[arin-ppml] 2-byte ASN policy
michel at arneill-py.sacramento.ca.us
Sun Apr 3 23:18:31 EDT 2016
> Ron Grant wrote :
> Sorry, your humour is completely evading me tonight. Can you explain?
No worries, I understand it's hard to get sometimes.
Long story made short :
- I'm running an experimental BGP blacklist: http://arneill-py.sacramento.ca.us/cbbc/
- Basically, it's a route server; the next-hop I announce is 192.0.2.1, which struck me to be the most widely used blackhole route.
- The sources are multiple and diverse.
- Not unlike other BGP blacklists, I will (conditions) accept prefixes with the correct BGP community, which happens to be ASN:666.
- I have nothing to do with the meaning some will see in the 666 part; I was not the one who invented it.
- For reference : to my knowledge, the first public reference in using 666 as the BGP blacklist community dates back to September 2004 : https://tools.ietf.org/rfc/rfc3882.txt
- Not trying to pretend I am innocent, I was in the room in the IETF meeting when we voted that the 6bone deprecation date would be 6/6/6.
- This is not an April fool's joke.
- Back to BGP : it has been suggested earlier on that the CBBC should announce various communities, instead of the original 65532:666; that would allow subscribers to ignore potentially undesirable/incompatible/controversial sources. I agreed.
- Some of the potential sources and actual CBBC subscribers have a 4-byte ASN number, possibly because they could not obtain a 2-byte one.
- The propagation mechanism should allow for 4-byte-ASN:666 as well as 2-byte-ASN:666.
The comments below are Cisco-oriented, YMMV.
- Therefore, the need for a 4-byte ASN equivalent to the good old "ip bgp-community new-format" arose.
- That would be 2-byte-ASN:666
- Since there is no such thing as 4-byte-ASN:666, the logic suggested that the proper way to do it would be something along the lines of SoO:4-byte-ASN:666, does not accept multiple entries.
- Here we go : instead of trying to use SoO:ASN:Comm which is very stubborn animal and refuses multiple entries as well as the "additive" thing, instead I use RT:ASN:Comm which solves the problem you are having : give me the multiple-ASN version of BGP the 2-byte-ASN flavor communities we used for ages for 4-byte-ASNs.
- It configures AND propagates. See below.
> sincerely interested in what you're trying to say.
I am a Sith Lord known as Darth Numerous. Being the devil himself on top of it does not hurt me :P
Are you, uh, looking for a job as an apprentice to the Dark Side ?
route-map RM-EXABGP permit 10
description IPv4 filter learned from iBGP peer
set extcommunity rt 4200000000:1111 4200065532:666 4200065532:667
set ip next-hop 192.0.2.1
cisco1841-michel#sh ip bgp 18.104.22.168
BGP routing table entry for 22.214.171.124/32, version 4
Paths: (1 available, best #1, table default)
Advertised to update-groups:
192.0.2.1 from 192.168.222.3 (192.168.222.3)
Origin IGP, localpref 100, weight 1, valid, internal, best
Community: 65532:666 65532:667
Extended Community: RT:4200000000:1111 RT:4200065532:666 RT:4200065532:667
More information about the ARIN-PPML