Differences

This shows you the differences between two versions of the page.

--- how_route_lacnic_ipv4_block_with_oneprovider [2018/01/24 18:40]
admin
+++ how_route_lacnic_ipv4_block_with_oneprovider [2019/05/31 00:40] (current)
admin
@@ Line 1: / Line 1: @@
 You need **have public IPv4** for the tunnel type in this howto. **One server with BGP session options** and talk to oneprovider to enable the option (it's not free, the price is on demand, here +50€/month).
-Our ASN for the exemple is ASN 266671, announced route is: 45.225.75.0/24, oneprovider ASN is 61272
+Our ASN for the exemple is ASN 266671, announced route is: 45.225.75.0/24, oneprovider ASN is 9009
 Here we use limited MTU to work over PPP (GPON)
+PS: 00:22:4d:a4:3b:51 from I receive my trafic (MITAC INTERNATIONAL CORP.)
 == Please add a route object from your LACNIC account pointing your range to your ASN 266671. ==
@@ Line 10: / Line 12: @@
 {{:lacnic-2.png?direct|}}
-== /etc/quagga/zebra.conf ==
+== /etc/bird/bird6.conf ==
-  !
+  router id 37.120.157.227;
-  ! Zebra configuration saved from vty
-  !   2017/12/17 00:41:25
+  protocol bgp ONEPROVIDER
-  !
+  {
-  hostname XXXX
+    local as 266671;
-  password XXXXXXXX
+    source address 2A0D:5600:X:2;
-  log file /var/log/bgpd.log
+    import none;
-  log stdout
+    export all;
-  !
+    graceful restart on;
-  line vty
+    multihop 2;
-  !
+    neighbor 2A0D:5600:X::1 as 9009;
+  }
+  protocol static
+  {
+    route 2803:1920::/32 via 2A0D:5600:X::2;
+  }
+  protocol device
+  {
+    scan time 5;
+  }
+== /etc/bird/bird.conf ==
+    router id 185.64.105.21;
+  protocol bgp ONEPROVIDER
+  {
+      local as 266671;
+      source address 185.64.105.21;
+      import none;
+      export all;
+      graceful restart on;
+      multihop 2;
+      neighbor 185.64.105.1 as 9009;
+  }
+  protocol static
+  {
+      route   45.225.75.0/24 via 185.64.105.21;
+  }
+  protocol device
+  {
+      scan time 5;
+  }
+== should show ==
+    bird> show proto all
+    name     proto    table    state  since       info
+    ONEPROVIDER BGP      master   up     14:14:14    Established
+    Preference:     100
+    Input filter:   REJECT
+    Output filter:  ACCEPT
+    Routes:         0 imported, 1 exported, 0 preferred
+    Route change stats:     received   rejected   filtered    ignored   accepted
+        Import updates:              2          0          2          0          0
+        Import withdraws:            0          0        ---          2          0
+        Export updates:              1          0          0        ---          1
+        Export withdraws:            0        ---        ---        ---          0
+    BGP state:          Established
+        Neighbor address: 185.64.105.1
+        Neighbor AS:      9009
+        Neighbor ID:      91.216.163.254
+        Neighbor caps:    refresh restart-aware AS4
+        Session:          external multihop AS4
+        Source address:   185.64.105.21
+        Hold timer:       155/240
+        Keepalive timer:  52/80
+    static1  Static   master   up     14:13:47
+    Preference:     200
+    Input filter:   ACCEPT
+    Output filter:  REJECT
+    Routes:         1 imported, 0 exported, 1 preferred
+    Route change stats:     received   rejected   filtered    ignored   accepted
+        Import updates:              1          0          0          0          1
+        Import withdraws:            0          0        ---          0          0
