最後更新: 2023-02-21

介紹

 

BGP = routing protocol for the Internet. 它使用 AS 做 routing 而不是直接用 IP

IANA 分配 ASN 給 RIRs, 我們再向 RIRs 申請 ASN

Notes

iBGP - "internal" link connecting peers from the same AS
eBGP - "external" link connecting peers belonging to two different AS

IANA = Internet Assigned Numbers Authority

ASN = Autonomous System Number

RIRs = Regional Internet Registrie (ie. ARIN(美國), APNIC(亞洲) ...)

 

---

Useful Link

 

查看 BGP & IP Subnet 的關係:

• https://bgp.he.net
• https://bgp.tools
• https://bgpview.io

Route 的數量:

• https://www.cidr-report.org/as2.0/

RADB Query

• https://www.radb.net/query
• https://irrexplorer.nlnog.net/

RPKI

https://rpki.cloudflare.com/

 

 

---

he.net

 

HE = Hurricane Electric = Internet Backbone and Colocation Provider(ISP)

Usage

# Checking AS

https://bgp.he.net/AS7540

 

---

術語

NLRI - Network Layer Reachability Information
          it is what is being exchanged between BGP peers and
          represents how to reach the prefixes.

Object

Maintainer Object

mntner, mnt-by = Maintainer
admin-c = Admin Contact
upd-to: Auth Error Recipient
source = Route Registry DB
...

Route Object

route <- CIDR
origin <- AS Number
mnt-by

AS-SET Object

as-set <- AS-SET name
members <-

Proxy Objects

 

---

IRR

 

Internet Routing Registries

• https://www.irr.net/docs/list.html

The database provides IRR information via a Near Real-Time Monitoring (NRTM) service and FTP,

and is also accessible using Whois on port 43.

功能: Submitting Routing Information

ARIN has categorized IRR objects as simple and advanced.

• Simple objects: GUI / RESTful API (IRR data in XML format)
• Advanced objects: RESTful API (IRR data in RPSL format)
  RPSL = Route Policy Specification Language

 

---

ROA

 

ROA = Route Origination Authorizations

它是 cryptographically signed object

用來設定某 AS (Autonomous System) 可以宣告的 IP address prefix / set of prefixes

 

---

ISP Service

 

Service Name: IP Transit

AS Count = Transit AS (ISP) + Stub AS (Cust)

 

---

Route

 

Default route (0.0.0.0/0)

設定: Advertise your subnet and receive(filtered)/configure an default route from the ISP

A full routing table

IPv4 full BGP table size (entire routing ~ 900k @ 2022-Jan)

A partial table

A table filtered (with route map, community...) so that only some specific routes are exchanged.

 

---

RouterOS BGP Configure

 

/ip/firewall/address-list/print

MyWanSubnet1 n.n.n.0/24
bgp-nlri     0.0.0.0

/routing/table/print

Flags: D - dynamic; X - disabled, I - invalid; U - used
 0 D   name="main" fib

 1     name="MGT_Route" fib

 2     name="IP_Transit_1_RT" fib

# Create the BGP Peer with your IP transit Provider

/routing/bgp/connection/print  

Flags: D - dynamic, X - disabled, I - inactive
 0   ;;; BeeCloud
     name="IP_Transit_1_BGP"
     remote.address=10.10.10.45/32 .as=140570
     local.address=10.10.10.46 .role=ebgp-customer
     routing-table=IP_Transit_1_RT as=自己的ASN
     output.network=MyWanSubnet1
     input.accept-nlri=bgp-nlri

routing-table

Name of the routing table BGP connections operates on.
By default always use the "main" routing table.

output.network

to send local networks

input.accept-nlri

A quick way to filter incoming updates with specific NLRIs.

It allows filtering incoming messages directly before they are even parsed and stored in memory,
that way significantly reducing memory usage.

# Create the Routing Filters for the OUT and IN chains

/ip/firewall/mangle/print

Flags: X - disabled, I - invalid; D - dynamic
 0    ;;; MainSW_Go_Internet
      chain=prerouting action=mark-routing new-routing-mark=IP_Transit_1_RT passthrough=no
      src-address-list=MyWanSubnet1 dst-address-list=!RouterIP in-interface=eth01
      log-prefix="MainSW_Go_Internet" log=no