Route Servers @FRnOG25
Written by Arnaud no commentsThis is a very short (10-15 minutes) I made (in French) at FRnOG25 in Paris in November 2015.
Topic is about Route Servers at IXP (features, securities, filtering).
RIPE Atlas/RIS at FranceIX GM 2015
Written by Arnaud no commentsHere is the presentation I made at FranceIX General Meeting 2015, about the Ripe Atlas Anchor and the RIS collector we have set up in France :
http://www.afenioux.fr/doc/presentations/FranceIX-GM-2015.pdf
My presentation at #AfPIF15
Written by Arnaud no commentsI made this presentation the 27 August 2015 in Maputo during the AfPIF : www.internetsociety.org/afpif-2015/
This presentation is about Interconnecting two IXP togethers (Internet Exchange Points). It covers the mains goals, pros & cons and 2 different technical ways of interconnection.
link : http://www.afenioux.fr/doc/presentations/AfPIF-2015-EN.pdf
IS-IS tuning
Written by Arnaud no commentsHere is a sample configuration of ISIS for Cisco routers. This example is a level2 only zone (like a backbone area 0 in OSPF).
Note : Loopback addresses are (or should be) always configured with /32 netmask.
It's a good practice to dedicate a contiguous range for all your loopback addresses, this range is most of time the first of your supernet (i.e. your "big" network allocation), or the one with a zero.
Let's begin to create an loopback interface and annonce this IP (In this example we will use the first /24 of our "big" range for loopbacks) :
interface Loopback100
ip address 10.0.0.1 255.255.255.255
ip router isis
We configure the physical interface, annonce the connected range in ISIS and lower hello interval to 1 second :
interface gi0/0/0
ip address 10.10.10.8 255.255.255.252
ip router isis
isis network point-to-point
isis metric 20 level-2
isis hello-interval 1
And finally the configuration of the protocol :
router isis
log-adjacency-changes
no hello padding
spf-interval 1 1 100
lsp-gen-interval 1 1 100
is-type level-2-only
metric-style wide level-2
net 49.0000.0000.0008.00
passive-interface loopback 100
Each node in ISIS must have a different "net" (= ID), it's a good practice to begin with 49 and end with 00 (see links below).
It is really important to lower sfp-interval to get a faster convergence (~1sec) , lsp-gen-interval helps also but only a few compared to sfp-interval.
Padding is useless (come on, MTU to 9000 for everybody!), so we deactivate it. And we don't need to generate hello packets on the loopback interface, never.
Here are a few commands really important to troubleshoot :
sh isis neighbors
sh isis database
sh isis topology
sh ip route isis
And if you need to announce/originate a default route (make sure your routeur knows how to reach "THE Internet", blackhole spotted otherwise) :
router isis
default-information originate always
I definitelly recommand reading :
https://rekrowten.wordpress.com/2014/01/27/learn-is-is-spf-prc-and-lsp-timers-optimisation-part-17/
and, if you have a lot of time, and some Juniper knowledge, is wonderful post :
https://inetzero.com/isis-training-and-junos-configuratio/
OpenBGPd
Written by Arnaud no commentspkg install openbgpd
touch /usr/local/etc/bgpd.conf
chmod 0600 /usr/local/etc/bgpd.conf
echo 'bgpd_flags=""' >> /etc/rc.conf
edit your config :
vi /usr/local/etc/bgpd.conf
service bgpd start
Some useful commands :
List the sessions and states :
bgpctl show summary
Detailed informations on your neighbors:
bgpctl show neighbor
Your configured/announced net :
bgpctl show network
List of routes for a prefix:
bgpctl show rib <network> all