On Sun, 14 Jun 2015, Brian Kantor wrote:
Date: Sun, 14 Jun 2015 18:20:22 -0700 From: Brian Kantor Brian@ucsd.edu Reply-To: AMPRNet working group 44net@hamradio.ucsd.edu To: AMPRNet working group 44net@hamradio.ucsd.edu Subject: Re: [44net] AMPRNet Interoperability with BGP
(Please trim inclusions from previous messages) _______________________________________________ On Sun, Jun 14, 2015 at 05:26:26PM -0700, Tim Osburn wrote:
This only requires at least 1 (or more) ISP (or companies running BGP) willing to setup a BGP over GRE tunnel to Brian's server to make this work. There are currently two ISP I know of willing to do this if Brian is willing to do this on the AMPRnet Server shown in the drawing.
I'm willing but not able. The server 'amprgw' is an old FreeBSD system that doesn't understand GRE. We have been discussing updating it to a more modern system (both hardware and software) but at this point it doesn't seem like that's going to happen. We've not been able to identify ANY router product that can do what the gateway needs to do in order to replace 'amprgw'.
I have an alternative suggestion, which would be to find an ISP or two that are willing to take over the IPIP tunnel routing.
They would BGP advertise /24 summary routes for the smaller tunnels, as well as appropriate routes for the wider tunneled subnets. That way there is no fixed route that blinds the tunnels to the BGP subnets. UCSD could still advertise the 44/8 overarching route (which I strongly believe is essential to preventing prefix hijacks), but since there would be more specific routes for the BGP and tunnel subnets, that wouldn't matter. It would only be necessary for the tunneled gateways to change their tunnel endpoint address -- there is no need for tunneled gateways to suddenly have to change software or overall configuration.
Flaws?
- Brian
If we did BGP over IPIP would that work? Are you able to run Quagga or something that can do BGP/Routemaps on your FreeBSD box? What version of FreeBSD is it?
Is the CAIDA telescope a external system? Perhaps a SHIM box with quagga & GRE Tunnels between CAIDA & amprgw?
Tim Osburn www.osburn.com 206.812.6214 W7RSZ
On 6/14/15 10:00 PM, Tim Osburn wrote:
If we did BGP over IPIP would that work? Are you able to run Quagga or something that can do BGP/Routemaps on your FreeBSD box? What version of FreeBSD is it?
<me thinking out loud>
GRE has been supported from Freebsd 4.8. We can probably do this using PPPoE which has been supported since 3.4 if it's that old. BGP multihop would work just to exchange routing information, with the encap happening on the amprgw box.
I think traffic from the IPIP network may not work as the northbound interface from the (GW to UCSD) is where the 44/8 route exists so traffic would not be able to get out to other 44/8 destinations. But we can do this routing over a static IPIP tunnel (ALU/JNPR/CSCO/mikrotik support it) if we can't get GRE.
A diagram and details of the routing at UCSD would help (I've seen the one, but it's not specific)
Is the CAIDA telescope a external system? Perhaps a SHIM box with quagga & GRE Tunnels between CAIDA & amprgw?
Announcing the /8 will not prevent route hijacking, there are other ways to monitor it as well. What would be cool is to get RPKI setup, more and more people are running it. (AMPRNET could be cutting edge!)
Thoughts?
If we did BGP over IPIP would that work? Are you able to run Quagga or something that can do BGP/Routemaps on your FreeBSD box? What version of FreeBSD is it?
Is the CAIDA telescope a external system? Perhaps a SHIM box with quagga & GRE Tunnels between CAIDA & amprgw?
Tim Osburn www.osburn.com 206.812.6214 W7RSZ
Updated drawing: https://www.osburn.com/amprnet-150614-1.1.1-bgptunnels.jpg
Tim Osburn www.osburn.com W7RSZ
-
Bryan Fields -
Tim Osburn