[187521] in North American Network Operators' Group
Re: algorithm used by (RIPE region) ISPs to generate automatic BGP
daemon@ATHENA.MIT.EDU (Jared Mauch)
Thu Feb 4 11:33:00 2016
X-Original-To: nanog@nanog.org
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <alpine.DEB.2.11.1602041248010.93507@pyrite>
Date: Thu, 4 Feb 2016 11:32:54 -0500
To: Henrik Thostrup Jensen <htj@nordu.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
> On Feb 4, 2016, at 6:58 AM, Henrik Thostrup Jensen <htj@nordu.net> =
wrote:
>=20
>> In addition, in case of "as-set", an ISP needs to recursively find =
all the AS numbers from "members" attributes because "as-set" can =
include other "as-sets"?
>=20
> Some irrd servers, can expand this automatically (I think). But =
seriously, use a tool for this.
>=20
>> Quite a lot of question, but I would simply like to be sure that I =
understand this correctly.
>=20
> There are basically two abstractions:
>=20
> 1. as-set. Can contain other as-sets or as numbers.
> 2. prefixes are registered to an as-number.
>=20
> Remember that there are multiple IRR servers, and they mirror each =
other.
>=20
> Use http://irrexplorer.nlnog.net/ to play around a bit :-).
>=20
Yes. We record the customer ASN and the AS-SET for each AFI (v4|v6) and =
expand these and push updated lists to devices daily or on demand based =
on customer need.
You should be able to build off any of the mirrored IRRds out there as =
they all mirror each other, often with minimal lag (5-30 minutes).
The days of fetching via FTP once a day are long gone and a relic of the =
past.
I recommend using AS-PATH combined with prefix filters to keep your =
pants on. Rejecting things like networks you may get transit from from =
customers, and peers helps avoid feeding my route leak system. =
http://puck.nether.net/bgp/leakinfo.cgi
You should also not be using any IOS devices for BGP as documented in =
CSCuq14541 where they leak the full table.
- Jared
