• About

blog.alam.rocks

blog.alam.rocks

Tag Archives: bgp

BGP AS PATH Filter (Regular Expression)

05 Friday Apr 2013

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

AS PATH Filter, bgp, BGP Regular Expression, cisco

In the following scenario, CLIENT1 having AS420 is connected with AS100. CLIENT1 has the prefix of 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24. With having only prefix filter, AS100 will only allow these prefixes coming from AS420 and will configure it in AS420 BGP session. AS100 is connected with two upstream service provider AS1 & AS2. AS100 will only announce the prefixes received from AS420 (CLIENT1) to AS1 & AS2 and will do it by prefix filtering of AS1 & AS2 BGP session. 

image

CLIENT1 is also connected with AS3. CLIENT1 announce 192.0.2.0/24 via AS100 and 198.51.100.0/24, 203.0.113.0/24 via AS3. As AS1, AS2 & AS3 is connected in global internet, AS100 will get these two prefixes via AS1 or AS2 depending on the shortest path. Let say prefix 198.51.100.0/24 & 203.0.113.0/24 received via AS2. There is a chance that these prefix will be best route and will be in AS100 routing table. AS100 will announce this to it’s EBGP peer. As AS100 is only doing prefix filter, by default AS100 will announce these prefixes to AS1. Now for prefix 198.51.100.0/24 & 203.0.113.0/24 AS100 will become transit for AS1.

To overcome this situation, you need to apply AS Filter. What you need to do is having an as-path access-list having a regular expression which will only allow those prefix which has only peering AS Number in it’s AS PATH. Bellow is the regular expression:

^(420)(_420)*$

This will allow those prefixes originated from AS420 and only have AS420 in it’s AS PATH. Other prefixes (198.51.100.0/24 & 203.0.113.0/24) coming via AS3 and AS2 will be eliminated and will not be announced to AS100 upstream.

You can get the output of these regular expression with follwoing sysntex:

show ip bgp regexp ^(420)(_420)*$

Complete configuration:

ip as-path access-list 500 permit ^(420)(_420)*$
!
router bgp 100
!
address-family ipv4
neighbor xxx.xxx.xxx.xxx filter-list 500 out
neighbor yyy.yyy.yyy.yyy filter-list 500 out

BGP Looking Glass hosted in Bangladesh

17 Saturday Nov 2012

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

bangladesh, BDHUB, bgp, Looking Glass

bdHUB Limited hosted looking glass in Bangladesh which is available in following url:

http://lg.bdhub.com/cgi-bin/bgplg

Full BGP routing table fro IPv4 & IPv6 is available in this looking glass.

Youtube Hijack Saga

27 Saturday Sep 2008

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

bgp, PTA, Reading, Youtube hack

On February 24th, 2008, the Youtube routing has been hacked :-). Ya, that’s true. As Pakistan Government notify PTA (Pakistan Telecommunication Authority) to block Youtube access from Pakistan. And they announce Youtube IP Block. Defcon 16th conference describe the steps very nicely :

1. You Tube announces 5 prefixes : -A /19, /20, /22 and two /24s. The /22 is 208.65.152.0/22
2. Pakistan’s government decides to block You Tube.
3. Pakistan Telecom internally nails up a more specific route (208.65.153.0/24) out of You Tube’s /22 to nul0 (the routers discard interface)
4. Somehow redists from static —> bgp, then to PCCW
5. Upstream provider sends routes to everyone else..
6. Most of the net now goes to Pakistan for You Tube, gets nothing!
7. You Tube responds by announcing both the /24 and two more specific /25s, with partial success
8. PCCW turns off Pakistan Telecom peering two hours later
9. 3 to 5 minutes afterward, global bgp table is clean again.

Heheheh..that’s awesome. The details are in RIPE websites http://www.ripe.net/news/study-youtube-hijacking.html

So if your a transit ISP, please be careful. Please don’t be lazy to apply appropriate prefix list and as path filter.

Social

  • View rapappu’s profile on Twitter
  • View fakrulalam’s profile on LinkedIn
  • View fakrul’s profile on GitHub
  • View FakrulAlamPappu’s profile on Google+
  • View fakrulalam’s profile on Flickr

Twitter Updates

  • #sydeny #summer https://t.co/4FhMTbgG1g 1 week ago
  • RT @protocoljournal: The August 2022 issue of IPJ is ready. Head over to protocoljournal.org for your copy! https://t.co/c0dfwBQAuu 3 weeks ago
  • RT @teamcymru: Take The first step toward clarity, visibility, and reducing external asset related risks With our free Attack Surface Asses… 3 weeks ago
  • RT @akanygren: Have you been working with tech for years and want an overview of #IPv6? I've been working on an open source "Inessential I… 1 month ago
  • blog.lastpass.com/2022/11/notice… 2 months ago
  • #bdnog15 CfP is now open bdnog.org/bdnog15/cfp.php #bdnog #bangladesh #nog #networkoperatorsgroup 2 months ago
  • RT @Cloudflare: Today we’re introducing Cloudflare Radar’s route leak data and API so that anyone can get information about route leaks acr… 2 months ago
  • Battling Zimbabwe fall short as Bangladesh win in chaotic final-over finish espncricinfo.com/series/icc-men… #t20 #worldcup #bangladeh 3 months ago
  • RT @vince2_: With the team @Free_1337, we have developed a Netflow/IPFIX collector and visualizer. It is available at https://t.co/6XtpOtm9… 6 months ago
  • RT @openbsdnow: Effective Shell effective-shell.com 7 months ago
  • RT @nocontextfooty: https://t.co/PU0JeRSrbD 7 months ago
  • smallstep.com/blog/if-openss… 7 months ago
  • github.com/tldr-pages/tldr 9 months ago
  • How to properly interpret a traceroute or MTR | APNIC Blog blog.apnic.net/2022/03/28/how… 9 months ago
  • #dayandnight #Newcastle #beachlife https://t.co/LaKATcEsFY 10 months ago
Follow @rapappu

Tags

antismap antivirus automation Azure bangladesh BASH BASH Script BDCERT bgp bind ccsp centos CentOS mirror CERT CISA cisco Cyber Security ddos dhaka dhakacom DNS DNSSEC GSM intrusion detectoin system Intrusion prevention system ips IPv6 ISACA junos linux Looking Glass lxc lxc profile lxd mailqueue mailscanner Mail Server mailwatch Meraki mikrotik monitor mpls MPLS L3 VPN mysql My Work network network management nginx NSD observium OpenVPN perl PHP ping postfix Proxy PTA python RANCID Reading RPKI Shell Script sms sms server SNMP SSH Tutorial ubuntu Ubuntu Mirror Server Virtual Box vispan vmware websvn Youtube hack খামাখা

Blog at WordPress.com.

  • Follow Following
    • blog.alam.rocks
    • Join 27 other followers
    • Already have a WordPress.com account? Log in now.
    • blog.alam.rocks
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar