Monday, June 19, 2023
HomeNetworkingRepair BGP Route Leaks « ipSpace.web weblog

Repair BGP Route Leaks « ipSpace.web weblog


I created a netlab topology you should use to follow BGP safety instruments I described within the Web Routing Safety webinar:

  • The lab topology mirrors the pattern topology I described within the Classification of BGP Route Leaks (RFC 7908) weblog publish with one router per autonomous system
  • BGP is configured on all gadgets, and EBGP periods are arrange between all directly-connected gadgets.

Lab topology (sadly circled)

Autonomous programs promote prefixes from three deal with ranges:

AS kind Tackle vary
Transit suppliers 172.16.0.0/16
Regional ISPs 172.17.0.0/16
Clients 172.18.0.0/16

I additionally created a customized configuration template that displays a typical ISP setup:

  • Buyer routes have BGP native choice 200. It’s at all times finest to ship visitors over hyperlinks another person is paying for.
  • Peer routes have BGP native choice 150. It’s higher to ship visitors over zero-settlement hyperlinks than over hyperlinks the place we have now to pay for transit.
  • Routes obtained from transit suppliers have default native choice. They’re used solely when we have now no customer- or peer routes to a vacation spot.

Whereas you should use the lab with any supported machine, I created the customized configuration template for FRR containers, Cumulus Linux, and Arista EOS.

I didn’t configure any BGP route filters, so that you’ll get tons of “easy” route leaks from prospects and friends, providing you with loads of alternative to determine easy methods to cease them. On high of that:

  • One of many prospects declares manner too many prefixes (a buyer shall not promote greater than two prefixes)
  • One other buyer is promoting an inner prefix from the ten.0.0.0/8 block
  • The third prospects is promoting a prefix that belongs to an ISP (you’ll discover the identical prefix is marketed as belonging to 2 totally different autonomous programs).
  • An ISP is promoting a /25 prefix that shouldn’t be propagated within the international Web

Repair the lab routing with BGP filters, don’t change the route ads.

Operating the Lab

The optimum technique to run the lab is with Linux containers:

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments