Re: Inexpensive software bgp router that supports route tags?
David, check out exabgp https://github.com/Exa-Networks/exabgp james On Wed, Jul 1, 2015 at 8:19 AM, David H ispcoloh...@gmail.com wrote: Hi all, I was wondering if anyone can recommend a software (preferable), or hardware-based router with an API, that supports BGP with tags on advertised routes? I want to use it for a RTBH feed and having it in software would make certain things easier to automate. I tried Quagga/Zebra but it doesn't support tags. I see Mikrotik hardware routers have an API, but I can't tell if the API supports adding BGP networks, so I need to investigate that further. I can go hardware if I have to, with some ssh/expect scripts, but thought there may be other options that are easier. Thanks, David
Inexpensive software bgp router that supports route tags?
Hi all, I was wondering if anyone can recommend a software (preferable), or hardware-based router with an API, that supports BGP with tags on advertised routes? I want to use it for a RTBH feed and having it in software would make certain things easier to automate. I tried Quagga/Zebra but it doesn't support tags. I see Mikrotik hardware routers have an API, but I can't tell if the API supports adding BGP networks, so I need to investigate that further. I can go hardware if I have to, with some ssh/expect scripts, but thought there may be other options that are easier. Thanks, David
Re: Inexpensive software bgp router that supports route tags?
FYI, Mikrotik is software (ROS) you can run it on an x86 platform (physical or virtual machine). Not sure about the API and BGP, but they have extensive support for scripting. Additionally check the Mikrotik Forums for other user developed API/Interfaces... Regards. Faisal Imtiaz Snappy Internet Telecom - Original Message - From: David H ispcoloh...@gmail.com To: nanog@nanog.org Sent: Wednesday, July 1, 2015 11:19:45 AM Subject: Inexpensive software bgp router that supports route tags? Hi all, I was wondering if anyone can recommend a software (preferable), or hardware-based router with an API, that supports BGP with tags on advertised routes? I want to use it for a RTBH feed and having it in software would make certain things easier to automate. I tried Quagga/Zebra but it doesn't support tags. I see Mikrotik hardware routers have an API, but I can't tell if the API supports adding BGP networks, so I need to investigate that further. I can go hardware if I have to, with some ssh/expect scripts, but thought there may be other options that are easier. Thanks, David
Re: Inexpensive software bgp router that supports route tags?
Quagga supports BGP communities, Mike On Wed, Jul 1, 2015 at 11:19 AM, David H ispcoloh...@gmail.com wrote: Hi all, I was wondering if anyone can recommend a software (preferable), or hardware-based router with an API, that supports BGP with tags on advertised routes? I want to use it for a RTBH feed and having it in software would make certain things easier to automate. I tried Quagga/Zebra but it doesn't support tags. I see Mikrotik hardware routers have an API, but I can't tell if the API supports adding BGP networks, so I need to investigate that further. I can go hardware if I have to, with some ssh/expect scripts, but thought there may be other options that are easier. Thanks, David
Re: Inexpensive software bgp router that supports route tags?
My voice for awesome ExaBGP too! On Wednesday, July 1, 2015, harbor235 harbor...@gmail.com wrote: Quagga supports BGP communities, Mike On Wed, Jul 1, 2015 at 11:19 AM, David H ispcoloh...@gmail.com javascript:; wrote: Hi all, I was wondering if anyone can recommend a software (preferable), or hardware-based router with an API, that supports BGP with tags on advertised routes? I want to use it for a RTBH feed and having it in software would make certain things easier to automate. I tried Quagga/Zebra but it doesn't support tags. I see Mikrotik hardware routers have an API, but I can't tell if the API supports adding BGP networks, so I need to investigate that further. I can go hardware if I have to, with some ssh/expect scripts, but thought there may be other options that are easier. Thanks, David -- Sincerely yours, Pavel Odintsov
Re: Inexpensive software bgp router that supports route tags?
On Wed, Jul 01, 2015 at 11:19:45AM -0400, David H wrote: I was wondering if anyone can recommend a software (preferable), or hardware-based router with an API, that supports BGP with tags on advertised routes? I want to use it for a RTBH feed [ ... ] Did you look at BIRD? It is one of the most beautiful open source BGP speakers: http://bird.network.cz/ BIRD does not have anything like an restful API, but you can just generate the config file and reload it on the fly to accomplish the same. Can you elaborate on what you mean with 'tags'? Could you use BGP communities instead? Kind regards, Job
Re: Inexpensive software bgp router that supports route tags?
Sorry I wasn't clear on that. Traditionally on a hardware, e.g. cisco/brocade, router performing the RTBH role, I'd add blackhole routes by way of static routes with a particular tag; one tag for block this source, one tag for block this destination. Redistribute static would let route maps operate against those tags to turn into bgp communities being applied to the announcements, and then the real routers can do what they need to do. When I tried out Quagga/Zebra as an alternative, it doesn't work this way, so while it was nice that it could pick up static routes from the OS, or have them added manually just like a hardware router, there was no concept of the route tag getting to Zebra for it to do the rest of the work on the BGP side. I'll check out Bird too; thanks. On Wed, Jul 1, 2015 at 3:41 PM, Job Snijders j...@instituut.net wrote: On Wed, Jul 01, 2015 at 11:19:45AM -0400, David H wrote: I was wondering if anyone can recommend a software (preferable), or hardware-based router with an API, that supports BGP with tags on advertised routes? I want to use it for a RTBH feed [ ... ] Did you look at BIRD? It is one of the most beautiful open source BGP speakers: http://bird.network.cz/ BIRD does not have anything like an restful API, but you can just generate the config file and reload it on the fly to accomplish the same. Can you elaborate on what you mean with 'tags'? Could you use BGP communities instead? Kind regards, Job
Re: Inexpensive software bgp router that supports route tags?
