This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
how_route_lacnic_ipv4_block_with_oneprovider [2018/01/24 18:38] admin |
how_route_lacnic_ipv4_block_with_oneprovider [2019/05/31 00:40] admin |
||
---|---|---|---|
Line 1: | Line 1: | ||
You need **have public IPv4** for the tunnel type in this howto. **One server with BGP session options** and talk to oneprovider to enable the option (it's not free, the price is on demand, here +50€/month). | You need **have public IPv4** for the tunnel type in this howto. **One server with BGP session options** and talk to oneprovider to enable the option (it's not free, the price is on demand, here +50€/month). | ||
- | Our ASN for the exemple is ASN 266671, announced route is: 45.225.75.0/24, oneprovider ASN is 61272 | + | Our ASN for the exemple is ASN 266671, announced route is: 45.225.75.0/24, oneprovider ASN is 9009 |
+ | |||
+ | Here we use limited MTU to work over PPP (GPON) | ||
+ | |||
+ | PS: 00:22:4d:a4:3b:51 from I receive my trafic (MITAC INTERNATIONAL CORP.) | ||
== Please add a route object from your LACNIC account pointing your range to your ASN 266671. == | == Please add a route object from your LACNIC account pointing your range to your ASN 266671. == | ||
Line 8: | Line 12: | ||
{{:lacnic-2.png?direct|}} | {{:lacnic-2.png?direct|}} | ||
- | == /etc/quagga/zebra.conf == | + | == /etc/bird/bird6.conf == |
- | ! | + | router id 37.120.157.227; |
- | ! Zebra configuration saved from vty | + | |
- | ! 2017/12/17 00:41:25 | + | protocol bgp ONEPROVIDER |
- | ! | + | { |
- | hostname XXXX | + | local as 266671; |
- | password XXXXXXXX | + | source address 2A0D:5600:X:2; |
- | log file /var/log/bgpd.log | + | import none; |
- | log stdout | + | export all; |
- | ! | + | graceful restart on; |
- | line vty | + | multihop 2; |
- | ! | + | neighbor 2A0D:5600:X::1 as 9009; |
+ | } | ||
+ | |||
+ | protocol static | ||
+ | { | ||
+ | route 2803:1920::/32 via 2A0D:5600:X::2; | ||
+ | } | ||
+ | |||
+ | protocol device | ||
+ | { | ||
+ | scan time 5; | ||
+ | } | ||
+ | |||
+ | == /etc/bird/bird.conf == | ||
+ | router id 185.64.105.21; | ||
+ | |||
+ | protocol bgp ONEPROVIDER | ||
+ | { | ||
+ | local as 266671; | ||
+ | source address 185.64.105.21; | ||
+ | import none; | ||
+ | export all; | ||
+ | graceful restart on; | ||
+ | multihop 2; | ||
+ | neighbor 185.64.105.1 as 9009; | ||
+ | } | ||
+ | |||
+ | protocol static | ||
+ | { | ||
+ | route 45.225.75.0/24 via 185.64.105.21; | ||
+ | } | ||
+ | |||
+ | protocol device | ||
+ | { | ||
+ | scan time 5; | ||
+ | } | ||
+ | |||
+ | == should show == | ||
+ | bird> show proto all | ||
+ | name proto table state since info | ||
+ | ONEPROVIDER BGP master up 14:14:14 Established | ||
+ | Preference: 100 | ||
+ | Input filter: REJECT | ||
+ | Output filter: ACCEPT | ||
+ | Routes: 0 imported, 1 exported, 0 preferred | ||
+ | Route change stats: received rejected filtered ignored accepted | ||
+ | Import updates: 2 0 2 0 0 | ||
+ | Import withdraws: 0 0 --- 2 0 | ||
+ | Export updates: 1 0 0 --- 1 | ||
+ | Export withdraws: 0 --- --- --- 0 | ||
+ | BGP state: Established | ||
+ | Neighbor address: 185.64.105.1 | ||
+ | Neighbor AS: 9009 | ||
+ | Neighbor ID: 91.216.163.254 | ||
+ | Neighbor caps: refresh restart-aware AS4 | ||
+ | Session: external multihop AS4 | ||
+ | Source address: 185.64.105.21 | ||
+ | Hold timer: 155/240 | ||
+ | Keepalive timer: 52/80 | ||
+ | |||
+ | static1 Static master up 14:13:47 | ||
+ | Preference: 200 | ||
+ | Input filter: ACCEPT | ||
+ | Output filter: REJECT | ||
+ | Routes: 1 imported, 0 exported, 1 preferred | ||
+ | Route change stats: received rejected filtered ignored accepted | ||
+ | Import updates: 1 0 0 0 1 | ||
+ | Import withdraws: 0 0 --- 0 0 | ||
+ | Export updates: 0 0 0 --- 0 | ||
+ | Export withdraws: 0 --- --- --- 0 | ||
+ | |||
+ | device1 Device master up 14:13:47 | ||
