23 Jul
2013
23 Jul
'13
6:03 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear YLs and OMs,
I would like to restart the discussion about a decentralized BGP setup
for the 44net. I have thought about some kind of trial to test several
aspects of a non-central gateway approach.
So far I have come up with a few "challenges" for the trial.
- - AS Number (I can provide one for the trial, we may decide later on
what to do if and when this project goes to production)
- - IP Network (for the trial the test range 44.128.0.0/16 might be a
suitable candidate)
- - BGP Peers providing BGP session, bandwidth and a static IP address
for the trial (I can provide one peer in LX)
- - Inter-Gateway Tunnel setup (which protocol should we use? How do we
cope with lowered MTU and filtered ICMP Packet-to-big messages?)
- - Downstream tunnels (What kind of tunnel technology/protocols are we
offering? Can a subnet have upstream tunnels to several gateways?)
- - iBGP setup (How do we handle gateways with different available
upstream bandwidth? How do we redistribute routes for connected subnets?)
- - Packet filtering (Will we be using the current model of RDNS
activates access to/from the Internet? RDNS could be useful even for
hosts that shouldn't have access to/from the Internet, eventually
access to/from the Internet should be decoupled from RDNS.)
- - Test scenarios, how are we going to test different situations?
- - probably much more issues to handle (I haven't thought about the
details as long as the basics haven't been discussed)
What are your thoughts and who is willing (and able) to help with the
trial (as a gateway and/or a subnet tunnel server)?
73 de Marc, LX1DUC
- --
http://lx1duc.mcs.tel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJR7v2YAAoJEHFIN1T8ZA8vJSQQAIFoXAKTS7IKJ6SxRavGb0oa
ySXvtPQg1TjhU5bGkN46efSQkAhsY7BcOg+3JwNTVEpTW5ZLO3ieN1kRKcgD/uVh
fI4z70HeFvQJeE6l2TeZxYkKU45fNEBKNQHqRRn2QU7wOHqvhOtr+jjR4UswbWIG
PyFoUEF/T7wd2jpZ6O0hA4buOy+DnMpBUeUQCQIeu7xs5+YpFGc1D21Fbo5b24FG
GLTUl4b+ssYdLf+CiFy1TlOu1wLOZorZ3DrYjexxGvpUzEUHjrazNr/pUKIc1WMq
zs3cQFTKNyjWf984Ty8WeuKrP/oy5gNFIbTmxlzm4JNYqDjPpQXZ/3Cduu/ij8Yl
n1qDAwe+PDFHh1DUVTdgiy+3JSsUy7q2GwItiJG5pOtFasLeoWeLs9iXR5dNBqtD
E8O9R7WRL989igv2XXVitwpDaiiDIpZG47kkktljFfhSiY6RtiozQRuuncQzm6bQ
0Ixl0u1Ne0B8aeQqfzUDfs6UqtoRPPoqJbRFimD22tAZg9dn50z180jU3b5oc/xX
tD06xi2CwscFLPlRknxxj/TFDfySjOHOJCmGPHUR/uBIs7ABqciY5NVkNpmPklUa
A3AW4J0uwVTB3iUpuZXktny/epj6ULg3R/FMU5Ym8Y9XFgp52km+vCvsbg9bPhtv
DQ22F6oMccLigj/6h0I+
=8ova
-----END PGP SIGNATURE-----
24 Jul
24 Jul
1:02 p.m.
On Tue, Jul 23, 2013 at 5:03 PM, Marc, LX1DUC <lx1duc(a)rlx.lu> wrote:
What are your thoughts and who is willing (and able) to help with the
trial (as a gateway and/or a subnet tunnel server)?
I'm a network engineer at another University in the midwest US and I
*might* be able to convince our routing guru to let us be a BGP peer and I
could setup another tunnel end point box.
I would need explicit details on how this would work and a the potential
risks and plans for their mitigation before I approach him.
We don't have earthquakes, just tornados and floods :-)
No promises however.
-Neil
--
Neil Johnson -N0SFH
http://erudicon.com
5:19 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 24/07/2013 19:02, Neil Johnson wrote:
I'm a network engineer at another University in
the midwest US and
I *might* be able to convince our routing guru to let us be a BGP
peer and I could setup another tunnel end point box.
Great one more OM on board.
I would need explicit details on how this would work
and a the
potential risks and plans for their mitigation before I approach
him.
Very valid point. Out of the box I can think of a few risks (bandwidth
usage, # of routes announced, BGP flapping, routing loops,
unauthorized announcements, etc) that we need to discuss. This is also
one of the reasons I proposed this as a trial using for example
44.128.0.0/16 and not the whole 44.0.0.0/8.
We don't have earthquakes, just tornados and
floods :-)
That's another part of the risk analysis but also a reason why
multiple gateways might be a good idea.
73 de Marc, LX1DUC
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJR8ETYAAoJEHFIN1T8ZA8vebwP/0YDODQyqLRfWO45Mo/6UYOY
mIJRMkLeXXXz0FNBOkKRNKLAusRlRiQQaTDEFb8qIGl+05vBVXQ2p48DddMEwlNj
ssN89yUylT6KGfVSoKEArKeQSX+ONi9L0Zhd4WN0Sv/zKCcq5TM7sAQQmBhQxaPq
YYqkZeFjqqxT1Tn8y46UZ7mtBYTqghDdLLsXpEqrYmW2McXkg2BFFdGwdC/hGxQr
7FExft9N2KD7VoVFOCbNWTOffxZrXMdd/akokQJ7G3/9pnOdqn7Sbo6FXKZdHF9U
hPQrtgqkBg7IX0lcHJbKPXt5mLP/ZFeT4u/+NVu6H1aFBlbU/ygr4lvf3AtpoxE8
t+cfDDMOkIMI6AFzGyV/WMTdusWjhCNStXSFQmSFmrJeg1XgvUwdVyU0Y15hfHoq
sXIaymE3IEFiDIr4FZwF/bJxGUYIkUBis0uRrk+A9gS0AfNHrF0/+NGHndOROVBj
qupP0CBUTkHbBkaFeN/2V0OLX9ZIRL12Q+++bk5RRsYlejrkcO0gFrdDZpJV/gVl
x03zRvwh6cPDQbvJz7CmpObTzhtGbqn2mOYARV2UumjlB6ldDWyBfeZQeuEYSr4O
FILLDkcwvzQZEPKJU9jm3V4n0jfjrm24a4oksbIfPnF7Wf0TSzN2bBvYC+xS2a+l
DmUf4kCF8N3YnIluROWL
=C9XQ
-----END PGP SIGNATURE-----
5:19 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 24/07/2013 19:02, Neil Johnson wrote:
Great one more OM on board.
Very valid point. Out of the box I can think of a few risks (bandwidth
usage, # of routes announced, BGP flapping, routing loops,
unauthorized announcements, etc) that we need to discuss. This is also
one of the reasons I proposed this as a trial using for example
44.128.0.0/16 and not the whole 44.0.0.0/8.
That's another part of the risk analysis but also a reason why
multiple gateways might be a good idea.
73 de Marc, LX1DUC
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJR8ETWAAoJEHFIN1T8ZA8vjcsP/iSaCtgNIKsGhQO+kEX9M1Y3
6QNOmFiCD8CHST+fOYEy4Fr/aVnTOkF/1zDcuVPwJQ9pxQfnjw5eAbar3caVe4bO
8XGiNeZdLXpikvBsl3EM67sMl8qvKlaFR2FfNi9bc3B/1ul+P/c2970mytaC/xpH
hG4rSRs8JtULs8RoxCwepC4ZgoK6lMQuSg+FuFTzsGjuj0RaQ8A4HX2jZjDSmw7i
AlaZfI5SIG8HXOOvmtJh+a+Kpk0Od32zzsDqlJcMCwTSpRnn9tbRIRajOfupt7Rg
yGt+rENHX/Q0j2Pwi84a2j+WDvTgIe6lHlYn7YQjvlIJ9WkKKIvgHdkIT3ZaXwsg
EalJKu9khc5J1siiZYK7v/N2XKB2pA7O+9rsiloNLPM5V9KvUu0fNPadmoiiZJYI
a1MwC8/EroLIYDBRWQk335AfalJC7cBk2/zhbVEPxdkPR2T1UX5yXnp66ALWFeLv
ZF0IbAr9eqcFNZ6DYEqUkECEFsCds16law/HiIUT+DtI6QEHdu3Uiwm9lBue8zvA
Dg6oBt8c7kh3fD3q64LNgAZB4K3jCXznd9ZyH2y6rEOJ4xgGSpgBrRzaMCGUpgjQ
sBD1hT6JX3BC46N6ExejSbB3u6DJRVaYqSMSIUiDqKOW2dtG5rDNfC/H1pD71WMN
4sONmMDK4gD1kh7/4hCG
=/o2t
-----END PGP SIGNATURE-----
4138
days inactive
4139
days old
3 comments
2 participants
participants (2)
-
Marc, LX1DUC -
Neil Johnson