Multiple connections, and peering.

TheRoDent

TheRoDent

Cool Ideas Rep
Joined
Aug 6, 2003
Messages
6,758
Reaction score
3,858
Location
Johannesburg
Well, I still have my ADSL, and after getting MyWireless going under Linux, I thought: hmmm, How to loadbalance traffic across the 2 interfaces?

So, I figured, easy. Install Zebra (A BGP4 capable routing daemon) and let it handle the routing decisions between my ADSL PPP, and Sentech PPP.

Turns out it's more difficult than pulling teeth to get hold of BGP peering connections in .za. No single ISP I talked to were willing to make their BGP tables accessible via BGP, so that my "zebra" could slave off it.

In the end, I found that Internet Solutions runs a public route-server which can be queried for the list of local subnets. This isn't via BGP, but Telnet. Still the routing information is live, and accurate, and I don't really care how I get the local subnet list, as long as I get one...

http://rodent.za.net/BGPInformation for a small writeup, and a script to pull it down.

So, finally I have a small script, that will update my routing tables once a day, with the local subnets, so I can use my ADSL for nice fast local gaming, and surfing.

The Sentech connection is the "gateway of last resort" and thus all international traffic, and Gnutella, etc gets routed over it. I can get capped on ADSL, and I won't feel the difference, since even when capped, ADSL's local traffic is mostly unaffected.

Long live perl, Linux, Sentech and er... No. Not ADSL.

<center><h5><font color="red">Oo. MyWireless <s>Hacks</s> Tweaks & Tech Info.oO </font id="red"></h5>
<h6>postcount++;</h6>
</center>
 
hmmm, interesting idea you have there...

can you do the same with www.nocap.co.za's solution? have that proggy decide which to use?
 
Well quite simply, to run BGP you'd need your own AS, and for an ISP to allow peering with their AS costs $*10^64. It's only given to people who *really* need it like only certian 2nd tier ISPs, who pay a heck of a lot of money to do so etc.

"Nobody wants you to connect to their routers' BGP port. Ever. This kind of public routing information, is being kept a dark secret by ISPs"

This is somewhat inacurate - BGP is a router advertisement, its not 'public routing information', its only broadcast within an AS. RTFM etc..

- Colin Alston
colin at alston dot za dot org

"Warning: Use with extreme caution."
 
Karnaugh: Uhm, RTFM etc. Yes. I have. I'm also a qualified CCNA so I know a bit about BGP. And you are definately bit wrong here.

To access BGP as a slave you don't _NEED_ your own AS. You can simply use one of the reserved AS numbers in the range 64512 to 65535. The same as IP has "reserved for internal use" ranges, so does BGP have this reserved range.

Secondly, BGP isn't just a router advertisement. It's the very fabric of the internet. It's how <b>routes</b> are propagated. BGP routing information _is_ actually public information. If it wasn't public, the internet wouldn't work. In fact, www.routeviews.org collects just such <b>public</b> information in mega dumps of bgp tables across the entire internet. www.radb.net can tell you which routes any single AS propagates. So don't tell me it's not public information. The only problem is that it's public as long as you have a registered AS. Which, isn't a _requirement_ but ISP's have made it a defacto requirement.

My point is, in order to have <b>read-only</b> (read <b>slave</b>) access to BGP routing tables, all one needs is a willing ISP, that's prepared to add an "reserved" AS to their router with filters that don't allow upward propagation of routes.

This is pretty simple to achieve on your average Cisco router. The issue is, that near all routers have ACL's on them that flatly refuse connections to the BGP ports on the router. So even if I could convince someone to make this miniscule change to their "conf t" they would still disallow BGP TCP connections because its a "security risk".

I find it laughable that IS runs a public route-server.is.co.za that you can telnet to, but hah, you're not allow to talk BGP to...
Fortunately though, with a bit of Net::Telnet and perl hacking, I can get hold of the local routing table via their service. BGP would have been more efficient, but ya...


<center><h5><font color="red">Oo. MyWireless <s>Hacks</s> Tweaks & Tech Info.oO </font id="red"></h5>
<h6>postcount++;</h6>
</center>
 
<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">I'm also a qualified CCNA so I know a bit about BGP<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

Sorry.. I'm not worthy..

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"> The Border Gateway Protocol (BGP) is an interautonomous system routing protocol. An autonomous system is a network or group of networks under a common administration and with common routing policies. BGP is used to exchange routing information for the Internet and is the protocol used between Internet service providers (ISP). Customer networks, such as universities and corporations, usually employ an Interior Gateway Protocol (IGP) such as RIP or OSPF for the exchange of routing information within their networks.<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

Yes, what you say is true. But, if every router on the internet had every single other ones routing table, they would fail. Routing tables are only shared within the AS, generaly an offsite customer does not apply as missconfiguration on your side could cause more widespread effects.

- Colin Alston
colin at alston dot za dot org

"Warning: Use with extreme caution."
 
Ya, sorry. My comment was just that it's not kept a "deep dark secret" or conspiracy or anything, it's just a matter of security etc, customers have no need to recive an ISP's internal routing data.

I used the GeoIP database to write a python script which maintains my routes as well sending international stuff via a VPN.