+ | Preference: 240 | ||
+ | Input filter: ACCEPT | ||
+ | Output filter: REJECT | ||
+ | Routes: 0 imported, 0 exported, 0 preferred | ||
== /etc/quagga/bgpd.conf == | == /etc/quagga/bgpd.conf == | ||
! | ! | ||
- | ! Zebra configuration saved from vty | + | hostname hades |
- | ! 2017/12/17 00:41:25 | + | password Ddnv6ovqSEwtdiL9q89KKAmV |
- | ! | + | |
- | hostname XXXXXXXXXXXX | + | |
- | password XXXXXXXXXXXX | + | |
log file /var/log/bgpd.log | log file /var/log/bgpd.log | ||
log stdout | log stdout | ||
! | ! | ||
router bgp 266671 | router bgp 266671 | ||
- | bgp router-id 185.64.105.21 | + | bgp router-id 37.120.157.227 |
- | neighbor 185.64.105.1 remote-as 61272 | + | neighbor 37.120.157.225 remote-as 9009 |
+ | neighbor 2A0D:5600:X::1 remote-as 9009 | ||
! | ! | ||
+ | address-family ipv6 | ||
+ | network 2803:1920::/32 | ||
+ | neighbor 2A0D:5600:X::1 activate | ||
+ | exit-address-family | ||
+ | address-family ipv4 | ||
network 45.225.75.0/24 | network 45.225.75.0/24 | ||
- | neighbor 185.64.105.1 activate | + | neighbor 37.120.157.225 activate |
+ | exit-address-family | ||
exit | exit | ||
! | ! | ||
line vty | line vty | ||
! | ! | ||
+ | |||
+ | == /etc/network/interfaces == | ||
+ | source /etc/network/interfaces.d/* | ||
+ | | ||
+ | # The loopback network interface | ||
+ | auto lo | ||
+ | iface lo inet loopback | ||
+ | | ||
+ | # The primary network interface | ||
+ | allow-hotplug eth0 | ||
+ | iface eth0 inet static | ||
+ | address 185.64.105.21/24 | ||
+ | gateway 185.64.105.1 | ||
+ | # dns-* options are implemented by the resolvconf package, if installed | ||
+ | dns-nameservers 91.216.163.2 91.216.163.3 | ||
+ | dns-search op-net.com | ||
+ | | ||
+ | #router gateway | ||
+ | | ||
+ | auto eth0:0 | ||
+ | iface eth0:0 inet static | ||
+ | address 45.225.75.1 | ||
+ | netmask 255.255.255.255 | ||
| | ||
- | == command == | + | ## Ipv6 configuration |
- | echo '' > /var/log/bgpd.log | + | iface eth0 inet6 static |
- | mkdir -p /run/quagga | + | address 2a04:2180:0:2::12b |
- | chown quagga.quagga /run/quagga /var/log/bgpd.log | + | netmask 64 |
- | /usr/sbin/zebra --daemon -A 127.0.0.1 -g quagga -u quagga -f /etc/quagga/zebra.conf | + | gateway 2a04:2180:0:2::1 |
- | sleep 20 | + | dns-nameservers 2a04:2180::101:53 2a04:2180::102:53 |
- | /usr/sbin/bgpd --daemon -A 127.0.0.1 -g quagga -u quagga -f /etc/quagga/bgpd.conf | + | |
- | == check BGP == | + | == Setup the tunnel from oneprovider to confiared == |
- | * vtysh | + | |
- | * show ip bgp summary | + | |
- | * Should show: | + | |
- | BGP router identifier 185.64.105.21, local AS number 266671 | + | /sbin/modprobe ipip |
- | RIB entries 4, using 448 bytes of memory | + | /sbin/ip tu ad confiared mode ipip local 185.64.105.21 remote 190.186.245.10 ttl 64 dev eth0 |
- | Peers 1, using 9088 bytes of memory | + | /sbin/ip ad ad dev confiared 10.0.0.1 peer 45.225.75.2/32 |
- | Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd | + | /sbin/ip li se dev confiared up |
- | 185.64.105.1 4 61272 8 9 0 0 0 00:04:22 2 | + | /sbin/ip link set dev confiared mtu 1280 |
- | Total number of neighbors 1 | + | /bin/ping 45.225.75.2 & |
+ | /sbin/ip ro ad 45.225.75.0/24 via 45.225.75.2 | ||
+ | |||
+ | == service script == | ||
+ | #! /bin/sh | ||
+ | ### BEGIN INIT INFO | ||
+ | # Provides: uptunnel | ||
+ | # Required-Start: $remote_fs $time | ||
+ | # Required-Stop: umountnfs $time | ||
+ | # X-Stop-After: sendsigs | ||
+ | # Default-Start: 2 3 4 5 | ||
+ | # Default-Stop: 0 1 6 | ||
+ | # Short-Description: up tunnel | ||
+ | # Description: up tunnel | ||
+ | ## END INIT INFO | ||
+ | |||
+ | # | ||
+ | # Author: BRULE Herman Jacques Roger <alpha_one_x86@first-world.info> | ||
+ | # | ||
+ | |||
+ | # PATH should only include /usr/* if it runs after the mountnfs.sh script | ||
+ | PATH=/sbin:/usr/sbin:/bin:/usr/bin | ||
+ | DESC="up tunnel" | ||
+ | NAME=uptunnel | ||
