How we transitioned our BGP-RS filtering

Edrich de Lange

Vice Chair, INX-ZA

Creates unnecessary mail

From: xxxSent: 22 July 2018 12:44 PMTo: 'jinx-announce@xxxxxx'; 'dinx-announce@xxxxxx';'cinx-announce@xxxxxx'Subject: BGP filter updates for sessions with ASxxx

Dear peers,

We, xxx - ASxx, peer with you at the followinglocations:

[..]

IRR is old..

.. but not well understood.

Opportunity: Do training with community to both train and grow community.

Bonus Points: Do some RPKI training and get peers to use our validators/RP caches

BGP router identifier 196.223.14.3, local AS number 37474RIB entries 120014, using 13 MiB of memoryPeers 201, using 897 KiB of memoryPeer groups 4, using 128 bytes of memory

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down PfxRcd196.223.14.1 4 37700 2515976 177284 0 0 0 23w4d02h 60124196.223.14.2 4 37700 2477698 177302 0 0 0 03w4d02h 46265

14,000 prefixes later …

BGP router identifier 196.223.14.3, local AS number 37474RIB entries 120014, using 13 MiB of memoryPeers 201, using 897 KiB of memoryPeer groups 4, using 128 bytes of memory

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down PfxRcd196.223.14.1 4 37700 2515976 177284 0 0 0 23w4d02h 60124196.223.14.2 4 37700 2477698 177302 0 0 0 03w4d02h 46265

14,000 prefixes later …

Raw prefixes * Friendly Filtered IRR Filter0

10000

20000

30000

40000

50000

60000

70000

Prefixes

Let’s be clear about this IXPs love extra

prefixes.

But we prefer being secure.

Advertised and acceptedAdvertised and accepted

Advertised and NOT accepted

So Whats next?

RPKI? Sadly, not quite yet.

Mikrotik,Ubiquity,edgecore,fortinet,huawei,TPLINK,

JuniperCiscoMikrotikMiscTPLINK?!?!?!

Still to come

We’ll settle on filtering based on IRR objects and put that into automation.

More training on using IRR (bad, bad AfriNIC!). Please SPAM them!

BGP-RS RPKI integration, but *only* after training. We’re actually delaying this because we’ve seen problems !

Happy to work with any one who needs help.