SlideShare a Scribd company logo

RPSL and rpsltool

ā€¢
ā€¢
Marco d'Itri
Marco d'Itri

Automatic generation of BGP configurations and filters.

Internet
1 of 28
Download to read offline
RPSL and rpsltool Automatic generation of BGP conļ¬gurations and ļ¬lters Marco dā€™Itri <md@linux.it> @rfc1036 Trex Workshop 2012 - September 14, 2012
Content 1 Theory of RPSL 2 rpsltool 3 Operational considerations We will learn how RPSL works and how to use rpsltool to generate complete BGP conļ¬gurations. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 2 / 28
rpsltool: what for Generates the conļ¬guration for BGP sessions customers peers IX route servers It can generate ļ¬lters from IRR data (i.e. the RIPE whois database). Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 3 / 28
Theory of RPSL What is RPSL Routing Policy Speciļ¬cation Language Is a language which allows an autonomous system to describe their routing policy in detail and use it to generate the matching conļ¬gurations of routers. Deļ¬ned by RFC 2622 (1999) and others. RPSLng (RFC 4012, 2005) extends it to support multicast and IPv6 neighbors. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 4 / 28
Theory of RPSL RPSL is complex Deļ¬ned objects: mntner, person, role aut-num, route, inet-rtr, filter, peering as-set, route-set, rtr-set, filter-set, peering-set Please raise your hand if you have ever seen a rtr-set object. Almost all of these objects can be ignored in practice. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 5 / 28
Theory of RPSL RPSL is complex (2) Complexity extends to apparently familiar objects too. Lesser known attributes of the route object: components aggr-mtd aggr-bndry inject holes export-comps Please raise your hand if you have ever seen one in the wild. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 6 / 28
Theory of RPSL RPSL is complex (3) Fully describing a real world conļ¬guration in an aut-num object requires many directives (if possible at all!). import: { # MIX-IT peers from AS-ANY at 217.29.66.86 accept not ({0.0.0.0/0^25-32} or fltr-bogons-seeweb-it); action pref = 750; med = 0; community = {12637:65002}; } refine { from AS137 accept <AS-GARR+$>; # ... } Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 7 / 28
Theory of RPSL The aut-num object They document the relationships among autonomous systems and the routes exchanged by them. aut-num: AS12637 import: ... export: ... Their purpose is to provide information which allow to conļ¬gure your own router, but almost nobody uses them this way. For third parties they only have information value: you should either keep them up to date or keep them as simple as possible. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 8 / 28
Theory of RPSL The route object A single route and the autonomous system which announces it: route: 37.9.239.0/24 origin: AS12637 The route6 object describes IPv6 routes. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 9 / 28
Theory of RPSL A side topic: the pingable attribute route: 37.9.239.0/24 descr: Seeweb s.r.l. origin: AS12637 pingable: 37.9.239.1 Deļ¬ned by RFC 5943 (2010), it allows to publish an IP address which can be used by third parties for testing. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 10 / 28
Theory of RPSL The as-set object A list of autonomous systems: as-set: AS12637:AS-CUSTOMERS descr: Seeweb and its IPv4 customers members: AS12637, AS31076, AS6831, AS50627 members: AS12654 # RIPE RIS Routing Beacons Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 11 / 28
rpsltool Why I wrote rpsltool IRRToolSet used to be the standard (and only) tool. In 2005 it was not maintained, did not compile on modern systems and when it did it often crashed or silently generated incomplete ļ¬lters. Nowadays it is in a much better shape and hosted by ISC. IRRToolSet is also extremely complex and implements rarely used features. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 12 / 28
rpsltool Why I wrote rpsltool (2) I am lazy Conļ¬guring and maintaining peerings takes time. Boring tasks cause mistakes. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 13 / 28
rpsltool IRRToolSet vs. rpsltool: technology IRRToolSet 26000 lines of C++ (used to be 70000) 4000 lines of ļ¬‚ex and YACC parsers rpsltool 1300 lines of perl 600 lines of Template::Toolkit Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 14 / 28
rpsltool IRRToolSet vs. rpsltool: features IRRToolSet allows to generate the complete BGP conļ¬guration for a network by deļ¬ning it in the IRR. This is complex enough that only an handful of networks in the world do it. rpsltool is leaner and still it is easier to use for the common case. Also, do you really want to publically advertise your complete routing policy? Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 15 / 28
rpsltool IRRToolSet vs. rpsltool: IRR support IRRToolSet Uses all RPSL objects and attributes. rpsltool Only uses route, route6, as-set, rs-set. rpsltool Replaces the complex aut-num object with a simple list of neighbors. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 16 / 28
rpsltool rpsltool technology perl YAML Template::Toolkit Net::Whois::RIPE Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 17 / 28
rpsltool rpsltool targets Example templates are provided for: IOS JunOS BIRD OpenBGPD You can easily implement any other format you need. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 18 / 28
rpsltool Who uses rpsltool? Internet exchanges MIX-IT (OpenBGPD), MINAP (OpenBGPD and BIRD). Others are considering it. Random ISPs If you need to conļ¬gure BGP sessions for peers and customers, then rpsltool is for you. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 19 / 28
rpsltool rpsltool: basic principles Input A list of peers and the parameters which describe them. RPSL objects from the IRR (optional). Conļ¬guration ļ¬les templates. Output The BGP conļ¬guration for a router. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 20 / 28
rpsltool Conļ¬guration example: peers - as: 137 description: GARR import: AS-GARR ip: 194.116.96.25 ipv4: { aslist: 37 } - as: 33077 description: F root import: 2001:500::/48 ip: 2001:7F8:23:FFFF::6 backupip: 2001:7F8:23:FFFF::7 bgp_commands: ā€™password 7 0000000000000000000000ā€™ This replaces the aut-num objects. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 21 / 28
rpsltool Conļ¬guration example: a template fragment ... [% NEXT IF NOT neigh.$afi.import_routes.size %] no [% acltype %] prefix-list [% aclname +%] [% FOREACH route = neigh.$afi.import_routes %] [% acltype %] prefix-list [% aclname %] permit [% route.route2cisco +%] [% END %] ... Templating allows to deļ¬ne every detail of the generated conļ¬guration. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 22 / 28
rpsltool Conļ¬guration example: not just conļ¬g ļ¬les [% asset = ā€™AS12637:AS-CUSTOMERSā€™; FOREACH as = asset.expand_as_set.asnsort; "# " _ as _ "n"; as.v4routes.aggregate.ipsort.join("n"); END %] Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 23 / 28
Operational considerations Which objects should I maintain in the IRR? The short answer is: route route6 Why bother registering my routes? Third parties will be able to automatically generate the ļ¬lters for the BGP sessions with you. Some of your transit providers will be able to automatically generate ļ¬lters for the BGP sessions with you. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 24 / 28
Operational considerations Do I need to maintain my aut-num object? The short answer is: No. But if you do not, at least try to not keep stale data there: aut-num: AS12637 import: from AS-ANY accept ANY export: to AS-ANY announce AS12637:AS-CUSTOMERS remarks: This is just an approximation. (Not my idea, I stole it from DTAG.) Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 25 / 28
Operational considerations RPSL security Creation of route objects is authenticated A very complex set of rules guarantees that only the entity to which a network or ASN have been allocated to can create route objects referencing them. Your customersā€™ aut-num object may be useful as well Some transit providers consider a routing policy described in an third partyā€™s aut-num object proof that you can announce their routes. This is very convenient and replaces LOAs. But this is only valid in the RIPE region, registration in other IRRs is usually free for all! Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 26 / 28
Operational considerations Why ļ¬lter peering sessions? Is maximum-prefix enough? It is a risk, and it causes downtime. Is ļ¬ltering always practical? No, but you can do your best. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 27 / 28
Operational considerations Questions? http://www.linux.it/~md/text/rpsltool-trex.pdf (google . . . Marco dā€™Itri . . . I feel lucky) Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 28 / 28

Recommended

FPGA Implementation of Mixed Radix CORDIC FFT
FPGA Implementation of Mixed Radix CORDIC FFTFPGA Implementation of Mixed Radix CORDIC FFT
FPGA Implementation of Mixed Radix CORDIC FFTIJSRD
Ā 
Programmable Logic Array(PLA) & Programmable Array Logic(PAL)
Programmable Logic Array(PLA) & Programmable Array Logic(PAL)Programmable Logic Array(PLA) & Programmable Array Logic(PAL)
Programmable Logic Array(PLA) & Programmable Array Logic(PAL)Revathi Subramaniam
Ā 
Grasp the Critical Issues for a Functioning JESD204B Interface
Grasp the Critical Issues for a Functioning JESD204B InterfaceGrasp the Critical Issues for a Functioning JESD204B Interface
Grasp the Critical Issues for a Functioning JESD204B InterfaceAnalog Devices, Inc.
Ā 
Pla pal-and-pla-optimization
Pla pal-and-pla-optimizationPla pal-and-pla-optimization
Pla pal-and-pla-optimizationSai Kumar
Ā 
PAL And PLA ROM
PAL And PLA ROMPAL And PLA ROM
PAL And PLA ROMRONAK SUTARIYA
Ā 
A study to Design and comparison of Full Adder using Various Techniques
A study to Design and comparison of Full Adder using Various TechniquesA study to Design and comparison of Full Adder using Various Techniques
A study to Design and comparison of Full Adder using Various TechniquesIOSR Journals
Ā 
Programmable logic array
Programmable logic arrayProgrammable logic array
Programmable logic arrayRSARANYADEVI
Ā 
Flash memory
Flash memoryFlash memory
Flash memoryrohitladdu
Ā 

Recommended

FPGA Implementation of Mixed Radix CORDIC FFT
FPGA Implementation of Mixed Radix CORDIC FFTFPGA Implementation of Mixed Radix CORDIC FFT
FPGA Implementation of Mixed Radix CORDIC FFTIJSRD
Ā 
Programmable Logic Array(PLA) & Programmable Array Logic(PAL)
Programmable Logic Array(PLA) & Programmable Array Logic(PAL)Programmable Logic Array(PLA) & Programmable Array Logic(PAL)
Programmable Logic Array(PLA) & Programmable Array Logic(PAL)Revathi Subramaniam
Ā 
Grasp the Critical Issues for a Functioning JESD204B Interface
Grasp the Critical Issues for a Functioning JESD204B InterfaceGrasp the Critical Issues for a Functioning JESD204B Interface
Grasp the Critical Issues for a Functioning JESD204B InterfaceAnalog Devices, Inc.
Ā 
Pla pal-and-pla-optimization
Pla pal-and-pla-optimizationPla pal-and-pla-optimization
Pla pal-and-pla-optimizationSai Kumar
Ā 
PAL And PLA ROM
PAL And PLA ROMPAL And PLA ROM
PAL And PLA ROMRONAK SUTARIYA
Ā 
A study to Design and comparison of Full Adder using Various Techniques
A study to Design and comparison of Full Adder using Various TechniquesA study to Design and comparison of Full Adder using Various Techniques
A study to Design and comparison of Full Adder using Various TechniquesIOSR Journals
Ā 
Programmable logic array
Programmable logic arrayProgrammable logic array
Programmable logic arrayRSARANYADEVI
Ā 
Flash memory
Flash memoryFlash memory
Flash memoryrohitladdu
Ā 
PLNOG 13: Krzysztof Mazepa: BGP FlowSpec
PLNOG 13: Krzysztof Mazepa: BGP FlowSpecPLNOG 13: Krzysztof Mazepa: BGP FlowSpec
PLNOG 13: Krzysztof Mazepa: BGP FlowSpecPROIDEA
Ā 
BGP Overview
BGP OverviewBGP Overview
BGP OverviewMatt Bynum
Ā 
6low pan
6low pan 6low pan
6low pan kaleemulla
Ā 
LISP protocol
LISP protocolLISP protocol
LISP protocolDenis Albaladejo
Ā 
Study about Locator/Identifier Separation Protocol (LISP)
Study about Locator/Identifier Separation Protocol (LISP)Study about Locator/Identifier Separation Protocol (LISP)
Study about Locator/Identifier Separation Protocol (LISP)Assia Bakrim
Ā 
IRR Toolset, RPSL
IRR Toolset, RPSL IRR Toolset, RPSL
IRR Toolset, RPSL Bangladesh Network Operators Group
Ā 
Event-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationEvent-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationAPNIC
Ā 
JUNOS: OSPF and BGP
JUNOS: OSPF and BGPJUNOS: OSPF and BGP
JUNOS: OSPF and BGPZenith Networks
Ā 
Better Network Management Through Network Programmability
Better Network Management Through Network ProgrammabilityBetter Network Management Through Network Programmability
Better Network Management Through Network ProgrammabilityCisco Canada
Ā 
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET Journal
Ā 
Introduction to VIP with PCI Express Technology
Introduction to VIP with PCI Express TechnologyIntroduction to VIP with PCI Express Technology
Introduction to VIP with PCI Express Technologyijsrd.com
Ā 
All About Routers: Types Of Routers, Routing Table And IP Routing : Notes
All About Routers: Types Of Routers, Routing Table And IP Routing : NotesAll About Routers: Types Of Routers, Routing Table And IP Routing : Notes
All About Routers: Types Of Routers, Routing Table And IP Routing : NotesSubhajit Sahu
Ā 
OSPF (Open Shortest Path First) Case Study: Anil Nembang
OSPF (Open Shortest Path First) Case Study: Anil NembangOSPF (Open Shortest Path First) Case Study: Anil Nembang
OSPF (Open Shortest Path First) Case Study: Anil NembangAnil Nembang
Ā 
Ccna1 presentation
Ccna1 presentationCcna1 presentation
Ccna1 presentationShantnu Matharoo
Ā 
Introduction to Router and Routing Basics
Introduction to Router and Routing BasicsIntroduction to Router and Routing Basics
Introduction to Router and Routing BasicsDarwish Ahmad
Ā 
Performance Evaluation of Source Routing over MPLS Networks for Failure Detec...
Performance Evaluation of Source Routing over MPLS Networks for Failure Detec...Performance Evaluation of Source Routing over MPLS Networks for Failure Detec...
Performance Evaluation of Source Routing over MPLS Networks for Failure Detec...Eswar Publications
Ā 
64bit SMP OS for TILE-Gx many core processor
64bit SMP OS for TILE-Gx many core processor64bit SMP OS for TILE-Gx many core processor
64bit SMP OS for TILE-Gx many core processorToru Nishimura
Ā 
ION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for youION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for youDeploy360 Programme (Internet Society)
Ā 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccnaernestlithur
Ā 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccnarobertoxe
Ā 
Exploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONTExploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONTMarco d'Itri
Ā 
BGP security at internet exchanges
BGP security at internet exchangesBGP security at internet exchanges
BGP security at internet exchangesMarco d'Itri
Ā 