+ | |||
+ | uptunnel=uptunnel | ||
+ | DAEMON=/root/up-tunnel.sh | ||
+ | PIDFILE=/var/run/uptunnel.pid | ||
+ | |||
+ | SCRIPTNAME=/etc/init.d/$NAME | ||
- | == Setup the tunnel from oneprovider to confiared == | + | # Define LSB log_* functions. |
- | modprobe ipip | + | . /lib/lsb/init-functions |
- | ip tu ad confiared mode ipip local 185.64.105.21 remote 190.186.245.10 ttl 64 dev eth0 | + | |
- | ip ad ad dev confiared 10.0.0.1 peer 10.0.0.2/32 | + | case "$1" in |
- | ip li se dev confiared up | + | start) |
- | ip ro ad 45.225.75.0/24 via 10.0.0.2 | + | log_daemon_msg "Starting $DESC" "$uptunnel" |
+ | start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON | ||
+ | |||
+ | ;; | ||
+ | stop) | ||
+ | log_daemon_msg "Stopping $DESC" "$uptunnel" | ||
+ | start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON | ||
+ | |||
+ | ;; | ||
+ | restart|force-reload) | ||
+ | $0 stop | ||
+ | $0 start | ||
+ | ;; | ||
+ | try-restart) | ||
+ | $0 status >/dev/null 2>&1 && $0 restart | ||
+ | ;; | ||
+ | status) | ||
+ | status_of_proc -p $PIDFILE $DAEMON $uptunnel && exit 0 || exit $? | ||
+ | ;; | ||
+ | *) | ||
+ | echo "Usage: $SCRIPTNAME {start|stop|rotate|restart|force-reload|try-restart|status}" >&2 | ||
+ | exit 3 | ||
+ | ;; | ||
+ | esac | ||
+ | |||
+ | : | ||
+ | |||
+ | == Setup the tunnel from confiared to oneprovider == | ||
+ | |||
+ | Add into /etc/iproute2/rt_tables: 200 confiared | ||
+ | |||
+ | /sbin/modprobe ipip | ||
+ | /bin/ip tu ad oneprovider mode ipip local 190.186.245.10 remote 185.64.105.21 ttl 64 dev eth0 | ||
+ | /bin/ip ad ad dev oneprovider 45.225.75.2 peer 10.0.0.1/32 | ||
+ | /bin/ip li se dev oneprovider up | ||
+ | /bin/ip link set dev oneprovider mtu 1280 | ||
+ | /bin/ping 10.0.0.1 & | ||
+ | # real ISP | ||
+ | /bin/ip ro ad 185.64.105.21/32 via ISPIPv4Gateway | ||
+ | # return gateway | ||
+ | /bin/ip rule add from 45.225.75.0/24 table confiared | ||
+ | /bin/ip route add default via 10.0.0.1 dev oneprovider table confiared | ||
+ | /bin/ip route add 172.20.0.0/16 dev eth0 table confiared | ||
+ | |||
+ | |||
+ | == Registring to RIPE == | ||
+ | === Create a RIPE NCC Access Account === | ||
+ | Create a RIPE NCC Access Account: https://access.ripe.net/registration | ||
+ | |||
+ | === Create your person/maintainer object in the RIPE Database === | ||
+ | Create your person/maintainer object in the RIPE Database: | ||
+ | https://apps.db.ripe.net/db-web-ui/#/webupdates/create/person/self | ||
+ | ( please note that before you can create your person/maintainer | ||
+ | pair you first need to login with your RIPE NCC Access account) | ||
+ | |||
+ | === Create your autnum object === | ||
+ | Create your autnum object: | ||
+ | https://apps.db.ripe.net/db-web-ui/#/webupdates/create/RIPE/aut-num | ||
+ | Please fill in the AS number you are going to use for the route object(s), an | ||
+ | organisation name, and the nic-handle that you created in your | ||
+ | person/maintainer object in the admin-c and the tech-c. | ||
+ | |||
+ | === Create your route object === | ||
+ | Create your route object: | ||
+ | https://apps.db.ripe.net/db-web-ui/#/webupdates/create/RIPE/route | ||
+ | Please fill in your prefix and the AS number and submit. | ||
+ | |||
+ | Your route object will now be visible in the RIPE Database. | ||
+ | |||
+ | Please note that we do not control routing configuration and do not | ||
+ | have an active role in the configuration of the routers and BGP | ||
+ | setting being used. | ||
+ | |||
+ | Entering Route object into the RIPE Database does not automatically | ||
+ | mean those routes will be picked up by the providers/networks. | ||
+ | |||
+ | Some networks filter and configure their routers automatically using | ||
+ | the RIPE Database Internet Routing registry (IRR). You will need to | ||
+ | make sure your routing configuration is set up correctly. | ||