+ Responder ao Tópico



  1. Obrigado alexandrecorrea,

    no último teste feito com o pessoal da Oi, todas estas opções estavam desmarcadas (inclusive Redistribute Static e Connected).

    Vi em diversos foruns filtros para Cisco onde bloqueiam todos os anuncios saintes pelo peer (0.0.0.0/0 le 32) e permitindo somente o anuncio do próprio AS.

    Agora não tenho em mãos estes filtros e coloco pela manhã.

    Att

  2. O Exemplo abaixo foi retirado do documento A How To Guide To BGP de autoria de Lane Patterson e Louis Lee encontrado em A How-To Guide to BGP Multihoming

    Pelo que observei ilustra bem o cenário que tenho hoje onde quero fazer a ligação com as duas operadoras.

    Se entendi corretamente o básico dos filtros BGP nesta configuração temos uma chain chamada BOGON a qual ser utilizada para filtrar a entrada das redes indesejadas (inválidas) e uma chain ANNOUNCE que será utilizadas para permitir somente a saída dos meus anuncios.

    Example 1 Router Configuration

    Código :
    ! Single-router, PA-space, Basic Config 
     ! 
     ! Define your BGP ASN on your router 
     autonomous-system 900 
     ! 
     ! Define static NULL route to networks that 
     ! will be announced to providers via BGP. 
     ip route 198.18.1.0 255.255.255.0 Null0 200 
     ! 
     ! Define ANNOUNCE prefix list, of your netblocks to announce  
     ! via BGP to your providers.  You will apply this prefix- 
     ! list outbound on the BGP session to each provider. 
     ip prefix-list ANNOUNCE description Our External Netblocks 
     ip prefix-list ANNOUNCE seq 10 permit 198.18.1.0/24 
     ! 
     ! Define BOGONS prefix list, of bad netblocks you 
     ! need to block from being accepting from your providers. 
     ! Don’t just trust your provider to run a clean network! 
     ! You will apply this prefix-list inbound on the BGP 
     ! session to each provider. 
     ip prefix-list BOGONS description Bad Routes to Block In 
     ip prefix-list BOGONS seq 10 deny 0.0.0.0/8 le 32 
     ip prefix-list BOGONS seq 15 deny 10.0.0.0/8 le 32 
     ip prefix-list BOGONS seq 20 deny 127.0.0.0/8 le 32 
     ip prefix-list BOGONS seq 25 deny 172.16.0.0/12 le 32 
     ip prefix-list BOGONS seq 30 deny 192.0.2.0/24 le 32 
     ip prefix-list BOGONS seq 35 deny 192.168.0.0/16 le 32 
     ip prefix-list BOGONS seq 40 deny 224.0.0.0/3 le 32 
     ! Prevent someone else from announcing your own prefix(es) 
     ! back to you, for security: update this with YOUR 
     ! actual announced block(s)! 
     ip prefix-list BOGONS seq 1000 deny 198.18.1.0/24 le 32 
     ! Accept any other routes bigger or equal to /27.  You 
     ! can tweak this up to /24 if you like. 
     ip prefix-list BOGONS seq 9999 permit 0.0.0.0/0 le 27 
     ! 
     