+        Export updates:              0          0          0        ---          0
+        Export withdraws:            0        ---        ---        ---          0
+    device1  Device   master   up     14:13:47
+    Preference:     240
+    Input filter:   ACCEPT
+    Output filter:  REJECT
+    Routes:         0 imported, 0 exported, 0 preferred
 == /etc/quagga/bgpd.conf ==
   !
-  ! Zebra configuration saved from vty
+  hostname hades
-  !   2017/12/17 00:41:25
+  password Ddnv6ovqSEwtdiL9q89KKAmV
-  !
-  hostname XXXXXXXXXXXX
-  password XXXXXXXXXXXX
   log file /var/log/bgpd.log
   log stdout
   !
   router bgp 266671
-   bgp router-id 185.64.105.21
+   bgp router-id 37.120.157.Z
-   neighbor 185.64.105.1 remote-as 61272
+   neighbor 37.120.157.Y remote-as 9009
+   neighbor 2A0D:5600:X::1 remote-as 9009
   !
+   address-family ipv6
+   network 2803:1920::/32
+   neighbor 2A0D:5600:X::1 activate
+   exit-address-family
+   address-family ipv4
    network 45.225.75.0/24
-   neighbor 185.64.105.1 activate
+   neighbor 37.120.157.Y activate
+   exit-address-family
    exit
   !
   line vty
   !
+== /etc/network/interfaces ==
+  source /etc/network/interfaces.d/*
+  # The loopback network interface
+  auto lo
+  iface lo inet loopback
+  # The primary network interface
+  allow-hotplug eth0
+  iface eth0 inet static
+          address 185.64.105.21/24
+          gateway 185.64.105.1
+          # dns-* options are implemented by the resolvconf package, if installed
+          dns-nameservers 91.216.163.2 91.216.163.3
+          dns-search op-net.com
+  #router gateway
+  auto eth0:0
+  iface eth0:0 inet static
+  address 45.225.75.1
+  netmask 255.255.255.255
-== command ==
+  ## Ipv6 configuration
-  echo '' > /var/log/bgpd.log
+  iface eth0 inet6 static
-  mkdir -p /run/quagga
+          address 2a04:2180:0:2::12b
-  chown quagga.quagga /run/quagga /var/log/bgpd.log
+          netmask 64
-  /usr/sbin/zebra --daemon -A 127.0.0.1 -g quagga -u quagga -f /etc/quagga/zebra.conf
+          gateway 2a04:2180:0:2::1
-  sleep 20
+          dns-nameservers 2a04:2180::101:53 2a04:2180::102:53
-  /usr/sbin/bgpd --daemon -A 127.0.0.1 -g quagga -u quagga -f /etc/quagga/bgpd.conf
-== check BGP ==
+== Setup the tunnel from oneprovider to confiared ==
-  * vtysh
-  * show ip bgp summary
-    * Should show:
-  BGP router identifier 185.64.105.21, local AS number 266671
+  /sbin/modprobe ipip
-  RIB entries 4, using 448 bytes of memory
+  /sbin/ip tu ad confiared mode ipip local 185.64.105.21 remote 190.186.245.10 ttl 64 dev eth0
-  Peers 1, using 9088 bytes of memory
+  /sbin/ip ad ad dev confiared 10.0.0.1 peer 45.225.75.2/32
-  Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
+  /sbin/ip li se dev confiared up
-.64.105.1    4 61272       8       9        0    0    0 00:04:22        2
+  /sbin/ip link set dev confiared mtu 1280
-  Total number of neighbors 1
+  /bin/ping 45.225.75.2 &
+  /sbin/ip ro ad 45.225.75.0/24 via 45.225.75.2
+== service script ==
+  #! /bin/sh
+  ### BEGIN INIT INFO
+  # Provides:         uptunnel
+  # Required-Start:    $remote_fs $time
+  # Required-Stop:     umountnfs $time
+  # X-Stop-After:      sendsigs
+  # Default-Start:     2 3 4 5
+  # Default-Stop:      0 1 6
+  # Short-Description: up tunnel
+  # Description:       up tunnel
+  ## END INIT INFO
+  #
+  # Author: BRULE Herman Jacques Roger <alpha_one_x86@first-world.info>
+  #
+  # PATH should only include /usr/* if it runs after the mountnfs.sh script
+  PATH=/sbin:/usr/sbin:/bin:/usr/bin
+  DESC="up tunnel"
+  NAME=uptunnel
+  uptunnel=uptunnel
+  DAEMON=/root/up-tunnel.sh
+  PIDFILE=/var/run/uptunnel.pid
+  SCRIPTNAME=/etc/init.d/$NAME
-== Setup the tunnel from oneprovider to confiared ==
+  # Define LSB log_* functions.
+  . /lib/lsb/init-functions
+  case "$1" in
+    start)
+          log_daemon_msg "Starting $DESC" "$uptunnel"
+          start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON
+          ;;
+    stop)
+          log_daemon_msg "Stopping $DESC" "$uptunnel"
+          start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON
+          ;;
+    restart|force-reload)
+          $0 stop
+          $0 start
+          ;;
+    try-restart)
+          $0 status >/dev/null 2>&1 && $0 restart
+          ;;
+    status)
+          status_of_proc -p $PIDFILE $DAEMON $uptunnel && exit 0 || exit $?
+          ;;
+    *)
+          echo "Usage: $SCRIPTNAME {start|stop|rotate|restart|force-reload|try-restart|status}" >&2
+          exit 3
+          ;;
+  esac
+  :
+== Setup the tunnel from confiared to oneprovider ==
+Add into /etc/iproute2/rt_tables: 200 confiared
+  /sbin/modprobe ipip
+  /bin/ip tu ad oneprovider mode ipip local 190.186.245.10 remote 185.64.105.21 ttl 64 dev eth0
+  /bin/ip ad ad dev oneprovider 45.225.75.2 peer 10.0.0.1/32
+  /bin/ip li se dev oneprovider up
+  /bin/ip link set dev oneprovider mtu 1280
+  /bin/ping 10.0.0.1 &
+  # real ISP
+  /bin/ip ro ad 185.64.105.21/32 via ISPIPv4Gateway
+  # return gateway
+  /bin/ip rule add from 45.225.75.0/24 table confiared
+  /bin/ip route add default via 10.0.0.1 dev oneprovider table confiared
+  /bin/ip route add 172.20.0.0/16 dev eth0 table confiared
+== Registring to RIPE ==
+=== Create a RIPE NCC Access Account ===
+Create a RIPE NCC Access Account: https://access.ripe.net/registration
+=== Create your person/maintainer object in the RIPE Database ===
+Create your person/maintainer object in the RIPE Database:
+https://apps.db.ripe.net/db-web-ui/#/webupdates/create/person/self
+( please note that before you can create your person/maintainer
+pair you first need to login with your RIPE NCC Access account)
+=== Create your autnum object ===
+Create your autnum object:
+https://apps.db.ripe.net/db-web-ui/#/webupdates/create/RIPE/aut-num
+Please fill in the AS number you are going to use for the route object(s), an
+organisation name, and the nic-handle that you created in your
+person/maintainer object in the admin-c and the tech-c.
+=== Create your route object ===
+Create your route object:
+https://apps.db.ripe.net/db-web-ui/#/webupdates/create/RIPE/route
+Please fill in your prefix and the AS number and submit.
+Your route object will now be visible in the RIPE Database.
+Please note that we do not control routing configuration and do not
+have an active role in the configuration of the routers and BGP
+setting being used.
+Entering Route object into the RIPE Database does not automatically
+mean those routes will be picked up by the providers/networks.
-  modprobe ipip
+Some networks filter and configure their routers automatically using
-  ip tu ad confiared mode ipip local 185.64.105.21 remote 190.186.245.10 ttl 64 dev eth0
+the RIPE Database Internet Routing registry (IRR). You will need to
-  ip ad ad dev confiared 10.0.0.1 peer 10.0.0.2/32
+make sure your routing configuration is set up correctly.
-  ip li se dev confiared up
-  ip ro ad 45.225.75.0/24 via 10.0.0.2
-  ip link set dev confiared mtu 1280

Wiki de Confiared

User Tools

Site Tools

Differences

Page Tools