Thanks all; I'll check out ExaBGP and the software version of Mikrotik; didn't realize it wasn't tied to hardware. On Wed, Jul 1, 2015 at 11:19 AM, David H ispcoloh...@gmail.com wrote: Hi all, I was wondering if anyone can recommend a software (preferable), or hardware-based router with an API, that supports BGP with tags on advertised routes? I want to use it for a RTBH feed and having it in software would make certain things easier to automate. I tried Quagga/Zebra but it doesn't support tags. I see Mikrotik hardware routers have an API, but I can't tell if the API supports adding BGP networks, so I need to investigate that further. I can go hardware if I have to, with some ssh/expect scripts, but thought there may be other options that are easier. Thanks, David
Re: Inexpensive software bgp router that supports route tags?
On 07/01/15 15:47 -0400, David H wrote: Sorry I wasn't clear on that. Traditionally on a hardware, e.g. cisco/brocade, router performing the RTBH role, I'd add blackhole routes by way of static routes with a particular tag; one tag for block this source, one tag for block this destination. Redistribute static would let route maps operate against those tags to turn into bgp communities being applied to the announcements, and then the real routers can do what they need to do. When I tried out Quagga/Zebra as an alternative, it doesn't work this way, so while it was nice that it could pick up static routes from the OS, or have them added manually just like a hardware router, there was no concept of the route tag getting to Zebra for it to do the rest of the work on the BGP side. We're using Quagga to inject blackhole routes upstream, which can match routes on the OS's metric value: # IPv4 blackhole ~$ ip route add 203.0.113.42/32 dev lo metric 666 ! route-map map_bad_routes permit 10 match metric 666 set community x:yyy ... ! -- Dan White
Re: Inexpensive software bgp router that supports route tags?
+1 for BIRD.
Basically, what you want is to have several different static (blackhole)
routes, and be able to differenciate them at BGP level, for marking with
communities, etc. Correct?
This is easy with BIRD. Just use separate instances of the static
protocol, and filter using proto to distinguish between them.
E.g.:
protocol static default_sink {
# sink all local prefixes by default, to avoid loops
# (low localpref, let other routes override us)
import filter { preference = 1; accept; };
route 192.0.2.0/24 blackhole;
}
protocol static forbidden {
# these guys looked at me the wrong way
route 198.51.100.0/24 blackhole;
}
protocol static temp_block {
# DDOS mitigation, etc
route 203.0.113.17/32 blackhole;
}
protocol bgp customer1 {
export filter {
if proto = default_sink then reject;
if proto = temp_block then set_tempblock_community();
if proto = forbidden then do_other_stuff();
}
# ...
}
On 07/01/2015 08:47 PM, David H wrote:
Sorry I wasn't clear on that. Traditionally on a hardware, e.g.
cisco/brocade, router performing the RTBH role, I'd add blackhole routes by
way of static routes with a particular tag; one tag for block this source,
one tag for block this destination. Redistribute static would let route
maps operate against those tags to turn into bgp communities being applied
to the announcements, and then the real routers can do what they need to
do. When I tried out Quagga/Zebra as an alternative, it doesn't work this
way, so while it was nice that it could pick up static routes from the OS,
or have them added manually just like a hardware router, there was no
concept of the route tag getting to Zebra for it to do the rest of the work
on the BGP side.
I'll check out Bird too; thanks.
On Wed, Jul 1, 2015 at 3:41 PM, Job Snijders j...@instituut.net wrote:
On Wed, Jul 01, 2015 at 11:19:45AM -0400, David H wrote:
I was wondering if anyone can recommend a software (preferable), or
hardware-based router with an API, that supports BGP with tags on
advertised routes? I want to use it for a RTBH feed [ ... ]
Did you look at BIRD? It is one of the most beautiful open source BGP
speakers: http://bird.network.cz/
BIRD does not have anything like an restful API, but you can just
generate the config file and reload it on the fly to accomplish the
same.
Can you elaborate on what you mean with 'tags'? Could you use BGP
communities instead?
Kind regards,
Job
Re: Inexpensive software bgp router that supports route tags?
On 07/02/2015 04:23 AM, Israel G. Lugo wrote:
protocol static temp_block {
# DDOS mitigation, etc
route 203.0.113.17/32 blackhole;
}
Didn't make it clear in my example, but you can obviously have multiple
routes in a static instance:
protocol static temp_block {
route 203.0.113.17/32 blackhole;
route 203.0.113.28/32 blackhole;
# redirect to honeypot for gathering info
route 203.0.113.99/32 via 10.0.0.15;
}
