For #3, I generally ask for full route + a default. The default is for default information originate for OSPF. If there isn't a default in the routing table, my edge router won't advertise a default to non-bgb ospf peers. You don't want a static default in case the peer goes down.
On Mon, May 16, 2016 at 7:20 AM, Josh Baird <[email protected]> wrote: > Many providers refer to this as 'RTBH' (remotely triggered blackhole > filtering). > > Josh > > On Sun, May 15, 2016 at 10:21 PM, That One Guy /sarcasm < > [email protected]> wrote: > >> that request, lacking my fundamental understanding of the terminology, >> would be phrased how? >> >> On Sat, May 14, 2016 at 5:56 PM, Josh Baird <[email protected]> wrote: >> >>> Yes, it requires your upstream to support a blackhole BGP community. >>> This allows you to advertise host routes (/32 or smaller) to them using a >>> specific BGP community when you want your ISP to drop all traffic for the >>> prefix before it reaches you. This is -very- useful for DDoS defense. >>> >>> Josh >>> >>> On Sat, May 14, 2016 at 4:16 PM, That One Guy /sarcasm < >>> [email protected]> wrote: >>> >>>> That requires something specific? >>>> On May 14, 2016 7:33 AM, "Erich Kaiser" <[email protected]> >>>> wrote: >>>> >>>>> We have started requiring our upstreams to filter by ASN vs Netblock. >>>>> We are moving away from upstreams that do not utilize IRR Entries and >>>>> require intervention every time we want to make a change, but it is >>>>> continuous for us, so for most guys the one time setup is not a big deal, >>>>> plus the upstream has to be trusting enough that we will have the correct >>>>> filtering on our end. >>>>> >>>>> Steve, I would add Blackhole BGP community or session to your list. >>>>> >>>>> Erich Kaiser >>>>> The Fusion Network >>>>> [email protected] >>>>> Office: 630-621-4804 >>>>> Cell: 630-777-9291 >>>>> >>>>> On Sat, May 14, 2016 at 6:34 AM, Paul Stewart <[email protected]> >>>>> wrote: >>>>> >>>>>> Or, quite a number of carriers (especially in APAC, some carriers in >>>>>> Canada, a few in the US, and definitely a large number in Europe) will >>>>>> say >>>>>> “do you have an IRR entry at RADB?” and if you say yes then they will use >>>>>> the route object information but if you say no then they will tell you to >>>>>> open a ticket with their NOC each time you have a prefix to add/remove …. >>>>>> >>>>>> >>>>>> >>>>>> I’m actually surprised by the number of transit providers that don’t’ >>>>>> support automation via IRR >>>>>> >>>>>> >>>>>> >>>>>> Paul >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> *From:* Af [mailto:[email protected]] *On Behalf Of *Faisal Imtiaz >>>>>> *Sent:* May 13, 2016 9:25 PM >>>>>> *To:* [email protected] >>>>>> *Subject:* Re: [AFMUG] Upstream BGP Questionairre >>>>>> >>>>>> >>>>>> >>>>>> Let me clarify this a bit more... >>>>>> >>>>>> >>>>>> >>>>>> You are recommending that one creates it's own AS Object in the >>>>>> IRR..(aka learns and manages their own RR entries) (it really does not >>>>>> matter which IRR it is, at the end of the day they are all sort of >>>>>> synced, >>>>>> it is only a question of who is maintaining it, and who can provide help >>>>>> to >>>>>> newbies). .. BTW, I agree with this.. however .... >>>>>> >>>>>> >>>>>> >>>>>> Cause at the end of the day, someone in the up-stream is very likely >>>>>> to create the record for you, if it is needed by them... >>>>>> >>>>>> This is one of those things that most carriers find... "too much >>>>>> trouble to teach vs just do it for that network !" >>>>>> >>>>>> >>>>>> >>>>>> :) >>>>>> >>>>>> >>>>>> >>>>>> Regards. >>>>>> >>>>>> >>>>>> >>>>>> Faisal Imtiaz >>>>>> Snappy Internet & Telecom >>>>>> 7266 SW 48 Street >>>>>> Miami, FL 33155 >>>>>> Tel: 305 663 5518 x 232 >>>>>> >>>>>> Help-desk: (305)663-5518 Option 2 or Email: [email protected] >>>>>> >>>>>> >>>>>> ------------------------------ >>>>>> >>>>>> *From: *"George Skorup" <[email protected]> >>>>>> *To: *[email protected] >>>>>> *Sent: *Friday, May 13, 2016 7:15:26 PM >>>>>> *Subject: *Re: [AFMUG] Upstream BGP Questionairre >>>>>> >>>>>> I recommend adding your route or AS objects in ARIN's IRR. Merit RADb >>>>>> is not free. Most carriers use RADb, and RADb mirrors ARIN's IRR anyway. >>>>>> >>>>>> On 5/13/2016 3:49 PM, Faisal Imtiaz wrote: >>>>>> >>>>>> See answers in-line below:- >>>>>> >>>>>> >>>>>> >>>>>> Faisal Imtiaz >>>>>> Snappy Internet & Telecom >>>>>> 7266 SW 48 Street >>>>>> Miami, FL 33155 >>>>>> Tel: 305 663 5518 x 232 >>>>>> >>>>>> Help-desk: (305)663-5518 Option 2 or Email: [email protected] >>>>>> >>>>>> >>>>>> ------------------------------ >>>>>> >>>>>> *From: *"That One Guy /sarcasm" <[email protected]> >>>>>> <[email protected]> >>>>>> *To: *[email protected] >>>>>> *Sent: *Friday, May 13, 2016 11:35:10 AM >>>>>> *Subject: *[AFMUG] Upstream BGP Questionairre >>>>>> >>>>>> Im going to expose the breadth of my incompetence here, but there are >>>>>> some questions in this document I want to make sure im answering >>>>>> accurately >>>>>> >>>>>> 1. Are you the owner of the AS Number with RIR- This im assuming is >>>>>> our ARIN direct allocation? >>>>>> >>>>>> They are asking if you have a AS # assigned to you from ... (would be >>>>>> ARIN for North America). >>>>>> >>>>>> 2. Are you registered with an Internet Routing Registry? - Im not >>>>>> sure what this is, is this also ARIN or do I need to register something >>>>>> elsewhere? >>>>>> >>>>>> Routing Registry.... it is a way to build authorized prefixes from a >>>>>> DataBase... >>>>>> >>>>>> You can read up about it from here >>>>>> https://www.arin.net/resources/routing/ >>>>>> >>>>>> >>>>>> Justin Wilson did a blog about it too... >>>>>> http://www.mtin.net/blog/?p=245 >>>>>> >>>>>> >>>>>> >>>>>> and yes ARIN also provides a Routing Registry Service ... (along with >>>>>> a few others) >>>>>> >>>>>> >>>>>> >>>>>> 3. Which type of routes do you want to receive? - Full routes is >>>>>> what we want, but are there caveats in this answer I need to be prepared >>>>>> for? >>>>>> >>>>>> >>>>>> >>>>>> No Caveats, as long as your equipment is able to take full routes, >>>>>> then do so. >>>>>> >>>>>> >>>>>> >>>>>> 4. Do you have downstream ASNs? - I assume this would be customers >>>>>> with their own allocations? We currently do not, but do not want to close >>>>>> the door on that in the future. Is this something easily updated in the >>>>>> future? >>>>>> >>>>>> Answer this question in the Present.. (you don't have any so say >>>>>> no)... no future door is closed due to this... this is just info asked / >>>>>> collected for the upstream to be able to build their ACL filters.... >>>>>> (This >>>>>> is also a flag for them to collect your BGP LOA's as well as your >>>>>> Customers >>>>>> to you..) >>>>>> >>>>>> >>>>>> >>>>>> This becomes a mute topic, if you are versed in using the Routing >>>>>> Registry and maintaining your own Route Objects etc. >>>>>> >>>>>> >>>>>> >>>>>> 5. List all prefixes to be announced so that we can confirm the BGP >>>>>> ACL prior to activation: We only have a /22, but we do want the option >>>>>> down >>>>>> the road to pull /24 from one provider if need be. Would we list the /24s >>>>>> independently or the /22 as the aggregate? >>>>>> >>>>>> >>>>>> >>>>>> You want to ask them for the following:- >>>>>> >>>>>> >>>>>> >>>>>> xx.xx.xx.xx/22 please use the 'le 24' option with the filter. >>>>>> >>>>>> >>>>>> >>>>>> Note: this will have them build a filter that can accept larger >>>>>> prefixes between 24 - 22, so it is not a 'specific' filter... >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> 6. MD5 Password: On this is it standard practice to use the same >>>>>> password with all providers or different ones? >>>>>> >>>>>> >>>>>> >>>>>> Your choice... either way.... no big deal, as long as you keep track >>>>>> of them. >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> If you only see yourself as part of the team but you don't see your >>>>>> team as part of yourself you have already failed as part of the team. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> > > --
