[AusNOG] Route filter update management advice.
Sean K. Finn
sean.finn at ozservers.com.au
Wed May 26 14:33:27 EST 2010
HI All,
Thank's for the advice.
The biggest lessons I've learnt here are:
1. Automate router configs for *internal* as path and prefix filtering. (Why didn't I think of that?)
2. Use available tools wherever available to make life easier, like, IRRD, RPSL etc, but avoid IRRToolset like the plague since I'm starting afresh.
3. Vet every incoming IP range and AS
4. Template and script as much as possible when a new request arrives to upstreams via email or whatever methods they publish. AAPT is one of my upstreams and they have an automated interface, so its probably just as easy to push requests into this interface, as one example.
Once again thanks to the couple of people who replied off-list, and to those who replied on-list.
I'm off to check out IRRD, RPSL and IRRToolset to start with.
Thanks.
Sean.
-----Original Message-----
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Matthew Moyle-Croft
Sent: Wednesday, 26 May 2010 1:24 PM
To: David Hughes
Cc: ausnog at ausnog.net; Sean K. Finn
Subject: Re: [AusNOG] Route filter update management advice.
On 26/05/2010, at 12:49 PM, David Hughes wrote:
>
> For your own sanity, generating your BGP and filtering config from an RPSL specification is a good step forward. I've been working on that for a while now. The old IRR Toolset ( irrtoolset.isc.org) has been horrible to work with over the years but is getting better.
FWIW, our EBGP policy is entirely driven from IRRToolset. It's a little ugly, but you can generate all filtering etc at a higher level and never have to hand code EBGP again. Does need some automation wrapped around it. One nice thing -> it can generate IOS and JunOS amongst other things. So, aside from the glue to generate some stuff, you can move from vendor to vendor with no issue.
(it can also be used to generate filters -> so knowing what's on net or not is really easy).
Highly recommended.
We also automate iBGP completely. DB has router descriptions (functions, rr details, etc) and generates entire IBGP stack for every router in about 30sec.
MMC
> If it wasn't written in c++ I'd be helping maintain and enhance it. Shame about the choice of language really. But, it's getting more portable and reliable so it's a good starting point. That and IRRd (www.irrd.net) should help remove some of the manual aspects.
>
>
> David
> ...
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list