{"id":2496,"date":"2014-09-02T16:56:47","date_gmt":"2014-09-02T15:56:47","guid":{"rendered":"https:\/\/beufa.net\/?p=2496"},"modified":"2014-09-02T16:56:47","modified_gmt":"2014-09-02T15:56:47","slug":"script-generation-prefix-list-cisco-peering-bgp-ixp","status":"publish","type":"post","link":"https:\/\/beufa.net\/fr\/blog\/script-generation-prefix-list-cisco-peering-bgp-ixp\/","title":{"rendered":"G\u00e9n\u00e9ration de prefix-list pour peering BGP sur un IXP par script"},"content":{"rendered":"

Lorsqu’on est connect\u00e9 sur un point d’\u00e9change IX, type FranceIX<\/a> ou Equinix-IX<\/a>, il peut \u00eatre int\u00e9ressant pour les membres de se connecter en direct d’AS \u00e0 AS au lieu de passer par les routes servers de l’IXP.<\/p>\n

Pour cela, il est conseill\u00e9 de filtrer par liste de pr\u00e9fixes les peerings directs, afin d’\u00e9viter d’obtenir une mauvaise annonce de route(s). La g\u00e9n\u00e9ration de ces prefix-lists peut devenir fastidieuse et lourde en cas de nombreux peerings.<\/p>\n

Ce script se base sur l’API Stat du RIPE-NCC, donc la documentation est ici : https:\/\/stat.ripe.net\/docs\/data_api<\/a><\/p>\n

Le script est disponible sur mon repository github :\u00a0https:\/\/github.com\/beufanet\/ripe-tools\/blob\/master\/cisco_pfx_list_from_as.pl<\/a><\/p>\n

Il permet de g\u00e9n\u00e9rer en Cisco IOS-Like des prefix-lists standardis\u00e9es pour mise en place dans la configuration du peering BGP, qu’il sera assez simple d’appliquer pour \u00e9viter des leaks de route voir un blackhole …<\/p>\n

<\/p>\n

Par exemple, si on monte un peering direct avec l’AS 15169 de Google<\/a>\u00a0en IPv4 et en IPv6, on pourra simplement lancer la commande :<\/p>\n

[user@localhost ripe-tools]$ perl cisco_pfx_list_from_as.pl 15169\r\n--------------------------------------------------------------------------------------------------------------\r\nAS NUMBER FOR QUERY 15169\r\n--------------------------------------------------------------------------------------------------------------\r\nAS HOLDER RESULT : \tGOOGLE - Google Inc.,US\r\nAS HOLDER FORMATTED : \tAS15169_GOOGLE___Google_Inc__US\r\n--------------------------------------------------------------------------------------------------------------\r\nIPv6 Prefix List for AS [15169]\r\n\r\n\t ipv6 prefix-list AS-15169-IN-IP6 description \"IPv6 PREFIX AS_15169 (GOOGLE - Google Inc.,US)\"\r\n\t ipv6 prefix-list AS-15169-IN-IP6 seq 10 permit 2404:6800::\/32\r\n\t ipv6 prefix-list AS-15169-IN-IP6 seq 11 permit 2001:1900:2292::\/48\r\n\t ipv6 prefix-list AS-15169-IN-IP6 seq 12 permit 2620:0:1000::\/40\r\n\t ipv6 prefix-list AS-15169-IN-IP6 seq 13 permit 2607:f8b0::\/32\r\n\t ipv6 prefix-list AS-15169-IN-IP6 seq 14 permit 2620:15c::\/36\r\n\r\n[...]\r\n\r\n--------------------------------------------------------------------------------------------------------------\r\nIPv4 Prefix List for AS [15169]\r\n\r\n\t ip prefix-list AS-15169-IN-IP4 description \"IPv4 PREFIX AS-15169 (GOOGLE - Google Inc.,US)\"\r\n\t ip prefix-list AS-15169-IN-IP4 seq 10 permit 64.233.160.0\/24\r\n\t ip prefix-list AS-15169-IN-IP4 seq 11 permit 107.178.192.0\/18\r\n\t ip prefix-list AS-15169-IN-IP4 seq 12 permit 72.14.192.0\/18\r\n\t ip prefix-list AS-15169-IN-IP4 seq 13 permit 64.233.176.0\/24\r\n\t ip prefix-list AS-15169-IN-IP4 seq 14 permit 74.125.138.0\/24\r\n\r\n[...]<\/pre>\n
Il ne reste plus ensuite qu’\u00e0 configurer le peering BGP et le filtrage des prefix en IN :<\/p>\n
router bgp 65255\r\n   neighbor 1.2.3.4 remote-as 15169\r\n   neighbor 1.2.3.4 prefix-list AS-15169-IN-IP4 in\r\n   neighbor 2a00:1000::dead:beef remote-as 15169\r\n   neighbor 2a00:1000::dead:beef prefix-list AS-15169-IN-IP6 in<\/pre>\n
Il est bien \u00e9vident possible d’automatiser ou d’agr\u00e9menter le script pour mettre \u00e0 jour les filtres de prefix-list.<\/p>\n
Bref, n’h\u00e9sitez pas \u00e0 forker le script sur GitHub \ud83d\ude09<\/p>\n","protected":false},"excerpt":{"rendered":"
Lorsqu’on est connect\u00e9 sur un point d’\u00e9change IX, type FranceIX ou Equinix-IX, il peut \u00eatre int\u00e9ressant pour les membres de se connecter en direct d’AS<\/p>\n
Continue readingG\u00e9n\u00e9ration de prefix-list pour peering BGP sur un IXP par script<\/span><\/a><\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29,30,24],"tags":[93,42,66,94,95],"class_list":["post-2496","post","type-post","status-publish","format-standard","hentry","category-internet","category-ipv6","category-reseau","tag-bgp","tag-cisco-2","tag-perl","tag-ripe","tag-script","entry"],"_links":{"self":[{"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/posts\/2496","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/comments?post=2496"}],"version-history":[{"count":2,"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/posts\/2496\/revisions"}],"predecessor-version":[{"id":2498,"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/posts\/2496\/revisions\/2498"}],"wp:attachment":[{"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/media?parent=2496"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/categories?post=2496"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/beufa.net\/fr\/wp-json\/wp\/v2\/tags?post=2496"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}