Bgp
Debian 13 Anycast Node
Building Debian 13 anycast nodes from cloud images with cloud-init support: configuring multiple loopback addresses using netplan instead of /etc/network/interfaces, exabgp service configuration for anycast BGP route announcements, and deploying redundant anycasted DNS infrastructure.RouterOS 7.x Filtering
Implementing comprehensive BGP filtering policies on RouterOS 7.x: defining community lists for roles (customer/transit/peering), configuring route protection and RPKI validation, applying per-link inbound/outbound filters with prefix size validation and community-based localpref manipulation.RPKI w/ RouterOS v7
Implementing RPKI route validation on RouterOS v7 with routinator RTR server: configuring RTR connections with preference/failover, validating routes with routing filter rules, rejecting invalid routes while preferencing valid routes, and managing ROA growth tracking.exabgp 4.x, anycast, and healthchecks
Implementing exabgp 4.x built-in healthchecks for anycasted DNS: configuring health check intervals, rise/fall thresholds, withdraw-on-down behavior for automatic route removal on service failure, and multi-address-family BGP sessions for IPv4/IPv6 anycast announcements.OpenBSD 6.6 BGP Looking Glass
Building BGP looking glass on OpenBSD 6.6 using httpd and bgpd: configuring slowcgi for CGI support, setting up bgplg restricted socket, enabling ping/traceroute in chroot environment, and configuring dual IPv4/IPv6 BGP peering sessions for route lookups.Inadvertent Transit
Analyzing BGP route leak causing AS7122 outage: AS53443 leaked 535,292 DFZ routes from AS6327 during second provider turnup due to missing outbound prefix filters, combined with AS7122 accepting routes without customer filters, congesting 70% of internet-bound traffic for 13 minutes.MRT Dumps with GoBGP
Logging BGP routes with GoBGP MRT dumps: configuring TOML-based RIB dumps every 8 hours and BGP update files every 5 minutes, processing MRT files with BGP Scanner and mrt2mysql.py for Canadian AS-PATH tracking and routing analysis.AS112 and BIRD
Implementing AS112 reverse DNS sinkhole using BIRD BGP daemon: installing kernel routes from BGP, configuring prefix filters for RFC1918/RFC6890 anycast addresses, and using arouteserver to automate IXP AS112 deployments with BIRD.AS112 and Exabgp
Deploying RFC1918/RFC6890 reverse DNS sinkhole with AS112 using exabgp: configuring anycasted 192.175.48.0/24 and 2620:4f:8000::/48 prefixes, implementing exabgp-healthcheck for DNS service monitoring, and advertising BLACKHOLE routes only when service is operational.Studying Canadian BGP
Researching Canadian BGP routing over four years: evolving from exabgp JSON piped to CouchDB, to MySQL database ingestion, to automated province-by-province ASN status page generation with git-tracked history and BGP growth analysis.HA Recursive DNS with dnsdist and exabgp
Building anycasted highly-available recursive DNS with dnsdist load balancers and exabgp: using BGP MED-based failover across 4 dnsdist nodes with PowerDNS recursor backends, custom orderedwrandom load balancing policy, and automated healthchecks for route withdrawal.BGP BLACKHOLE Community
Implementing RFC 7999 BGP BLACKHOLE community (65535:666) on MikroTik RouterOS: configuring routing filters to set blackhole route type, integrating with FastNetMon for automated DDoS mitigation, and handling provider-specific communities for upstream blackholing.Large BGP Communities
Large BGP Community draft RFC addressing 32-bit ASN limitations in standard BGP communities: tracking implementation status across ExaBGP, Cisco IOS XR, Nokia SR-OS, and Bird, with development on Github.A BGP Slash Command
Building a Slack /bgp slash command using custom API at api.hextet.net: integrating BGP lookups, whois, and looking glass functionality directly into Slack channels via web API POST integration.AS395089
Launching AS395089 for Hextet Systems from ARIN assignment to full BGP operations in one day: configuring IPv6 /44 and IPv4 /24 announcements, setting up PeeringDB/BGPmon accounts, creating IRR objects (aut-num, route/route6, AS-HEXTET as-set).IXP Peering Lan Hijacks
MBIX Peering LAN IP space hijacked via BGP and used for spam: investigating unauthorized BGP announcements of 206.72.208.0/24 through AS-Path 9002 44050 131788, demonstrating why IX peering LAN space should not be globally routable.BGP and Game Performance
Riot Games engineering blog on optimizing BGP routing for League of Legends: why buying transit from Tier 1 providers doesn't solve all latency problems and how peering at Internet Exchanges is critical for game performance.Filtering with BGP Communities
Implementing BGP community-based filtering to control route advertisements and prevent route leaks: designing community number ranges for route sources, localpref modifiers, prepending, and selective upstream/peer/customer announcements with example Cisco route-maps.Gracefully Shutting Down An IXP
This post is a guest blog by MBIX Network Administrator Jonathan Stewart. This post was brought to you by a real situation at MBIX.4 ASNs Disappear in Atomic Aggregate
AS7122 enables atomic aggregate on /16 announcements, accidentally suppressing four Manitoba customer ASNs (21876, 23001, 32433, 54937) from global routing table—analyzing route withdrawals via RIPE collectors and multihoming implications.Working with ARINs Route Registry
Creating RPSL objects in ARIN's Internet Routing Registry: setting up MNTNER with MD5 authentication, generating route/inetnum objects via email templates, and validating IRR entries for BGP prefix filtering automation.ASN Growth in Manitoba
Tracking dramatic Manitoba ASN growth in 2013-2014: IXP launches (MBIX/WpgIX) drive half of 60+ ASNs to peer locally, exchanging ~1 Gbps traffic and improving rural ISP access to universities over major providers.Phased Service Moves
Multi-phase migration to BGP-announced IP space: AS62758 turnup, moving LMS and external services from provider IPs, pre-change testing with reduced DNS TTLs, 1:1 NAT configs, and phased rollout strategy.New and Removed ASNs
Automating Canadian ASN discovery using Blockfinder: daily diff emails tracking ARIN assignments, patching TTY progress bar issues for cron jobs, and proposing ARIN's arin-issued list for AS numbers (later implemented).Major Internet Issues Today
August 12, 2014: IPv4 routes breach 512k triggering router crashes, Shaw Canada experiences nationwide routing failures, and AS701/AS705 de-aggregation event cascades through unfiltered peers.BGP Hijacking In News Again
Canadian ISP hijacks 51 prefixes to redirect cryptocurrency miners via unfiltered AS6939 peer: bogon routes, more-specifics targeting Digital Ocean/AWS, and lessons in prefix filtering failures.OpenBSD 5.5 BGP Looking Glass
Updated guide to run a BGP looking glass on OpenBSD 5.5+ after Apache removal: nginx/slowcgi setup, permissions for bgplg tools, and sample bgpd peers for v4/v6 visibility.Leaking Routes
Investigating a suspected BGP route leak involving TeraGo impacting AS paths between my networks. Traceroute analysis, AS-PATH inspection, and comparison of expected vs. leaked routes.exabgp: first lab
Building an exabgp lab to explore route injection, anycast/HA services, route servers, and DDoS mitigation scenarios using Python-based BGP automation.AS4761 April 2 2014 Prefix Origination Event
BGP prefix hijacking incident involving Indonesian ISP Indosat (AS4761) advertising multiple ISP prefixes. Analysis of Thai BGP upstream filtering failure and impact on global routing.Highly-Available, Redundant Internet Through BGP
Comparing methods for redundant internet failover: manual, dual-wan firewalls, and BGP routing. BGP provides automatic failover, simplified troubleshooting, and better control over multi-provider connectivity.BGP 101: Failover by Splitting Advertisements
BGP redundancy techniques: prepending, localpref coordination, and address splitting. Comparing methods for inbound failover with pros and cons of each approach.Starting an IXP
Experiences launching Winnipeg Internet Exchange (WpgIX). Discusses benefits of local peering, network configuration challenges, and impact of content delivery infrastructure.Building an OpenBSD BGP Looking Glass
Setting up bgplg, OpenBSD's built-in shell and CGI BGP looking glass. Includes handling ping/traceroute in chrooted environments and considerations for nginx migration.