Large BGP Communities playground

Lately, in the IETF Inter-Domain Routing (idr) area, various efforts are going on to push a (IMHO) winning idea to solve a 32-bits-wide problem: standard BGP communities are no longer enough to describe routing policies which involve 4-byte ASNs. For example, how can I tell my transit provider to not announce my prefixes to AS65551 (a 4-byte ASN) using a schema like 65500:nnn do not announce to peer nnn? Well, draft-heitz-idr-large-community proposes a simple and quick solution to this problem: Large BGP Communities (http://largebgpcommunities.net/ for more info).

Many vendors seem to like the idea, some of them have already published a working implementation, others plan to work on it in the (hopefully) near future.

In order to test current implementations and see them with my own eyes I wanted to build a Large BGP community playground, just a way to have the new code up & running quickly. Hopefully I will keep it up to date as soon as more vendors release their code.

GoBGP:

# gobgp neighbor 192.0.2.2 adj-in
Network Next Hop AS_PATH Age Attrs
203.0.113.1/32 192.0.2.2 65536 00:14:49 [{Origin: i} {LargeCommunity: [ 65536:1:2]}]

ExaBGP:

Thu, 15 Sep 2016 14:15:18 5 routes peer 192.0.2.3 ASN 65537 << UPDATE (1) ( 4) attributes origin incomplete as-path [ 65537 ] large-community 65537:3:4

It’s on GitHub: comments or suggestions would be greatly appreciated.

RFC7050 (DNS64 prefix via ipv4only.arpa) on RIPE Atlas probes

You know when in the morning you wake up and a thought flashes across your mind? One of these mornings I had this: how many RIPE Atlas probes are on a NAT64/DNS64 scenario? RFC7050 can help to answer this question.

Read more …

Network monitoring: ripe-atlas-monitor

A post I wrote for RIPE Labs has been published today: The RIPE Atlas Monitor – Network Monitoring with RIPE Atlas.

It’s about a Python tool I developed to monitor results collected by RIPE Atlas probes and verify they match against predefined expected values: ripe-atlas-monitor:

descr: Check network reachability
matching_rules:
- descr: Probes from France via AS64496
  src_country: FR
  expected_results: ViaAS64496
  actions: EMailToNOC
- descr: RTT from AS64499 and AS64500 below 50ms
  src_as:
  - 64499
  - 64500
  expected_results: LowRTT
  actions: EMailToNOC
expected_results:
  ViaAS64496:
    upstream_as: 64496
  LowRTT:
    rtt: 50
actions:
  EMailToNOC:
    kind: email
    to_addr: noc@agreatcompany.org
    subject: "ripe-atlas-monitor: unexpected results"
measurement-id: 123456789

For more details: GitHub / official documentation site.

Contributions and suggestions from the community are very welcome!

What if… an IPv6-only network

Let’s suppose I decide to run an IPv6-only public hotspot: how many users would be able to surf the web with no troubles? That is, how many devices nowadays run OSs which are able to work out of the box without an IPv4 address?

Read more …

HTTPS + CT SCT TLS extension on my blog

Finally, I managed to enable HTTPS on my own blog!

I opted for a quick-and-dirty solution based on a self-compiled version of HAProxy in front of WordPress, statically linked to OpenSSL 1.0.2, in order to serve Certificate Transparency information during the TLS setup.

blog.pierky.com-SCT

Read more …