And i hate hate hate hate hate hate hate it when people say "well dont argue with me because I have an MSCE" or "You're wasting your time because I do this for a living!", there is always going to be someone with more qualifications or more experience - dont use it to justify a point.

- Colin Alston
colin at alston dot za dot org

"Warning: Use with extreme caution."
 
At my previous job we did exactly this. Got IS to supply us with a local slave BGP feed on a private AS number. We used this to control capping intl vs local. And all was done with zebra on our side. Confused the hell out of the IS engineers, since they only knew Cisco and couldn't understand how we managed to do what we did with only Linux [:D]

AFAIK, if you have a public AS, the other ISPs MUST allow you to peer (I may be wrong there)

--
 
<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by Karnaugh</i>
<br />
And i hate hate hate hate hate hate hate it when people say "well dont argue with me because I have an MSCE" or "You're wasting your time because I do this for a living!", there is always going to be someone with more qualifications or more experience - dont use it to justify a point.

<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

I guess you are still young then, because those of us who have had that experience, had it when we were much younger, but grown to figure out things that you need to get upset over from those things said by people who dont know you at all.

I would follow with saying: "grow up" but getting old is inevitable, growing up is optional, and this has to do with a bit of experience on a little thing called "life". This little bit of perceived wisdom i give to you free of charge, gained by time.
 
<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by Karnaugh</i>
Yes, what you say is true. But, if every router on the internet had every single other ones routing table, they would fail. Routing tables are only shared within the AS, generaly an offsite customer does not apply as missconfiguration on your side could cause more widespread effects.
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

Published routes from an AS can be filtered by upstream providers if they so wish, to contain the size of their BGP tables. Lots of them do this for border routers. Core routers are another matter.

If all routes weren't exported over the entire internet, then I wouldn't be able to get from A, to B. In fact, there are quite a NUMBER of routers on the internet, that carry a FULL (close to 70000) BGP exported routes. Some border routers carry a limited set of routes, relevant to the connections they have, and simply forward all unknown traffic through a gateway of last resort.

Naturally, the gateway of last resort must then be able to handle the routing request, otherwise no traffic would ever get anywhere. These routers carry progressively larger routing tables.

I can guarantee you now, if I exported a route from an AS here in .za that it would get propagated to a large number of core routers across the internet. If it didn't then noone in Europe would know about my subnet.

So, if we really wanted to get syntactical about your statement, then it is incorrect. Exported routes are NOT just shared within a single AS. It would completely defy the point of the BGP protocol itsself. As I also clearly stated, I had no desire to PUBLISH routes via BGP. I simply need to slave off a router with a well established local BGP table.

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">
Ya, sorry. My comment was just that it's not kept a "deep dark secret" or conspiracy or anything, it's just a matter of security etc, customers have no need to recive an ISP's internal routing data.
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

It is a pretty deep dark secret. Especially if you don't own an ASN.
My point was that it <b>needn't</b> be. Selfless donation of services for the good of the internet (like Internet Solutions did) are what keeps the internet growing.

And yes, I do essentially have access to every ISP's core router data if I want. That's what the radb.net, various looking glass tools and routeviews.org, do. It would be much more efficient via BGP though.

Unfortunately this is one of those areas reserved for the "network-engineering-jocks-of-ISP's-that-don't-give-a-crap-about-the-internet" when in fact it is public information. I hope the RFC for S-BGP adresses this problem.

Just as I can use a private IP range successfully using an IP stack, so should a private ASN be capable of slaving off a BGP router.

There IS a need for customers to have access to this information. Hell I had need for this information. Anytime you have more than one interface connected to the internet, you need this information to determine best paths... It is best to have access to the tables via BGP so that you can make an informed, up-to-date routing decisions on your _OWN_ instead of blindly throwing everything at your default gateways, and hoping the kernel balances the requests.

The issue is that the internet is becoming less and less accessible to someone with connectivity. Dunno if you're aware, but telkom's ADSL range has gotten listed on various DUL (Dial-Up User List) blacklists, which effectively stops anyone from sending mail via an SMTP server on their ADSL. I undestand the need to kerb this kind of spam, but really, commercialism on the net is making the whole internet a bad place to be these days, unless you own an ASN, and let's say a few class C adresses. The public protocols are being perverted.

I take my hat off to Internet Solutions who still have the decency and commitment to provide public services for the good of their customers. (ftp.is.co.za, archie.is.co.za, and now route-server.is.co.za)

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">
And i hate hate hate hate hate hate hate it when people say "well dont argue with me because I have an MSCE" or "You're wasting your time because I do this for a living!", there is always going to be someone with more qualifications or more experience - dont use it to justify a point.
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

You brought that upon yourself, by stupidly assuming that I hadn't RTFM, and don't know anything about BGP.

I started this thread to inform a community about my experience with BGP, and multiple interfaces to the net in .za. I even posted a script that will help others, should they run into the same problem.

What have you contributed to this thread except incessant criticism, and incorrect statements? If you really wanted to help, you could have shared your experience and the python script with the <i>first post you made</i> instead of rambling on about "RTFM, etc..."


<center><h5><font color="red">Oo. MyWireless <s>Hacks</s> Tweaks & Tech Info.oO </font id="red"></h5>
<h6>postcount++;</h6>
</center>
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X