SlideShare uma empresa Scribd logo

LINX 83 ExaBGP as a route server ?

Thomas Mangin
Thomas Mangin
Tecnologia
1 de 24
Baixar para ler offline
New Developments in ExaBGP Why should YOU care ? LINX 83 18th/19th of November 2013 Thomas Mangin Exa Networks Whatever a speaker is missing in depth he will compensate for in length Montesquieu
Another presentation to ignore while you have fun on IRC !
Another presentation between you and BEER !
Doing BGP with OSS Well known open source implementations of BGP ! Quagga BIRD http://bird.network.cz/ http://www.quagga.net/ The underdog ! ExaBGP https://github.com/Exa-Networks/exabgp Another UK born and bred ! BGPFeeder https://projects.bytemark.co.uk/projects/bgpfeeder And the others ! https://github.com/Exa-Networks/exabgp/wiki/Other-OSS-BGP-implementations A little learning is a dangerous thing Alexander Pope
ExaBGP .. A “BGP swiss army knife” since 2009.. commit 5490f7baf5981279e2360d88c735570bc9f72532 Author: Thomas Mangin <thomas.mangin@exa-networks.co.uk> Date: Thu Sep 3 22:12:05 2009 +0000 ! initial commit […] announce a route to a 7204 and keep the connection alive Patience is bitter, but its fruit is sweet Rousseau
ExaBGP? NANOG Thread es servic ng arketi m ndy’s A […] you might find ExaBGP more lightweight in this role - see http:// bgp.exa.org.uk/ - do check it out. This has an interface which will feel extremely comfortable to Juniper users. ! Best wishes Andy Work delivers us from three great evils: boredom, vice and want. Voltaire.
Genius … We liked it so much we trademarked it! Pride is the consolation of the weak Vauvenargues
Let’s work on that marketing ! ExaBGP ! “SDN without marketing” “SDN on commodity hardware” ! ExaBGP ! “The BGP swiss army knife of networking” s stion gge ew su red no n equi r Truth is more valuable if it takes you a few years to find it. Renard
Thomas’ idea ! ! ! ! ! Thank you Mike … I expected Malcolm to bring me this kind of bad news Back to square one ! Real knife by Victorinox AG I have always believed that to succeed in life, it is necessary to appear to be mad and to act wisely Montesquieu
Any Good ? Nothing is more humiliating than to see idiots succeed in enterprises we have failed at Flaubert
Up to date ? ! baby eah Oh y … ut it bo ob a rR v id o Da As k I love fools’ experiments. I am always making them. Charles Darwin
What next? I will focus on that… later .. way later in the talk Logic will get you from A to B. Imagination will take you everywhere Albert Einstein
For when? ! I am taking a small break… ! This is my “hobby” be kind I have three jobs ! A hobby which gets ! - Heidi complaining - My colleagues too (I can ignore these) ! Therefore ExaBGP Users are NOT allowed to complain!
What’s the expected use? ! ! ! NOC usage .. DDOS RTBH Flow Spec Interception SDN : : : : prevents bad traffic from reaching its destination RTBH on steroid, firewall rules deployed using BGP Legal requirements (IWF,… ) over 200k routes updates every 5 minutes .. DevOps usage .. Service IPs : servers mobility using extra/32 with BGP Anycast : the same IP at different locations (CDN, DNS, ...) IX usage .. Collector : at IXLeeds Route Server : future development needed Be regular and orderly in your life, so that you may be violent and original in your work Flaubert
Easy to install? ! ! ! ! Use GitHub > wget https://github.com/Exa-Networks/exabgp/archive/3.2.17.tar.gz > tar zxvf 3.2.17.tar.gz > cd exabgp-3.2.17 > ./sbin/exabgp —help Use your distribution (often older code) > > > > apt-get install exabgp pacman -S exabgp port install exabgp emerge exabgp # # # # Debian / Ubuntu ArchLinux OS X / FreeBSD Gentoo (soon? Thank you Tony) Be regular and orderly in your life, so that you may be violent and original in your work Flaubert
Easy to use? ! Not as easy as it could be ! No real documentation elp H ! ! e… com el w The community is stepping up ! HA http://vincent.bernat.im/en/blog/2013-exabgp-highavailability.html DDOS http://media.frnog.org/FRnOG_18/FRnOG_18-6.pdf Be regular and orderly in your life, so that you may be violent and original in your work Flaubert
I can hear Martin Levy ask “Does it supports IPv6 ” IPv4 IPv6 Neighbours Neighbours IPv4 IPv6 Prefixes (and MPLS) Prefixes (MP NLRI) yes yes IPv4 IPv6 Flow Spec (RFC 5575) Flow Spec (draft) yes yes * ! ! ! N Th ati em ve ed IPv sli 6 de yes yes * I do not know any vendors supporting it yet … As you can never fully please Martin, I admit … ! RFC 5701 - IPv6 Address Specific BGP Extended Community Attribute no It is easier to ask for forgiveness than permission - Stewart’s law of retraction fake
