On 2008-11-02, Rod Whitworth <[EMAIL PROTECTED]> wrote: > There is an IPv4 /21 transit and an IPv6 /32 transit at the moment. No > BGP. > Enter a peering service which is to provide peering for those netblocks > over a pretty fat single link. (I don't know the bandwidth but I am > assured it is "big enough") > > I have ASNs for the peering outfit (PO) and the hosting service (HS). > The assumption conveyed to me was that the only BGP would be between > those two but I have my doubts that that is the right thing to do.
It would be usual to announce your networks over BGP sessions with both the peering outfit and the transit provider. > The PO has also requested that replies to traffic incoming via the PO > would return on the same path. I don't know if we can do that with bgpd > or to use pf. It took me a couple of days to work out what they mean here, but I think they just mean you should use a higher localpref on the peering routes than transit routes (but then you'd probably want to do that anyway). btw: asymmetric routing is totally normal on the internet. > At the moment the IPv6 traffic is pretty light and interruptions are > likely to be tolerated if short so I think I can use it to test how the > whole deal will work and just add IPv4 later to the config. > > I have also figured out all of the internal routing changes needed to > be able to cut over in seconds and fall back if needed on both v4 and > v6. I think starting with v6 only and later adding v4 complicates things. Where does the address space come from? is it an independent block or part of a larger allocation from one of the providers? is it announced as part of the transit provider's AS at present? > There, I have displayed my status as an absolute bgpd virgin: Where do > I go from here? > Everthing else I have done (mail, web, IPsec, OpenVPN etc) has been > able to be tested with some old PCs so that I could try stuff and it > didn't matter if it "broke", it was all isolated from the 'net. > > This one is different. yep, welcome to BGP routing ;-) you can test some things, but there's a point you just have to be reasonably sure that either the intended configuration or your backout plan are going to work and bite the bullet..
