUR/year anymore (unless that recently again changed but i doubt it)
Cool, I might look into getting my own IPv6 space then Just for fun, €50 is like 6 beers Guess I need to find a sponsoring LIR
@William RIPE's "contractual requirements for provider independent resource holders" says that the LIR MUST charge some fee from the end user for this. Also there is currently discussion that RIPE should start charging LIRs again for the ASNs.
https://www.ripe.net/ripe/docs/ripe-452
...
Talk to @rauppe31 for the ASN, probably 100EUR one-time or around that, you can get a /48 PA for free from me or ask him for PI (probably around 100EUR/yr)