Usage RTBH Tell your provider to stop sending you traffic for some IPs ! Announce some more specific routes (/32, /29, …) part of your network and TAG the route with communities so it can be filtered (dropped by your upstream edge routers) Traffic is dropped before it is billed ! Many Talks (NANOG, APRICOT, ...) on the topic and an RFC (5635) > google RTBH or Remotely triggered blackhole ! The goal is to bypass the transit provider NOC and reduce response time when under duress ! Each ISP implements it differently .. level3 > whois -h whois.ripe.net AS3356 | grep -B1 -A15 -i blakhole It is dangerous to be right in matters on which the established authorities are wrong Voltaire
Flow Routes Control the filtering Yourself, do not disconnect the target group ddos { local-as 30740; peer-as 30740; router-id 82.219.0.1; local-address 82.219.0.1; graceful-restart 5; family { ipv4 unicast; ipv4 flow; } flow { route drop-ddos-ntp2 { match { destination 82.219.4.31/32; destination-port >123 <123; protocol udp; } then { discard; } } } neighbor 82.219.0.2 { description “nothing at those IP"; } neighbor 82.219.0.3 { description “no point attacking them"; } } Firewall rules via BGP RFC 5575 Juniper and Alcatel Cisco coming in 2014 for IOS-XR and XE Ask Cisco for more info ExaBGP is the only OSS application to support FlowSpec thomas@mx-80> show route table inetflow.0 ! inetflow.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden) Restart Complete + = Active Route, - = Last Active, * = Both ! 82.219.4.31,*,proto=17,dstport>=124&<=65535,>=0&<=122/term:2 *[BGP/170] 4d 13:48:20, localpref 100, from 82.219.5.101 AS path: I Fictitious […] thomas@mx-80> show firewall filter __flowspec_default_inet__ The secret of business is to know something that nobody else knows Aristotle Onassis
Designed to be scripted Use ANY scripting language perl, python, lua, go, bash, … neighbor 127.0.0.1 { router-id 1.2.3.4; local-address 127.0.0.1; local-as 1; peer-as 1; graceful-restart; ! process announce-routes { run ./api-add-remove.run; } #!/usr/bin/env python ! ! import sys, time messages = [ 'announce route 1.1.0.0/24 next-hop 101.1.101.1', 'announce route 1.1.0.0/25 next-hop 101.1.101.1', 'withdraw route 1.1.0.0/24 next-hop 101.1.101.1', ] ! while messages: message = messages.pop(0) sys.stdout.write( message + 'n') sys.stdout.flush() time.sleep(1) ! while True: time.sleep(1) > ./sbin/exabgp ./api-add-remove.conf An example on the wiki with SHELL PIPE .. for examples, look into /dev/runtest “the test suite” Used in prod as SDN by at least one large network ! Use for DDOS mitigation by MANY networks ! Used by vendor For BGP interrop testing ! Their is two rules for success in business, one do not tell all you know, … Some bad joke site
ExaBGP as a Route Server Why only now? ExaBGP started as a route injector, not a BGP daemon It is single threaded using windows 3.1 like multi-tasking The code was blocking when sending routes Fixed this summer with version 3.2 Hundreds of hours of work Most of the IX effort already on Quagga and BIRD (more mature) How much work is required ? ! ExaBGP already works as route collector only tested on a small scale (IXLeeds) need some more control features (for debugging) but it SHOULD scale Divide and Conquer Julius Caesar
ExaBGP as a Route Server Why would it be better? Much simpler code to understand (python) Much easier to hack (adding draft RFC in hours now) Can still be improved though Can take benefit of multiple cores easily ExaBGP does NOT have a LOCAL RIB The RIB can be implemented as a different process The RIB does not even have to be on the server Possible madness with things like ZeroMQ :-) Possible to have one BGP daemon per switch Possible to detect L2 loss and change announcement ExaBGP is single threaded but can use multiple cores FreeBSD and Linux 3.9 SO_REUSE_PORT Allows to split TCP flows to different process aBGP t Ex lp) All listening on the same port r r en cu he d to t would ir e requ vemen ge chan e impro No om but s ( Divide and Conquer Julius Caesar
Last words… perhaps! Please HELP! I could do with … more contributors need help with documentation Otherwise, just let me know if you use it… Any ‘it works’ mail is always appreciated Need to tidy some code JSON generation Configuration format parsing (started) More .. LINX agreed to let me use their IXIA to see how it performs and compare the result with BIRD who would be interested in seeing the results? I am surprised! you are reading those quotes! Thomas Mangin
Questions? Thank you for your kindness on IRC .. thomas.mangin@exa-networks.co.uk https://github.com/thomas-mangin/exabgp/ Judge a man by his questions rather than by his answers Voltaire

