Podcast: Descargar (Duración: 26:20 — 25.1MB)
Hoy os traemos Adrián y yo una conversación sobre la gestión de filtros en BGP. A veces cuando contratáis un tránsito os piden que les digáis los rangos que se van a anunciar, pues mal, eso no es lo más adecuado desde que tenemos los objetos de RIPE AS y AS-SET.
En el capítulo de hoy os contamos la diferencia entre access-list, prefix-list y route-map.
También os hablamos de bgpq4 que podéis descargar desde https://github.com/bgp/bgpq4.
Otra cosa que os comentamos es la direfencia entre AS y AS-SET y luego hablamos de RPKI y cómo automatizar los filtros.
Ejemplos:
Lista de prefijos:
bgpq4 -A -SRADB,RIPE -F ‘%n/%l\n’ -4 AS-TECNOCRATICA
bgpq4 -A -SRADB,RIPE -F ‘%n/%l\n’ -6 AS-TECNOCRATICA
Lista de prefijos de sólo un AS:
bgpq4 -A -SRADB,RIPE -F ‘%n/%l\n’ -4 as15954
bgpq4 -A -SRADB,RIPE -F ‘%n/%l\n’ -6 as15954
Configuración Cisco:
bgpq4 -Al tecnocratica AS-TECNOCRATICA
bgpq4 -Al tecnocratica -6 AS-TECNOCRATICA
El ejemplo de un comando de cada sería:
$ bgpq4 -A -SRADB,RIPE -F ‘%n/%l\n’ -4 AS-TECNOCRATICA
2.56.165.0/24
5.56.160.0/21
5.181.44.0/22
23.139.41.0/24
23.188.240.0/24
31.24.120.0/21
31.47.72.0/21
31.170.100.0/22
37.247.120.0/21
38.103.194.0/24
38.143.153.0/24
44.9.16.0/21
44.31.43.0/24
44.31.80.0/24
44.31.92.0/22
44.31.182.0/24
44.161.204.0/23
44.161.219.0/24
44.161.220.0/22
44.161.230.0/24
44.161.237.0/24
[…]
edu@andromeda:~$ bgpq4 -A -SRADB,RIPE -F ‘%n/%l\n’ -4 as15954
31.24.120.0/21
31.47.72.0/21
37.247.120.0/21
91.199.120.0/24
91.216.219.0/24
185.49.184.0/22
185.57.196.0/22
185.66.73.0/24
185.66.74.0/24
185.203.224.0/22
194.176.119.0/24
217.18.32.0/20
edu@andromeda:~$ bgpq4 -Al tecnocratica AS-TECNOCRATICA
no ip prefix-list tecnocratica
ip prefix-list tecnocratica permit 2.56.165.0/24
ip prefix-list tecnocratica permit 5.56.160.0/21 le 22
ip prefix-list tecnocratica permit 5.181.44.0/22
ip prefix-list tecnocratica permit 8.23.229.0/24
ip prefix-list tecnocratica permit 23.132.185.0/24
ip prefix-list tecnocratica permit 23.136.232.0/24
ip prefix-list tecnocratica permit 23.138.216.0/24
ip prefix-list tecnocratica permit 23.139.41.0/24
ip prefix-list tecnocratica permit 23.140.248.0/23 ge 24 le 24
ip prefix-list tecnocratica permit 23.141.88.0/24
ip prefix-list tecnocratica permit 23.188.240.0/24
ip prefix-list tecnocratica permit 31.24.120.0/21
ip prefix-list tecnocratica permit 31.47.72.0/21
ip prefix-list tecnocratica permit 31.170.100.0/22
ip prefix-list tecnocratica permit 37.247.120.0/21
ip prefix-list tecnocratica permit 38.103.194.0/24
ip prefix-list tecnocratica permit 38.134.111.0/24
ip prefix-list tecnocratica permit 38.143.153.0/24
ip prefix-list tecnocratica permit 41.216.177.0/24
ip prefix-list tecnocratica permit 41.216.178.0/24
ip prefix-list tecnocratica permit 41.216.186.0/24
ip prefix-list tecnocratica permit 44.9.16.0/21
ip prefix-list tecnocratica permit 44.31.43.0/24
ip prefix-list tecnocratica permit 44.31.80.0/24
ip prefix-list tecnocratica permit 44.31.92.0/22
ip prefix-list tecnocratica permit 44.31.182.0/24
ip prefix-list tecnocratica permit 44.159.68.0/24
ip prefix-list tecnocratica permit 44.161.204.0/23
ip prefix-list tecnocratica permit 44.161.219.0/24
ip prefix-list tecnocratica permit 44.161.220.0/22
ip prefix-list tecnocratica permit 44.161.230.0/24
ip prefix-list tecnocratica permit 44.161.237.0/24
ip prefix-list tecnocratica permit 44.161.238.0/23
ip prefix-list tecnocratica permit 44.161.240.0/21
ip prefix-list tecnocratica permit 44.161.248.0/22
ip prefix-list tecnocratica permit 45.13.185.0/24
ip prefix-list tecnocratica permit 45.61.161.0/24
ip prefix-list tecnocratica permit 45.61.162.0/24
ip prefix-list tecnocratica permit 45.81.152.0/22
ip prefix-list tecnocratica permit 45.89.255.0/24
ip prefix-list tecnocratica permit 45.90.16.0/22
ip prefix-list tecnocratica permit 45.90.145.0/24
ip prefix-list tecnocratica permit 45.95.113.0/24
ip prefix-list tecnocratica permit 45.130.16.0/22
ip prefix-list tecnocratica permit 45.131.132.0/22
ip prefix-list tecnocratica permit 45.137.160.0/22
[…]
Y en IPv6 pondríamos simplemente -6, esto lo podéis hacer en cualquier ordenador que tenga bgpq4 instalado.