►
In january, Geoff Huston wrote to the NANOG list:
George Michaelson, Randy Bush and myself have successfully tested the
implementation of 4Byte AS BGP on a public Internet transit. The
above BGP RIB snapshot was taken at a 4Byte BGP speaker in North
America, showing a transit path across AS 1221, AS 4637, AS 1239 and
AS 3130 , with correct reconstruction of the originating AS at the
other (4Byte AS) end.
At the time of this writing, their prefix is no longer visible in the global BGP table...
Full article / permalink - posted 2007-04-12
▼
In january, Geoff Huston wrote to the NANOG list:
George Michaelson, Randy Bush and myself have successfully tested the
implementation of 4Byte AS BGP on a public Internet transit. The
above BGP RIB snapshot was taken at a 4Byte BGP speaker in North
America, showing a transit path across AS 1221, AS 4637, AS 1239 and
AS 3130 , with correct reconstruction of the originating AS at the
other (4Byte AS) end.
At the time of this writing, their prefix is no longer visible in the global BGP table, but
telnet to route-views.oregon-ix.net and type:
show ip bgp regexp _23456_
Until the Route Views server is upgraded to support 32-bit ASes, this will give you
all the prefixes/AS paths with a 32-bit AS number in them. Currently, those are:
- 84.205.88.0/24, "RIPE-NCC-RIS 4-byte ASN testing prefix", advertised from AS 196615 aka AS 3.7
- 145.125.0.0/20, "SURFNET-TEST-NETWORK 4BYTE ASN", advertised from AS 196613 aka AS 3.5
There are now patches to make OpenBGPD 32-bit AS capable and also patches for Quagga.
For more information on 32-bit ASes, have a look at an earlier article on BGPexpert.com.
Permalink - posted 2007-04-12
►
Old dogs can learn new tricks. That's a good thing, because securing inter-domain routing requires a whole bag of them. After lots of talk about S-BGP and soBGP over the past years, more recently, work in the IETF on making inter-domain routing more secure has shifted to a different approach.
Full article / permalink - posted 2007-03-21
▼
Warning: spoiler. Last week's episode (#74) of MythBusters showed that, in fact, old dogs can learn new tricks. That's a good thing, because securing inter-domain routing requires a whole bag of them. After lots of talk about S-BGP and soBGP over the past years, more recently, work in the IETF on making inter-domain routing more secure has shifted to a different approach. The relatively new secure inter-domain routing (sidr) working group is now working on providing a public key infrastructure that makes it possible to link an IP prefix to an origin AS with certificates. In the future, this mechanism may be used in S-BGP, soBGP or a similar mechanism, but in the mean time, it allows generating and validating filters. Although it's possible to choose arbitrary trust anchors, the idea is that IANA and the RIRs will serve as certificate authorities as they are the ones giving out the address space and AS numbers. Although the basic idea is simple enough, I'm slightly worried about how this is going to work in practice, because the underlying mechanisms are very complex, and not something "BGP people" are likely to be familiar with. Have a look at the sidr page on the IETF website and the links to the current drafts to get an idea. A good one to start with is draft-ietf-sidr-arch-00.txt or "An Infrastructure to Support Secure Internet Routing". (Link to the latest version.)
Permalink - posted 2007-03-21
OpenBSD, the security conscious sibling in the BSD operating system family, has its own BGP daemon implementation: OpenBGPD.
Permalink - posted 2007-01-30
As Zebra progress has been glacial, a group of people created a fork under the name Quagga. Quagga is more community-based and a somewhat better choice than Zebra in an operational environment.
Permalink - posted 2007-01-30
2006 was another busy year for the five Regional Internet Registries: together, they gave out 161.48 million IPv4 addresses, just shy of the 165.45 million given out in 2005 as measured on january first 2006.
Lots more information in the 2006 IPv4 Address Use Report.
Permalink - posted 2007-01-01
If you want to use the BGP routing protocol, you need an Autonomous System number. These AS numbers were 16 bits in size until now, allowing for around 64000 ASes, and more than half of those have been given out already. To avoid problems when we run out of AS numbers, the IETF came up with modifications to BGP to allow for 32-bit AS numbers, as I explained in a posting about a year ago.
Obviously, at some point someone has to bite the bullet and start using one of these new AS numbers. This bullet biting may happen fairly soon, as the five Regional Internet Registries have all adopted, or are in the process of adopting, the following policy:
- As of january first, 2007, it will be possible to request a 32-bit AS number.
- As of january first, 2009, the RIRs will be giving out 32-bit AS numbers to everyone who requests an AS number and doesn't specifically ask for a 16-bit compatible one.
- And as of january first, 2010, there will cease to be a difference between 16-bit and 32-bit AS numbers and the transition will be complete.
So what does this mean for people who run BGP today? Not all that much, really, because the changes to BGP to support the longer AS numbers are completely backward compatible. The only change is that you'll see the AS number 23456 appear in more and more places. In routers that don't yet support 32-bit ASes, the special 16-bit AS number 23456 shows up as a placeholder in places where a 32-bit AS is supposed to appear.
If you have scripts that perform AS-related operations on the Routing Registries (such as the RIPE database), you'll have to adjust your software to parse the new format for 32-bit AS numbers. They are written down as <16bits>.<16bits>, for instance, 3.1099 is a new 32-bit AS number and 0.23456 is the 32-bit version of AS 23456. However, this format isn't standardized so 32-bit AS numbers may show up differently in your router. Have a look at the RIPE announcement.
As soon as the first 32-bit AS number appears in the wild I'll report it here so you can check whether it shows up in its full 32-bit glory or as 23456. In the mean time, you may want to ask your router vendor for 32-bit AS support. At least one of the big vendors isn't implementing it in all of their lines just yet because they claim there is no customer demand for it.
Permalink - posted 2006-12-29
older posts
- newer posts