Recomendados

ExaBGP at LINX 83
ExaBGP at LINX 83ExaBGP at LINX 83
ExaBGP at LINX 83Thomas Mangin
 
ScavengerEXA
ScavengerEXAScavengerEXA
ScavengerEXAThomas Mangin
 
Naked BGP
Naked BGPNaked BGP
Naked BGPThomas Mangin
 
ExaProxy
ExaProxyExaProxy
ExaProxyThomas Mangin
 
SDN-IP Peering using BGP
SDN-IP Peering using BGPSDN-IP Peering using BGP
SDN-IP Peering using BGPUmesh Krishnaswamy
 
6.Routing
6.Routing6.Routing
6.Routingphanleson
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Maximilan Wilhelm
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPMaximilan Wilhelm
 

Recomendados

ExaBGP at LINX 83
ExaBGP at LINX 83ExaBGP at LINX 83
ExaBGP at LINX 83Thomas Mangin
 
ScavengerEXA
ScavengerEXAScavengerEXA
ScavengerEXAThomas Mangin
 
Naked BGP
Naked BGPNaked BGP
Naked BGPThomas Mangin
 
ExaProxy
ExaProxyExaProxy
ExaProxyThomas Mangin
 
SDN-IP Peering using BGP
SDN-IP Peering using BGPSDN-IP Peering using BGP
SDN-IP Peering using BGPUmesh Krishnaswamy
 
6.Routing
6.Routing6.Routing
6.Routingphanleson
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Maximilan Wilhelm
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPMaximilan Wilhelm
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
Building your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonBuilding your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonMaximilan Wilhelm
 
Anycast all the things
Anycast all the thingsAnycast all the things
Anycast all the thingsMaximilan Wilhelm
 
Introduction to tcp ip linux networking
Introduction to tcp ip linux networkingIntroduction to tcp ip linux networking
Introduction to tcp ip linux networkingSreenatha Reddy K R
 
IPv6 im Jahre 2018
IPv6 im Jahre 2018IPv6 im Jahre 2018
IPv6 im Jahre 2018Maximilan Wilhelm
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFMaximilan Wilhelm
 
Ipv6 cheat sheet
Ipv6 cheat sheetIpv6 cheat sheet
Ipv6 cheat sheetjulianlz
 
Netzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IPNetzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IPMaximilan Wilhelm
 
Network configuration
Network configurationNetwork configuration
Network configurationengshemachi
 
Ipv6 cheat sheet
Ipv6 cheat sheetIpv6 cheat sheet
Ipv6 cheat sheetSwarup Hait
 
AS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxAS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxMaximilan Wilhelm
 
Best Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learnedBest Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learnedMaximilan Wilhelm
 
Ospfv3 News version 2
Ospfv3 News version 2Ospfv3 News version 2
Ospfv3 News version 2Fred Bovy
 
Jingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIPJingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIPmattjive
 
introduction of iptables in linux
introduction of iptables in linuxintroduction of iptables in linux
introduction of iptables in linuxNouman Baloch
 
