Peering¶
Now we will begin to setup peerings between our pods. The ISP pods will also setup peering with external transit providers to connect all pods with the Internet. Please use one of the peering templates from below to setup the BGP peerings.
Do not use for production!
These peering templates do not contain any security related hardening. The import all; statement will accept any routes received from a peer. This allows several attacks to pods like intercepting their traffic. Please be kind to your BGP peers until all pods have peerings established in this Internet of trust. After that we can discuss and test potential BGP-based attacks.
You need to get in contact with potential peers (ORG, IXP) and at least two transits (ISP). You need to:
- get in contact and talk to each other
- do some legal stuff
- order your cross connects
- agree with your peers who provide the transit networks
- configure the peering interfaces (
ifstate.yaml) - configure the BGP sessions (
bird.conf)
A private peering exchanges routes and traffics of two peers. The peering with the route server(s) at an IXP is also a private peering.
protocol bgp ebgp_podX_4 from tpl_bgp {
neighbor 212.111.xxx.yyy as 2nnnnn;
ipv4 {
import all;
export filter {
if net_local() then accept;
reject;
};
};
}
protocol bgp ebgp_podX_6 from tpl_bgp {
neighbor 2001:xxxx:yyyy:iiii::j as 2nnnnn;
ipv6 {
import all;
export filter {
if net_local() then accept;
reject;
};
};
}
A private peering exchanges routes and traffics of two peers. ISPs also include their downstream customer networks. The peering with the route server(s) at an IXP is also a private peering.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | |
A customer peering will provide transit for customers of the ISP.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | |
A transit peering will provide Internet connectivity to an ORG.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | |
A transit peering will provide Internet connectivity to an ISP.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | |
Route servers at an IXP are essential to make peering at an IXP more attractive and easier to setup. Without route servers, peers would need to setup peerings to all peers at the IXP manually to exchange data with them. The addresses used to connect the peer should be within the seperate network namespace and is shown in IfState chapter.
protocol bgp ebgp_peer_1_6 {
neighbor 2001:67c:2fb0:dffX::1:NN as 2nnnnn;
local as 650NN;
ipv6 {
import all;
export all;
}
}