     ! 
     router bgp 900 
      ! don’t require your IGP to be in synch with BGP, 
      ! synchronization has been outmoded for some time. 
      no synchronization 
      ! tell your  router to log changes to your BGP  
      ! sessions, you’ll want to be concerned with BGP 
      ! sessions when they go up and down, it’s just as 
      ! important to your routing as a link up/down. 
      bgp log-neighbor-changes 
      ! enable BGP dampening to minimize adverse impact 
      ! of “flapping” routes (routes that are announced 
      ! and withdrawn repeatedly). 
      bgp dampening 
      ! define your BGP network statements: these are the 
      ! aggregate external IP blocks you will be announcing 
      ! to the Internet.  Note that the network statement 
      ! will not be effective unless there is an underlying 
      ! route for the network, which is why we defined a 
      ! static NULL route for this block above. 
      network 198.18.1.0 mask 255.255.255.0 
      Version 1.2  A How-To Guide to BGP Multihoming  Lane Patterson 
     Feb 2004    Louis Lee 
     Page 10 of 10 
      ! define our BGP session with ISP-1 (ASN 200) 
      ! 
      neighbor 1.1.1.1 remote-as 200 
      ! description allows you to put add a text label 
      neighbor 1.1.1.1 description BGP Transit to ISP-1 
      ! hard-code version 4 to short-cut BGP version negotiation 
      neighbor 1.1.1.1 version 4 
      ! send-community is nice if you will be setting communities 
      ! on routes you announce to influence how your upstream 
      ! provider re-announces the routes to the Internet.  Many 
      ! providers support sophisticated community sets to allow 
      ! this kind of customer control. 
      neighbor 1.1.1.1 send-community 
      ! Soft reconfiguration is nice, it prevents complete   
      ! withdrawal and relearning of routes when doing “clear 
      ! ip bgp” command.  But it does require enough RAM to 
      ! cache an extra copy of the table. 
      neighbor 1.1.1.1 soft-reconfiguration inbound 
      ! Filter out bogus prefixes from your upstream.  Don’t 
      ! trust your ISP to do this for you. 
      neighbor 1.1.1.1 prefix-list BOGONS in 
      ! Limit your announcement just to your public prefix(es). 
      ! This enforces aggregation, and prevents you from  
      ! announcing ASN 200’s routes to ASN 300, which would   
      ! accidentally make yourself a transit between the two 
      ! ISPs. 
      neighbor 1.1.1.1 prefix-list ANNOUNCE out 
      ! enforce max-prefix limit: just in case your provider 
      ! blows up their routing tables, this keeps your router 
      ! from melting under the stress by shutting off the 
      ! mis-behaving BGP session instead.  Once your ISP fixes 
      ! the problem, you can re-enable with a “clear ip bgp ...” 
      neighbor 1.1.1.1 maximum-prefix 140000 
     
      ! define BGP session with ISP-2 (ASN 300) 
      neighbor 2.2.2.1 remote-as 300 
      neighbor 2.2.2.1 description BGP Transit to ISP-2 
      neighbor 2.2.2.1 version 4 
      neighbor 2.2.2.1 send-community 
      neighbor 2.2.2.1 soft-reconfiguration inbound 
      neighbor 2.2.2.1 prefix-list BOGONS in 
      neighbor 2.2.2.1 prefix-list ANNOUNCE out 
      neighbor 2.2.2.1 maximum-prefix 140000 
      ! 
     end
    Os filtros que aqui criei (Mikrotik) estão abaixo. Na minha regra AS_out que utilizo no filter out dos meus peers é para descartar todos os prefixos diferentes dos do meu AS.

    Código :
     /routing filter export 
    # may/20/2010 09:34:38 by RouterOS 4.9
     
    /routing filter
    add action=discard chain=AS_out comment="" disabled=no invert-match=no  prefix=!187.1xx.xxx.0/20 prefix-length=32 set-bgp-weight=20
    add action=accept chain=AS_out comment="yes" disabled=no invert-match=no  prefix=187.1xx.xxx.0/20 prefix-length=32 set-bgp-weight=20
    add action=passthrough chain=AS_out comment="" disabled=no  invert-match=no prefix=187.1xx.xxx.0/20 set-bgp-weight=20
    add action=passthrough chain=AS_out comment="" disabled=no  invert-match=no set-bgp-weight=20
    add action=discard bgp-as-path-length=!0-2 chain=AS_out comment=""  disabled=no invert-match=no
    add action=discard chain=BOGONS comment="" disabled=no invert-match=no  prefix=0.0.0.0/8 prefix-length=32
    add action=discard chain=BOGONS comment="" disabled=no invert-match=no  prefix=10.0.0.0/8 prefix-length=32
    add action=discard chain=BOGONS comment="" disabled=no invert-match=no  prefix=127.0.0.0/8 prefix-length=32
    add action=discard chain=BOGONS comment="" disabled=no invert-match=no  prefix=172.16.0.0/12 prefix-length=32
    add action=discard chain=BOGONS comment="" disabled=no invert-match=no  prefix=192.0.2.0/24 prefix-length=32
    add action=discard chain=BOGONS comment="" disabled=no invert-match=no  prefix=192.168.0.0/16 prefix-length=32
    add action=discard chain=BOGONS comment="" disabled=no invert-match=no  prefix=224.0.0.0/3 prefix-length=32
    add action=discard chain=BOGONS comment="" disabled=no invert-match=no  prefix=187.19.96.0/21 prefix-length=32
    add action=discard chain=BOGONS comment="" disabled=no invert-match=no  prefix=0.0.0.0/0 prefix-length=27
    [admin@rtborder] >
    Coloco aqui para melhor entendimento as configurações do BGP.