How to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsHow to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsToradex
 
NAT and firewall presentation - how setup a nice firewall
NAT and firewall presentation - how setup a nice firewallNAT and firewall presentation - how setup a nice firewall
NAT and firewall presentation - how setup a nice firewallCassiano Campes
 
Using linux as_a_router
Using linux as_a_routerUsing linux as_a_router
Using linux as_a_routerHARRY CHAN PUTRA
 
The Spectre of Meltdowns
The Spectre of MeltdownsThe Spectre of Meltdowns
The Spectre of MeltdownsAndriy Berestovskyy
 
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017Juan De Bravo
 
IXLeeds
IXLeeds IXLeeds
IXLeeds Thomas Mangin
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossPavel Odintsov
 

Mais conteúdo relacionado

Mais procurados

Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
Building your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonBuilding your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonMaximilan Wilhelm
 
Introduction to tcp ip linux networking
Introduction to tcp ip linux networkingIntroduction to tcp ip linux networking
Introduction to tcp ip linux networkingSreenatha Reddy K R
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFMaximilan Wilhelm
 
Ipv6 cheat sheet
Ipv6 cheat sheetIpv6 cheat sheet
Ipv6 cheat sheetjulianlz
 
Netzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IPNetzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IPMaximilan Wilhelm
 
Network configuration
Network configurationNetwork configuration
Network configurationengshemachi
 
Ipv6 cheat sheet
Ipv6 cheat sheetIpv6 cheat sheet
Ipv6 cheat sheetSwarup Hait
 
AS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxAS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxMaximilan Wilhelm
 
Best Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learnedBest Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learnedMaximilan Wilhelm
 
Ospfv3 News version 2
Ospfv3 News version 2Ospfv3 News version 2
Ospfv3 News version 2Fred Bovy
 
Jingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIPJingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIPmattjive
 
introduction of iptables in linux
introduction of iptables in linuxintroduction of iptables in linux
introduction of iptables in linuxNouman Baloch
 
How to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsHow to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsToradex
 
NAT and firewall presentation - how setup a nice firewall
NAT and firewall presentation - how setup a nice firewallNAT and firewall presentation - how setup a nice firewall
NAT and firewall presentation - how setup a nice firewallCassiano Campes
 
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017Juan De Bravo
 

Mais procurados (20)

Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit network
 
Building your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonBuilding your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and python
 
Anycast all the things
Anycast all the thingsAnycast all the things
Anycast all the things
 
Introduction to tcp ip linux networking
Introduction to tcp ip linux networkingIntroduction to tcp ip linux networking
Introduction to tcp ip linux networking
 
IPv6 im Jahre 2018
IPv6 im Jahre 2018IPv6 im Jahre 2018
IPv6 im Jahre 2018
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
 
Ipv6 cheat sheet
Ipv6 cheat sheetIpv6 cheat sheet
Ipv6 cheat sheet
 
Netzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IPNetzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IP
 
Network configuration
Network configurationNetwork configuration
Network configuration
 
Ipv6 cheat sheet
Ipv6 cheat sheetIpv6 cheat sheet
Ipv6 cheat sheet
 
AS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxAS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and Linux
 
Best Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learnedBest Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learned
 
Ospfv3 News version 2
Ospfv3 News version 2Ospfv3 News version 2
Ospfv3 News version 2
 
Jingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIPJingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIP
 
introduction of iptables in linux
introduction of iptables in linuxintroduction of iptables in linux
introduction of iptables in linux
 
How to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsHow to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux Systems
 
NAT and firewall presentation - how setup a nice firewall
NAT and firewall presentation - how setup a nice firewallNAT and firewall presentation - how setup a nice firewall
NAT and firewall presentation - how setup a nice firewall
 
Using linux as_a_router
Using linux as_a_routerUsing linux as_a_router
Using linux as_a_router
 
The Spectre of Meltdowns
The Spectre of MeltdownsThe Spectre of Meltdowns
The Spectre of Meltdowns
 
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017
 

Destaque

Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossPavel Odintsov
 
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaDetecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaPavel Odintsov
 
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiJanog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiPavel Odintsov
 
flowspec @ APF 2013
flowspec @ APF 2013flowspec @ APF 2013
flowspec @ APF 2013Tom Paseka
 
GoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdGoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdPavel Odintsov
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
 
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationPavel Odintsov
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationPavel Odintsov
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Борьба с DDoS в хостинге - по обе стороны баррикад / Константин Новаковский (...
Борьба с DDoS в хостинге - по обе стороны баррикад / Константин Новаковский (...Борьба с DDoS в хостинге - по обе стороны баррикад / Константин Новаковский (...
Борьба с DDoS в хостинге - по обе стороны баррикад / Константин Новаковский (...Ontico
 
DDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaDDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaPavel Odintsov
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonPavel Odintsov
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 

Destaque (18)

IXLeeds
IXLeeds IXLeeds
IXLeeds
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_voss
 
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaDetecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
 
Jon Nield FastNetMon
Jon Nield FastNetMonJon Nield FastNetMon
Jon Nield FastNetMon
 
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiJanog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka Ishizaki
 
flowspec @ APF 2013
flowspec @ APF 2013flowspec @ APF 2013
flowspec @ APF 2013
 
GoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdGoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPd
 
9534715
95347159534715
9534715
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
 
03 estrategia-ddos
03 estrategia-ddos03 estrategia-ddos
03 estrategia-ddos
 
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigation
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simple
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And Mitigation
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 
Борьба с DDoS в хостинге - по обе стороны баррикад / Константин Новаковский (...
Борьба с DDoS в хостинге - по обе стороны баррикад / Константин Новаковский (...Борьба с DDoS в хостинге - по обе стороны баррикад / Константин Новаковский (...
Борьба с DDoS в хостинге - по обе стороны баррикад / Константин Новаковский (...
 
DDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaDDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner Maia
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmon
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigation
 

Semelhante a LINX 83 ExaBGP as a route server ?

The benefit of BGP for every service provider
The benefit of BGP for every service providerThe benefit of BGP for every service provider
The benefit of BGP for every service providerThomas Mangin
 
IPv6 IAB/IETF Activities Report from ARIN 32
IPv6 IAB/IETF Activities Report from ARIN 32IPv6 IAB/IETF Activities Report from ARIN 32
IPv6 IAB/IETF Activities Report from ARIN 32ARIN
 
VYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeVYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeFaelix Ltd
 
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...eCommConf
 
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...APNIC
 
When a robot is smart enough?
When a robot is smart enough?When a robot is smart enough?
When a robot is smart enough?Tomáš Jukin
 
Picobgp - A simple deamon for routing advertising
Picobgp - A simple deamon for routing advertisingPicobgp - A simple deamon for routing advertising
Picobgp - A simple deamon for routing advertisingClaudio Mignanti
 
T4 Handout3
T4 Handout3T4 Handout3
T4 Handout3gobed
 
Bare Metal Club ATX: Networking Discussion
Bare Metal Club ATX: Networking DiscussionBare Metal Club ATX: Networking Discussion
Bare Metal Club ATX: Networking DiscussionCarl Perry
 
Kernel load-balancing for Docker containers using IPVS
Kernel load-balancing for Docker containers using IPVSKernel load-balancing for Docker containers using IPVS
Kernel load-balancing for Docker containers using IPVSDocker, Inc.
 
IPV6 Hands on Lab
IPV6 Hands on Lab IPV6 Hands on Lab
IPV6 Hands on Lab Cisco Canada
 
OSDC 2016 - Ingesting Logs with Style by Pere Urbon-Bayes
OSDC 2016 - Ingesting Logs with Style by Pere Urbon-BayesOSDC 2016 - Ingesting Logs with Style by Pere Urbon-Bayes
OSDC 2016 - Ingesting Logs with Style by Pere Urbon-BayesNETWAYS
 
Kernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyKernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyAnne Nicolas
 
IPv6 enterprise security - The NAT Returns
IPv6 enterprise security - The NAT ReturnsIPv6 enterprise security - The NAT Returns
IPv6 enterprise security - The NAT ReturnsSanjeev Gupta
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2ice799
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 
Realtime communication over a dual stack network
Realtime communication over a dual stack networkRealtime communication over a dual stack network
Realtime communication over a dual stack networkOlle E Johansson
 

Semelhante a LINX 83 ExaBGP as a route server ? (20)

The benefit of BGP for every service provider
The benefit of BGP for every service providerThe benefit of BGP for every service provider
The benefit of BGP for every service provider
 
BGP Overview
BGP OverviewBGP Overview
BGP Overview
 
IPv6 IAB/IETF Activities Report from ARIN 32
IPv6 IAB/IETF Activities Report from ARIN 32IPv6 IAB/IETF Activities Report from ARIN 32
IPv6 IAB/IETF Activities Report from ARIN 32
 
VYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeVYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edge
 
Basics of IPv6
Basics of IPv6Basics of IPv6
Basics of IPv6
 
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
Dan York - Presentation at Emerging Communications Conference & Awards (eComm...
 
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
AutoIP -A mechanism for IPv6 migration and IPv4 sunsetting by Shishio Tsuchiy...
 
When a robot is smart enough?
When a robot is smart enough?When a robot is smart enough?
When a robot is smart enough?
 
Picobgp - A simple deamon for routing advertising
Picobgp - A simple deamon for routing advertisingPicobgp - A simple deamon for routing advertising
Picobgp - A simple deamon for routing advertising
 
T4 Handout3
T4 Handout3T4 Handout3
T4 Handout3
 
Bare Metal Club ATX: Networking Discussion
Bare Metal Club ATX: Networking DiscussionBare Metal Club ATX: Networking Discussion
Bare Metal Club ATX: Networking Discussion
 
Kernel load-balancing for Docker containers using IPVS
Kernel load-balancing for Docker containers using IPVSKernel load-balancing for Docker containers using IPVS
Kernel load-balancing for Docker containers using IPVS
 
IPV6 Hands on Lab
IPV6 Hands on Lab IPV6 Hands on Lab
IPV6 Hands on Lab
 
OSDC 2016 - Ingesting Logs with Style by Pere Urbon-Bayes
OSDC 2016 - Ingesting Logs with Style by Pere Urbon-BayesOSDC 2016 - Ingesting Logs with Style by Pere Urbon-Bayes
OSDC 2016 - Ingesting Logs with Style by Pere Urbon-Bayes
 
Kernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyKernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are money
 
IPv6 enterprise security - The NAT Returns
IPv6 enterprise security - The NAT ReturnsIPv6 enterprise security - The NAT Returns
IPv6 enterprise security - The NAT Returns
 
Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2Infrastructure as code might be literally impossible part 2
Infrastructure as code might be literally impossible part 2
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
 
FD.io - The Universal Dataplane
FD.io - The Universal DataplaneFD.io - The Universal Dataplane
FD.io - The Universal Dataplane
 
Realtime communication over a dual stack network
Realtime communication over a dual stack networkRealtime communication over a dual stack network
Realtime communication over a dual stack network
 

Último

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 

Último (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 

LINX 83 ExaBGP as a route server ?