More Related Content

Similar to RPSL and rpsltool

PLNOG 13: Krzysztof Mazepa: BGP FlowSpec
PLNOG 13: Krzysztof Mazepa: BGP FlowSpecPLNOG 13: Krzysztof Mazepa: BGP FlowSpec
PLNOG 13: Krzysztof Mazepa: BGP FlowSpecPROIDEA
Ā 
BGP Overview
BGP OverviewBGP Overview
BGP OverviewMatt Bynum
Ā 
6low pan
6low pan 6low pan
6low pan kaleemulla
Ā 
Study about Locator/Identifier Separation Protocol (LISP)
Study about Locator/Identifier Separation Protocol (LISP)Study about Locator/Identifier Separation Protocol (LISP)
Study about Locator/Identifier Separation Protocol (LISP)Assia Bakrim
Ā 
Event-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationEvent-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationAPNIC
Ā 
JUNOS: OSPF and BGP
JUNOS: OSPF and BGPJUNOS: OSPF and BGP
JUNOS: OSPF and BGPZenith Networks
Ā 
Better Network Management Through Network Programmability
Better Network Management Through Network ProgrammabilityBetter Network Management Through Network Programmability
Better Network Management Through Network ProgrammabilityCisco Canada
Ā 
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET Journal
Ā 
Introduction to VIP with PCI Express Technology
Introduction to VIP with PCI Express TechnologyIntroduction to VIP with PCI Express Technology
Introduction to VIP with PCI Express Technologyijsrd.com
Ā 
All About Routers: Types Of Routers, Routing Table And IP Routing : Notes
All About Routers: Types Of Routers, Routing Table And IP Routing : NotesAll About Routers: Types Of Routers, Routing Table And IP Routing : Notes
All About Routers: Types Of Routers, Routing Table And IP Routing : NotesSubhajit Sahu
Ā 
OSPF (Open Shortest Path First) Case Study: Anil Nembang
OSPF (Open Shortest Path First) Case Study: Anil NembangOSPF (Open Shortest Path First) Case Study: Anil Nembang
OSPF (Open Shortest Path First) Case Study: Anil NembangAnil Nembang
Ā 
Introduction to Router and Routing Basics
Introduction to Router and Routing BasicsIntroduction to Router and Routing Basics
Introduction to Router and Routing BasicsDarwish Ahmad
Ā 
Performance Evaluation of Source Routing over MPLS Networks for Failure Detec...
Performance Evaluation of Source Routing over MPLS Networks for Failure Detec...Performance Evaluation of Source Routing over MPLS Networks for Failure Detec...
Performance Evaluation of Source Routing over MPLS Networks for Failure Detec...Eswar Publications
Ā 
64bit SMP OS for TILE-Gx many core processor
64bit SMP OS for TILE-Gx many core processor64bit SMP OS for TILE-Gx many core processor
64bit SMP OS for TILE-Gx many core processorToru Nishimura
Ā 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccnaernestlithur
Ā 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccnarobertoxe
Ā 

Similar to RPSL and rpsltool (20)

PLNOG 13: Krzysztof Mazepa: BGP FlowSpec
PLNOG 13: Krzysztof Mazepa: BGP FlowSpecPLNOG 13: Krzysztof Mazepa: BGP FlowSpec
PLNOG 13: Krzysztof Mazepa: BGP FlowSpec
Ā 
BGP Overview
BGP OverviewBGP Overview
BGP Overview
Ā 
6low pan
6low pan 6low pan
6low pan
Ā 
LISP protocol
LISP protocolLISP protocol
LISP protocol
Ā 
Study about Locator/Identifier Separation Protocol (LISP)
Study about Locator/Identifier Separation Protocol (LISP)Study about Locator/Identifier Separation Protocol (LISP)
Study about Locator/Identifier Separation Protocol (LISP)
Ā 
IRR Toolset, RPSL
IRR Toolset, RPSL IRR Toolset, RPSL
IRR Toolset, RPSL
Ā 
Event-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationEvent-driven Network Automation and Orchestration
Event-driven Network Automation and Orchestration
Ā 
JUNOS: OSPF and BGP
JUNOS: OSPF and BGPJUNOS: OSPF and BGP
JUNOS: OSPF and BGP
Ā 
Better Network Management Through Network Programmability
Better Network Management Through Network ProgrammabilityBetter Network Management Through Network Programmability
Better Network Management Through Network Programmability
Ā 
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
Ā 
Introduction to VIP with PCI Express Technology
Introduction to VIP with PCI Express TechnologyIntroduction to VIP with PCI Express Technology
Introduction to VIP with PCI Express Technology
Ā 
All About Routers: Types Of Routers, Routing Table And IP Routing : Notes
All About Routers: Types Of Routers, Routing Table And IP Routing : NotesAll About Routers: Types Of Routers, Routing Table And IP Routing : Notes
All About Routers: Types Of Routers, Routing Table And IP Routing : Notes
Ā 
OSPF (Open Shortest Path First) Case Study: Anil Nembang
OSPF (Open Shortest Path First) Case Study: Anil NembangOSPF (Open Shortest Path First) Case Study: Anil Nembang
OSPF (Open Shortest Path First) Case Study: Anil Nembang
Ā 
Ccna1 presentation
Ccna1 presentationCcna1 presentation
Ccna1 presentation
Ā 
Introduction to Router and Routing Basics
Introduction to Router and Routing BasicsIntroduction to Router and Routing Basics
Introduction to Router and Routing Basics
Ā 
Performance Evaluation of Source Routing over MPLS Networks for Failure Detec...
Performance Evaluation of Source Routing over MPLS Networks for Failure Detec...Performance Evaluation of Source Routing over MPLS Networks for Failure Detec...
Performance Evaluation of Source Routing over MPLS Networks for Failure Detec...
Ā 
64bit SMP OS for TILE-Gx many core processor
64bit SMP OS for TILE-Gx many core processor64bit SMP OS for TILE-Gx many core processor
64bit SMP OS for TILE-Gx many core processor
Ā 
ION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for youION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for you
Ā 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
Ā 
Chapter14ccna
Chapter14ccnaChapter14ccna
Chapter14ccna
Ā 

More from Marco d'Itri

Exploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONTExploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONTMarco d'Itri
Ā 
BGP security at internet exchanges
BGP security at internet exchangesBGP security at internet exchanges
BGP security at internet exchangesMarco d'Itri
Ā 
The Internet of (other people's) Things
The Internet of (other people's) ThingsThe Internet of (other people's) Things
The Internet of (other people's) ThingsMarco d'Itri
Ā 
Introduzione alla sicurezza di BGP
Introduzione alla sicurezza di BGPIntroduzione alla sicurezza di BGP
Introduzione alla sicurezza di BGPMarco d'Itri
Ā 
Introduzione al peering
Introduzione al peeringIntroduzione al peering
Introduzione al peeringMarco d'Itri
Ā 
The Internet of (other people's) Things
The Internet of (other people's) ThingsThe Internet of (other people's) Things
The Internet of (other people's) ThingsMarco d'Itri
Ā 
State-encouraged BGP hijacking
State-encouraged BGP hijackingState-encouraged BGP hijacking
State-encouraged BGP hijackingMarco d'Itri
Ā 
Sicurezza di BGP
Sicurezza di BGPSicurezza di BGP
Sicurezza di BGPMarco d'Itri
Ā 
Un mistero di censura all'italiana
Un mistero di censura all'italianaUn mistero di censura all'italiana
Un mistero di censura all'italianaMarco d'Itri
Ā 
Interconnessioni tra le reti Italiane
Interconnessioni tra le reti ItalianeInterconnessioni tra le reti Italiane
Interconnessioni tra le reti ItalianeMarco d'Itri
Ā 
An introduction to peering in Italy
An introduction to peering in ItalyAn introduction to peering in Italy
An introduction to peering in ItalyMarco d'Itri
Ā 
Peering e depeering
Peering e depeeringPeering e depeering
Peering e depeeringMarco d'Itri
Ā 
Introduzione al peering
Introduzione al peeringIntroduzione al peering
Introduzione al peeringMarco d'Itri
Ā 
Depeering di Telecom Italia
Depeering di Telecom ItaliaDepeering di Telecom Italia
Depeering di Telecom ItaliaMarco d'Itri
Ā 
Piano di indirizzamento di una rete IPv6
Piano di indirizzamento di una rete IPv6Piano di indirizzamento di una rete IPv6
Piano di indirizzamento di una rete IPv6Marco d'Itri
Ā 
Il nuovo Bryar.pm
Il nuovo Bryar.pmIl nuovo Bryar.pm
Il nuovo Bryar.pmMarco d'Itri
Ā 
Transizione a IPv6: come la vedo io
Transizione a IPv6: come la vedo ioTransizione a IPv6: come la vedo io
Transizione a IPv6: come la vedo ioMarco d'Itri
Ā 
Networking in ambienti cloud
Networking in ambienti cloudNetworking in ambienti cloud
Networking in ambienti cloudMarco d'Itri
Ā 
DNSSEC - una breve introduzione
DNSSEC - una breve introduzioneDNSSEC - una breve introduzione
DNSSEC - una breve introduzioneMarco d'Itri
Ā 
RPSL e rpsltool
RPSL e rpsltoolRPSL e rpsltool
RPSL e rpsltoolMarco d'Itri
Ā 

More from Marco d'Itri (20)

Exploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONTExploring the Huawei HG8010H GPON ONT
Exploring the Huawei HG8010H GPON ONT
Ā 
BGP security at internet exchanges
BGP security at internet exchangesBGP security at internet exchanges
BGP security at internet exchanges
Ā 
The Internet of (other people's) Things
The Internet of (other people's) ThingsThe Internet of (other people's) Things
The Internet of (other people's) Things
Ā 
Introduzione alla sicurezza di BGP
Introduzione alla sicurezza di BGPIntroduzione alla sicurezza di BGP
Introduzione alla sicurezza di BGP
Ā 
Introduzione al peering
Introduzione al peeringIntroduzione al peering
Introduzione al peering
Ā 
The Internet of (other people's) Things
The Internet of (other people's) ThingsThe Internet of (other people's) Things
The Internet of (other people's) Things
Ā 
State-encouraged BGP hijacking
State-encouraged BGP hijackingState-encouraged BGP hijacking
State-encouraged BGP hijacking
Ā 
Sicurezza di BGP
Sicurezza di BGPSicurezza di BGP
Sicurezza di BGP
Ā 
Un mistero di censura all'italiana
Un mistero di censura all'italianaUn mistero di censura all'italiana
Un mistero di censura all'italiana
Ā 
Interconnessioni tra le reti Italiane
Interconnessioni tra le reti ItalianeInterconnessioni tra le reti Italiane
Interconnessioni tra le reti Italiane
Ā 
An introduction to peering in Italy
An introduction to peering in ItalyAn introduction to peering in Italy
An introduction to peering in Italy
Ā 
Peering e depeering
Peering e depeeringPeering e depeering
Peering e depeering
Ā 
Introduzione al peering
Introduzione al peeringIntroduzione al peering
Introduzione al peering
Ā 
Depeering di Telecom Italia
Depeering di Telecom ItaliaDepeering di Telecom Italia
Depeering di Telecom Italia
Ā 
Piano di indirizzamento di una rete IPv6
Piano di indirizzamento di una rete IPv6Piano di indirizzamento di una rete IPv6
Piano di indirizzamento di una rete IPv6
Ā 
Il nuovo Bryar.pm
Il nuovo Bryar.pmIl nuovo Bryar.pm
Il nuovo Bryar.pm
Ā 
Transizione a IPv6: come la vedo io
Transizione a IPv6: come la vedo ioTransizione a IPv6: come la vedo io
Transizione a IPv6: come la vedo io
Ā 
Networking in ambienti cloud
Networking in ambienti cloudNetworking in ambienti cloud
Networking in ambienti cloud
Ā 
DNSSEC - una breve introduzione
DNSSEC - una breve introduzioneDNSSEC - una breve introduzione
DNSSEC - una breve introduzione
Ā 
RPSL e rpsltool
RPSL e rpsltoolRPSL e rpsltool
RPSL e rpsltool
Ā 

Recently uploaded

VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
Ā 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
Ā 
Low Rate Call Girls Kolkata Avani šŸ¤Œ 8250192130 šŸš€ Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani šŸ¤Œ 8250192130 šŸš€ Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani šŸ¤Œ 8250192130 šŸš€ Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani šŸ¤Œ 8250192130 šŸš€ Vip Call Girls Kolkataanamikaraghav4
Ā 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
Ā 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
Ā 
Chennai Call Girls Porur Phone šŸ† 8250192130 šŸ‘… celebrity escorts service
Chennai Call Girls Porur Phone šŸ† 8250192130 šŸ‘… celebrity escorts serviceChennai Call Girls Porur Phone šŸ† 8250192130 šŸ‘… celebrity escorts service
Chennai Call Girls Porur Phone šŸ† 8250192130 šŸ‘… celebrity escorts servicesonalikaur4
Ā 
VIP Kolkata Call Girl Dum Dum šŸ‘‰ 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum šŸ‘‰ 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum šŸ‘‰ 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum šŸ‘‰ 8250192130 Available With Roomdivyansh0kumar0
Ā 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
Ā 
Call Girls In Saket Delhi šŸ’ÆCall Us šŸ”8264348440šŸ”
Call Girls In Saket Delhi šŸ’ÆCall Us šŸ”8264348440šŸ”Call Girls In Saket Delhi šŸ’ÆCall Us šŸ”8264348440šŸ”
Call Girls In Saket Delhi šŸ’ÆCall Us šŸ”8264348440šŸ”soniya singh
Ā 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
Ā 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
Ā 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
Ā 
ā‚¹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] šŸ”|97111...
ā‚¹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] šŸ”|97111...ā‚¹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] šŸ”|97111...
ā‚¹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] šŸ”|97111...Diya Sharma
Ā 
VIP Kolkata Call Girl Kestopur šŸ‘‰ 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur šŸ‘‰ 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur šŸ‘‰ 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur šŸ‘‰ 8250192130 Available With Roomdivyansh0kumar0
Ā 
VIP Call Girls Kolkata Ananya šŸ¤Œ 8250192130 šŸš€ Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya šŸ¤Œ 8250192130 šŸš€ Vip Call Girls KolkataVIP Call Girls Kolkata Ananya šŸ¤Œ 8250192130 šŸš€ Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya šŸ¤Œ 8250192130 šŸš€ Vip Call Girls Kolkataanamikaraghav4
Ā 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
Ā 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
Ā 

Recently uploaded (20)

VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
Ā 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
Ā 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 šŸ«¦ Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 šŸ«¦ Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 šŸ«¦ Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 šŸ«¦ Vanshika Verma More Our Se...
Ā 
Low Rate Call Girls Kolkata Avani šŸ¤Œ 8250192130 šŸš€ Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani šŸ¤Œ 8250192130 šŸš€ Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani šŸ¤Œ 8250192130 šŸš€ Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani šŸ¤Œ 8250192130 šŸš€ Vip Call Girls Kolkata
Ā 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Ā 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Ā 
Chennai Call Girls Porur Phone šŸ† 8250192130 šŸ‘… celebrity escorts service
Chennai Call Girls Porur Phone šŸ† 8250192130 šŸ‘… celebrity escorts serviceChennai Call Girls Porur Phone šŸ† 8250192130 šŸ‘… celebrity escorts service
Chennai Call Girls Porur Phone šŸ† 8250192130 šŸ‘… celebrity escorts service
Ā 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Ā 
VIP Kolkata Call Girl Dum Dum šŸ‘‰ 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum šŸ‘‰ 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum šŸ‘‰ 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum šŸ‘‰ 8250192130 Available With Room
Ā 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
Ā 
Call Girls In Saket Delhi šŸ’ÆCall Us šŸ”8264348440šŸ”
Call Girls In Saket Delhi šŸ’ÆCall Us šŸ”8264348440šŸ”Call Girls In Saket Delhi šŸ’ÆCall Us šŸ”8264348440šŸ”
Call Girls In Saket Delhi šŸ’ÆCall Us šŸ”8264348440šŸ”
Ā 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
Ā 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
Ā 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Ā 
ā‚¹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] šŸ”|97111...
ā‚¹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] šŸ”|97111...ā‚¹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] šŸ”|97111...
ā‚¹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] šŸ”|97111...
Ā 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Ā 
VIP Kolkata Call Girl Kestopur šŸ‘‰ 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur šŸ‘‰ 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur šŸ‘‰ 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur šŸ‘‰ 8250192130 Available With Room
Ā 
VIP Call Girls Kolkata Ananya šŸ¤Œ 8250192130 šŸš€ Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya šŸ¤Œ 8250192130 šŸš€ Vip Call Girls KolkataVIP Call Girls Kolkata Ananya šŸ¤Œ 8250192130 šŸš€ Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya šŸ¤Œ 8250192130 šŸš€ Vip Call Girls Kolkata
Ā 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
Ā 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Ā 

RPSL and rpsltool

  • 1. RPSL and rpsltool Automatic generation of BGP conļ¬gurations and ļ¬lters Marco dā€™Itri <md@linux.it> @rfc1036 Trex Workshop 2012 - September 14, 2012
  • 2. Content 1 Theory of RPSL 2 rpsltool 3 Operational considerations We will learn how RPSL works and how to use rpsltool to generate complete BGP conļ¬gurations. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 2 / 28
  • 3. rpsltool: what for Generates the conļ¬guration for BGP sessions customers peers IX route servers It can generate ļ¬lters from IRR data (i.e. the RIPE whois database). Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 3 / 28
  • 4. Theory of RPSL What is RPSL Routing Policy Speciļ¬cation Language Is a language which allows an autonomous system to describe their routing policy in detail and use it to generate the matching conļ¬gurations of routers. Deļ¬ned by RFC 2622 (1999) and others. RPSLng (RFC 4012, 2005) extends it to support multicast and IPv6 neighbors. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 4 / 28
  • 5. Theory of RPSL RPSL is complex Deļ¬ned objects: mntner, person, role aut-num, route, inet-rtr, filter, peering as-set, route-set, rtr-set, filter-set, peering-set Please raise your hand if you have ever seen a rtr-set object. Almost all of these objects can be ignored in practice. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 5 / 28
  • 6. Theory of RPSL RPSL is complex (2) Complexity extends to apparently familiar objects too. Lesser known attributes of the route object: components aggr-mtd aggr-bndry inject holes export-comps Please raise your hand if you have ever seen one in the wild. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 6 / 28
  • 7. Theory of RPSL RPSL is complex (3) Fully describing a real world conļ¬guration in an aut-num object requires many directives (if possible at all!). import: { # MIX-IT peers from AS-ANY at 217.29.66.86 accept not ({0.0.0.0/0^25-32} or fltr-bogons-seeweb-it); action pref = 750; med = 0; community = {12637:65002}; } refine { from AS137 accept <AS-GARR+$>; # ... } Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 7 / 28
  • 8. Theory of RPSL The aut-num object They document the relationships among autonomous systems and the routes exchanged by them. aut-num: AS12637 import: ... export: ... Their purpose is to provide information which allow to conļ¬gure your own router, but almost nobody uses them this way. For third parties they only have information value: you should either keep them up to date or keep them as simple as possible. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 8 / 28
  • 9. Theory of RPSL The route object A single route and the autonomous system which announces it: route: 37.9.239.0/24 origin: AS12637 The route6 object describes IPv6 routes. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 9 / 28
  • 10. Theory of RPSL A side topic: the pingable attribute route: 37.9.239.0/24 descr: Seeweb s.r.l. origin: AS12637 pingable: 37.9.239.1 Deļ¬ned by RFC 5943 (2010), it allows to publish an IP address which can be used by third parties for testing. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 10 / 28
  • 11. Theory of RPSL The as-set object A list of autonomous systems: as-set: AS12637:AS-CUSTOMERS descr: Seeweb and its IPv4 customers members: AS12637, AS31076, AS6831, AS50627 members: AS12654 # RIPE RIS Routing Beacons Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 11 / 28
  • 12. rpsltool Why I wrote rpsltool IRRToolSet used to be the standard (and only) tool. In 2005 it was not maintained, did not compile on modern systems and when it did it often crashed or silently generated incomplete ļ¬lters. Nowadays it is in a much better shape and hosted by ISC. IRRToolSet is also extremely complex and implements rarely used features. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 12 / 28
  • 13. rpsltool Why I wrote rpsltool (2) I am lazy Conļ¬guring and maintaining peerings takes time. Boring tasks cause mistakes. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 13 / 28
  • 14. rpsltool IRRToolSet vs. rpsltool: technology IRRToolSet 26000 lines of C++ (used to be 70000) 4000 lines of ļ¬‚ex and YACC parsers rpsltool 1300 lines of perl 600 lines of Template::Toolkit Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 14 / 28
  • 15. rpsltool IRRToolSet vs. rpsltool: features IRRToolSet allows to generate the complete BGP conļ¬guration for a network by deļ¬ning it in the IRR. This is complex enough that only an handful of networks in the world do it. rpsltool is leaner and still it is easier to use for the common case. Also, do you really want to publically advertise your complete routing policy? Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 15 / 28
  • 16. rpsltool IRRToolSet vs. rpsltool: IRR support IRRToolSet Uses all RPSL objects and attributes. rpsltool Only uses route, route6, as-set, rs-set. rpsltool Replaces the complex aut-num object with a simple list of neighbors. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 16 / 28
  • 18. rpsltool rpsltool targets Example templates are provided for: IOS JunOS BIRD OpenBGPD You can easily implement any other format you need. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 18 / 28
  • 19. rpsltool Who uses rpsltool? Internet exchanges MIX-IT (OpenBGPD), MINAP (OpenBGPD and BIRD). Others are considering it. Random ISPs If you need to conļ¬gure BGP sessions for peers and customers, then rpsltool is for you. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 19 / 28
  • 20. rpsltool rpsltool: basic principles Input A list of peers and the parameters which describe them. RPSL objects from the IRR (optional). Conļ¬guration ļ¬les templates. Output The BGP conļ¬guration for a router. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 20 / 28
  • 21. rpsltool Conļ¬guration example: peers - as: 137 description: GARR import: AS-GARR ip: 194.116.96.25 ipv4: { aslist: 37 } - as: 33077 description: F root import: 2001:500::/48 ip: 2001:7F8:23:FFFF::6 backupip: 2001:7F8:23:FFFF::7 bgp_commands: ā€™password 7 0000000000000000000000ā€™ This replaces the aut-num objects. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 21 / 28
  • 22. rpsltool Conļ¬guration example: a template fragment ... [% NEXT IF NOT neigh.$afi.import_routes.size %] no [% acltype %] prefix-list [% aclname +%] [% FOREACH route = neigh.$afi.import_routes %] [% acltype %] prefix-list [% aclname %] permit [% route.route2cisco +%] [% END %] ... Templating allows to deļ¬ne every detail of the generated conļ¬guration. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 22 / 28
  • 23. rpsltool Conļ¬guration example: not just conļ¬g ļ¬les [% asset = ā€™AS12637:AS-CUSTOMERSā€™; FOREACH as = asset.expand_as_set.asnsort; "# " _ as _ "n"; as.v4routes.aggregate.ipsort.join("n"); END %] Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 23 / 28
  • 24. Operational considerations Which objects should I maintain in the IRR? The short answer is: route route6 Why bother registering my routes? Third parties will be able to automatically generate the ļ¬lters for the BGP sessions with you. Some of your transit providers will be able to automatically generate ļ¬lters for the BGP sessions with you. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 24 / 28
  • 25. Operational considerations Do I need to maintain my aut-num object? The short answer is: No. But if you do not, at least try to not keep stale data there: aut-num: AS12637 import: from AS-ANY accept ANY export: to AS-ANY announce AS12637:AS-CUSTOMERS remarks: This is just an approximation. (Not my idea, I stole it from DTAG.) Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 25 / 28
  • 26. Operational considerations RPSL security Creation of route objects is authenticated A very complex set of rules guarantees that only the entity to which a network or ASN have been allocated to can create route objects referencing them. Your customersā€™ aut-num object may be useful as well Some transit providers consider a routing policy described in an third partyā€™s aut-num object proof that you can announce their routes. This is very convenient and replaces LOAs. But this is only valid in the RIPE region, registration in other IRRs is usually free for all! Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 26 / 28
  • 27. Operational considerations Why ļ¬lter peering sessions? Is maximum-prefix enough? It is a risk, and it causes downtime. Is ļ¬ltering always practical? No, but you can do your best. Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 27 / 28
  • 28. Operational considerations Questions? http://www.linux.it/~md/text/rpsltool-trex.pdf (google . . . Marco dā€™Itri . . . I feel lucky) Marco dā€™Itri RPSL and rpsltool Trex Workshop 2012 28 / 28