    Código :
    /routing bgp instance
    add as=28xxx client-to-client-reflection=no comment="" disabled=no  ignore-as-path-len=no name=bgp_28xxx out-filter=AS_out  redistribute-connected=no \
        redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no  redistribute-static=no router-id=187.1xx.xxx.1 routing-table=""
     
    /routing bgp network
    add comment="" disabled=no network=187.1xx.xxx.0/21 synchronize=no
     
    /routing bgp peer
     
    add address-families=ip as-override=no comment=""  default-originate=never disabled=no hold-time=3m in-filter=BOGONS  instance=bgp_28xxx max-prefix-limit=20 \
        multihop=yes name=peer_oi nexthop-choice=default out-filter=AS_out  passive=no remote-address=201.40.xxx.1x0 remote-as=8167  remove-private-as=no \
        route-reflect=no tcp-md5-key="" ttl=255 update-source=loopback  use-bfd=no
     
    add address-families=ip as-override=no comment=""  default-originate=never disabled=no hold-time=3m in-filter=BOGONS  instance=bgp_28xxx multihop=yes name=\
        peer_gvt nexthop-choice=default out-filter=AS_out passive=no  remote-address=201.47.xxx.1x5 remote-as=18881 remove-private-as=no  route-reflect=no \
        tcp-md5-key="" ttl=default update-source=loopback use-bfd=no
    Antecipadamente agradeço pela ajuda,



  3. Boa noite,

    amigos eu estou tentado a 3 dias solicitar que a OI ative o BGP no meu link, ja tentei diverssas vezes no 0800 mas eles nao sabem o que é. enfim alguem poderia me ajudar?

  4. Olá

    Mande um email detalhado, com todos os seus dados, número de circuito, etc parta cacorpr2@oi.net.br. Hoje em dia, por incrível que pareça, é o canal mais efetivo de comunicação com a OI.

    Citação Postado originalmente por jonydboy Ver Post
    Boa noite,

    amigos eu estou tentado a 3 dias solicitar que a OI ative o BGP no meu link, ja tentei diverssas vezes no 0800 mas eles nao sabem o que é. enfim alguem poderia me ajudar?



  5. Obrigado pela atenção,

    mas o email voltou, sera esse mesmo?


    Citação Postado originalmente por xandemartini Ver Post
    Olá

    Mande um email detalhado, com todos os seus dados, número de circuito, etc parta cacorpr2@oi.net.br. Hoje em dia, por incrível que pareça, é o canal mais efetivo de comunicação com a OI.






Tópicos Similares

  1. configurar bgp - cisco 2800 series
    Por felix no fórum Cisco
    Respostas: 3
    Último Post: 18-01-2012, 08:58
  2. Como configurar BGP com uma operadora?
    Por Rador no fórum Redes
    Respostas: 3
    Último Post: 26-06-2011, 15:49
  3. Não consigo configurar firewall
    Por buosinet no fórum Servidores de Rede
    Respostas: 5
    Último Post: 29-11-2004, 19:09
  4. como configurar perl-5.6.1
    Por haysar no fórum Servidores de Rede
    Respostas: 1
    Último Post: 14-06-2002, 22:39
  5. Não consigo configurar firewall
    Por buosinet no fórum Servidores de Rede
    Respostas: 1
    Último Post: 28-03-2002, 21:44

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L