  • 1. New Developments in ExaBGP Why should YOU care ? LINX 83 18th/19th of November 2013 Thomas Mangin Exa Networks Whatever a speaker is missing in depth he will compensate for in length Montesquieu
  • 2. Another presentation to ignore while you have fun on IRC !
  • 4. Doing BGP with OSS Well known open source implementations of BGP ! Quagga BIRD http://bird.network.cz/ http://www.quagga.net/ The underdog ! ExaBGP https://github.com/Exa-Networks/exabgp Another UK born and bred ! BGPFeeder https://projects.bytemark.co.uk/projects/bgpfeeder And the others ! https://github.com/Exa-Networks/exabgp/wiki/Other-OSS-BGP-implementations A little learning is a dangerous thing Alexander Pope
  • 5. ExaBGP .. A “BGP swiss army knife” since 2009.. commit 5490f7baf5981279e2360d88c735570bc9f72532 Author: Thomas Mangin <thomas.mangin@exa-networks.co.uk> Date: Thu Sep 3 22:12:05 2009 +0000 ! initial commit […] announce a route to a 7204 and keep the connection alive Patience is bitter, but its fruit is sweet Rousseau
  • 6. ExaBGP? NANOG Thread es servic ng arketi m ndy’s A […] you might find ExaBGP more lightweight in this role - see http:// bgp.exa.org.uk/ - do check it out. This has an interface which will feel extremely comfortable to Juniper users. ! Best wishes Andy Work delivers us from three great evils: boredom, vice and want. Voltaire.
  • 7. Genius … We liked it so much we trademarked it! Pride is the consolation of the weak Vauvenargues
  • 8. Let’s work on that marketing ! ExaBGP ! “SDN without marketing” “SDN on commodity hardware” ! ExaBGP ! “The BGP swiss army knife of networking” s stion gge ew su red no n equi r Truth is more valuable if it takes you a few years to find it. Renard
  • 9. Thomas’ idea ! ! ! ! ! Thank you Mike … I expected Malcolm to bring me this kind of bad news Back to square one ! Real knife by Victorinox AG I have always believed that to succeed in life, it is necessary to appear to be mad and to act wisely Montesquieu
  • 10. Any Good ? Nothing is more humiliating than to see idiots succeed in enterprises we have failed at Flaubert
  • 11. Up to date ? ! baby eah Oh y … ut it bo ob a rR v id o Da As k I love fools’ experiments. I am always making them. Charles Darwin
  • 12. What next? I will focus on that… later .. way later in the talk Logic will get you from A to B. Imagination will take you everywhere Albert Einstein
  • 13. For when? ! I am taking a small break… ! This is my “hobby” be kind I have three jobs ! A hobby which gets ! - Heidi complaining - My colleagues too (I can ignore these) ! Therefore ExaBGP Users are NOT allowed to complain!
  • 14. What’s the expected use? ! ! ! NOC usage .. DDOS RTBH Flow Spec Interception SDN : : : : prevents bad traffic from reaching its destination RTBH on steroid, firewall rules deployed using BGP Legal requirements (IWF,… ) over 200k routes updates every 5 minutes .. DevOps usage .. Service IPs : servers mobility using extra/32 with BGP Anycast : the same IP at different locations (CDN, DNS, ...) IX usage .. Collector : at IXLeeds Route Server : future development needed Be regular and orderly in your life, so that you may be violent and original in your work Flaubert
  • 15. Easy to install? ! ! ! ! Use GitHub > wget https://github.com/Exa-Networks/exabgp/archive/3.2.17.tar.gz > tar zxvf 3.2.17.tar.gz > cd exabgp-3.2.17 > ./sbin/exabgp —help Use your distribution (often older code) > > > > apt-get install exabgp pacman -S exabgp port install exabgp emerge exabgp # # # # Debian / Ubuntu ArchLinux OS X / FreeBSD Gentoo (soon? Thank you Tony) Be regular and orderly in your life, so that you may be violent and original in your work Flaubert
  • 16. Easy to use? ! Not as easy as it could be ! No real documentation elp H ! ! e… com el w The community is stepping up ! HA http://vincent.bernat.im/en/blog/2013-exabgp-highavailability.html DDOS http://media.frnog.org/FRnOG_18/FRnOG_18-6.pdf Be regular and orderly in your life, so that you may be violent and original in your work Flaubert
  • 17. I can hear Martin Levy ask “Does it supports IPv6 ” IPv4 IPv6 Neighbours Neighbours IPv4 IPv6 Prefixes (and MPLS) Prefixes (MP NLRI) yes yes IPv4 IPv6 Flow Spec (RFC 5575) Flow Spec (draft) yes yes * ! ! ! N Th ati em ve ed IPv sli 6 de yes yes * I do not know any vendors supporting it yet … As you can never fully please Martin, I admit … ! RFC 5701 - IPv6 Address Specific BGP Extended Community Attribute no It is easier to ask for forgiveness than permission - Stewart’s law of retraction fake
  • 18. Usage RTBH Tell your provider to stop sending you traffic for some IPs ! Announce some more specific routes (/32, /29, …) part of your network and TAG the route with communities so it can be filtered (dropped by your upstream edge routers) Traffic is dropped before it is billed ! Many Talks (NANOG, APRICOT, ...) on the topic and an RFC (5635) > google RTBH or Remotely triggered blackhole ! The goal is to bypass the transit provider NOC and reduce response time when under duress ! Each ISP implements it differently .. level3 > whois -h whois.ripe.net AS3356 | grep -B1 -A15 -i blakhole It is dangerous to be right in matters on which the established authorities are wrong Voltaire
  • 19. Flow Routes Control the filtering Yourself, do not disconnect the target group ddos { local-as 30740; peer-as 30740; router-id 82.219.0.1; local-address 82.219.0.1; graceful-restart 5; family { ipv4 unicast; ipv4 flow; } flow { route drop-ddos-ntp2 { match { destination 82.219.4.31/32; destination-port >123 <123; protocol udp; } then { discard; } } } neighbor 82.219.0.2 { description “nothing at those IP"; } neighbor 82.219.0.3 { description “no point attacking them"; } } Firewall rules via BGP RFC 5575 Juniper and Alcatel Cisco coming in 2014 for IOS-XR and XE Ask Cisco for more info ExaBGP is the only OSS application to support FlowSpec thomas@mx-80> show route table inetflow.0 ! inetflow.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden) Restart Complete + = Active Route, - = Last Active, * = Both ! 82.219.4.31,*,proto=17,dstport>=124&<=65535,>=0&<=122/term:2 *[BGP/170] 4d 13:48:20, localpref 100, from 82.219.5.101 AS path: I Fictitious […] thomas@mx-80> show firewall filter __flowspec_default_inet__ The secret of business is to know something that nobody else knows Aristotle Onassis
  • 20. Designed to be scripted Use ANY scripting language perl, python, lua, go, bash, … neighbor 127.0.0.1 { router-id 1.2.3.4; local-address 127.0.0.1; local-as 1; peer-as 1; graceful-restart; ! process announce-routes { run ./api-add-remove.run; } #!/usr/bin/env python ! ! import sys, time messages = [ 'announce route 1.1.0.0/24 next-hop 101.1.101.1', 'announce route 1.1.0.0/25 next-hop 101.1.101.1', 'withdraw route 1.1.0.0/24 next-hop 101.1.101.1', ] ! while messages: message = messages.pop(0) sys.stdout.write( message + 'n') sys.stdout.flush() time.sleep(1) ! while True: time.sleep(1) > ./sbin/exabgp ./api-add-remove.conf An example on the wiki with SHELL PIPE .. for examples, look into /dev/runtest “the test suite” Used in prod as SDN by at least one large network ! Use for DDOS mitigation by MANY networks ! Used by vendor For BGP interrop testing ! Their is two rules for success in business, one do not tell all you know, … Some bad joke site
  • 21. ExaBGP as a Route Server Why only now? ExaBGP started as a route injector, not a BGP daemon It is single threaded using windows 3.1 like multi-tasking The code was blocking when sending routes Fixed this summer with version 3.2 Hundreds of hours of work Most of the IX effort already on Quagga and BIRD (more mature) How much work is required ? ! ExaBGP already works as route collector only tested on a small scale (IXLeeds) need some more control features (for debugging) but it SHOULD scale Divide and Conquer Julius Caesar
  • 22. ExaBGP as a Route Server Why would it be better? Much simpler code to understand (python) Much easier to hack (adding draft RFC in hours now) Can still be improved though Can take benefit of multiple cores easily ExaBGP does NOT have a LOCAL RIB The RIB can be implemented as a different process The RIB does not even have to be on the server Possible madness with things like ZeroMQ :-) Possible to have one BGP daemon per switch Possible to detect L2 loss and change announcement ExaBGP is single threaded but can use multiple cores FreeBSD and Linux 3.9 SO_REUSE_PORT Allows to split TCP flows to different process aBGP t Ex lp) All listening on the same port r r en cu he d to t would ir e requ vemen ge chan e impro No om but s ( Divide and Conquer Julius Caesar
  • 23. Last words… perhaps! Please HELP! I could do with … more contributors need help with documentation Otherwise, just let me know if you use it… Any ‘it works’ mail is always appreciated Need to tidy some code JSON generation Configuration format parsing (started) More .. LINX agreed to let me use their IXIA to see how it performs and compare the result with BIRD who would be interested in seeing the results? I am surprised! you are reading those quotes! Thomas Mangin
  • 24. Questions? Thank you for your kindness on IRC .. thomas.mangin@exa-networks.co.uk https://github.com/thomas-mangin/exabgp/ Judge a man by his questions rather than by his answers Voltaire