One Step
Saturday, November 22, 2008
Home
Contact Us
Network Architecture
design overview
network consolidation
carrier selection
network peering
carrier services
BGP
BGP Communities
BGP Community Guides
IP procurement
route filtering
Network Operation
personnel training
network documentation
network monitoring
network reporting
One Step Solutions
small business
enterprise
short term support
 

#######################################################################
#               ROUTING POLICY FOR GRNET (AS5408)                     #
#######################################################################

GRNET BGP communities:
========================

Well-defined communities:
+---------------------------------------------------------------+
| ...not much to say. Most important ones are:                  |
+---------------------------------------------------------------+
NO_EXPORT
NO_ADVERTISE

Informational Communities:
+---------------------------------------------------------------+
| These communities tag the source of the routes. They can ONLY |
| be appended by GRNET. Routes with this tag received by any    |
| peer will be rejected!                                        |
+---------------------------------------------------------------+
5408:1001       Routes received from GEANT
5408:1002       Routes received from AIX
5408:1003       Routes received from GRNET Customers
5408:1004       Routes received from SEEREN

Routing Manipulation:
+---------------------------------------------------------------+
| This set of communities are available to all GRNET clients    |
| (including SEEREN) in order to allow them to manipulate their |
| routing:                                                      |
|                                                               |
| Primary/Backup Link selection: The customers can indicate     |
| their primary or backup link by tagging the routes with       |
| communities 5408:120 and 5408:110 respectively. Customers     |
| that are single-homed to GRNET MAY omit 5408:120 on their     |
| primary link. However, multi-homed customers (to GRNET and to |
| a third upstream) MUST use both communities.                  |
|                                                               |
| Prepending: GRNET clients can request prepending of AS5408 on |
| their AS PATH upon receval of the routes or before announcing |
| to AIX.                                                       |
|                                                               |
| Announcement Control: GRNET & SEEREN customers can prevent    |
| their routes from being announced to GEANT and AIX by tagging |
| them with the appropriate community.                          |
+---------------------------------------------------------------+
5408:120        Primary Link (Higher Local Preference)
5408:110        Backup Link (Lower Local Preference)
5408:2005       Prepend 5 times
5408:3003       Prepend 3 times when announcing to AIX
5408:3005       Prepend 5 times when announcing to AIX
5408:4001       Don't announce to AIX
5408:4005       Don't announce to GEANT

BlackHole, Rate-Limiting and other tools:
+---------------------------------------------------------------+
| This set of communities are available to all GRNET clients    |
| (including SEEREN). Blackhole community can be used to absorb |
| an attack to a specific host. Rate-limiting and TCP-SYN       |
| rate-limiting can be used to restrict at attack to a small,   |
| tolerable rate (the value may vary depending on GRNET         |
| equipment, typical values are 1 Mbps and 8 kbps respectively. |
| LBE can be used to give Less than Best Effort treatment to    |
| traffic destined towards a misbehaving (usually consuming too |
| much bandwidth) host.                                         |
| IMPORTANT: These communities can only be used in combination  |
| with "no-export", and can only be applied to /32 routes!!!    |
+---------------------------------------------------------------+
5480:666, no-export     Blackhole traffic TOWARDS this route
(/32 only)
5480:667, no-export     Rate-Limit traffic TOWARDS this route
(/32 only)
5480:668, no-export     Rate-Limit TCP-SYN traffic TOWARDS this
route (/32 only)
5480:7666, no-export    Less then Best Effort (LBE) to traffic
TOWARDS this route (/32 only)

GRNET internal:
+---------------------------------------------------------------+
| These routes are intended for use only by specific GRNET      |
| projects. They are not public and they MUST not be used by    |
| non-intended Autonomous Systems.                              |
+---------------------------------------------------------------+
5480:350-399            Reserved for QoS-QPPB via anstool
(anstool.grnet.gr). No-export may be
necessary for non-aggregated space
(see above).
5480:555, no-advertise  RTS-QOS (Teleteaching) (/32 only)



LOCAL PREFERENCES IN GRNET:
=============================

LocalPref 150:  - AS112 anycast service, undependably of the
peering from where it is received. In this
manner, the closest source is selected.

LocalPref 120:  - GRNET Customers (Default, or with 5408:120)
- Special Customers (KROOT, SYZEYXIS, IME,...)
- Multihomed GRNET/SEEREN customer routes
received from AIX/SEEREN/GEANT whith 5408:120
- Locally Generated GRNET Aggregates

LocalPref 110:  - GRNET Customers with 5408:110
- Statically routed GRNET customers
(redistributed into BGP)

LocalPref 105:  - AIX routes (not including multihomed GRNET
routes with 5408:120)
- SEEREN routes (without 5408:120 or 5408:110)

LocalPref 100:  - GEANT (MED=0 Primary, MED=20 Secondary)
- RTSQoS Project

LocalPref 80:   - Multihomed SEEREN customers routes received
from SEEREN with 5408:110

######################################################################



=======================================================================
iBGP (AS5408)
----------------------------------------------------------------------
PEER DESCRIPTION:
Full-mesh iBGP peerings.
Import Policy: Blackhole routes tagged with 6408:666
Export Policy: Advertize all routes (FIRT)
======================================================================



=======================================================================
GEANT (AS20965)
----------------------------------------------------------------------
PEER DESCRIPTION:
GEANT is the Internet Upstream for GRNET
Import Policy: Accept all routes,
Set Local Preference 100 for primary, 90 for backup
Higher Local Preference for routes of multihomed
clients tagged with 5408:120
Export Policy: Announce all GRNET routes except from those tagged
with 5408:4005 (don't-announce-to-geant) and
aix routes (5408:1002).
=======================================================================



=======================================================================
GRIX & AIX Peers
----------------------------------------------------------------------
PEER DESCRIPTION:
These are the GRIX & AIX Peers of GRNET
Import Policy: Reject routes tagged with special communities
(5408:1001,5408:1003,5408:1004)
Accept all other routes that
(a) have the appropriate AS path and
(b) originate from the peer (or behind it)
For these, and according to the received communities:
(i)  Set the appropriate local preference
(ii) Prepend, if neccessary (5408:3003/5408:3005)
Routes of AIX clients which are also multihomed to
GRENT may receive elevated Local Preference, if they
are tagged with 5408:120.
--> AIX HAS A WORSE MED (20) <--
Export Policy: Announce all GRNET clients except from those
tagged with don't-announce-to-aix (5408:4001). Also
double check that AIX (5408:1002) & GEANT (5408:1001)
routes are not announced.
NOTE: SEEREN *is* announced to AIX.
=======================================================================



=======================================================================
GRNET Clients
----------------------------------------------------------------------
PEER DESCRIPTION:
These are the normal GRNET clients (Universities, Research orgs, etc)
Import Policy: Reject routes tagged with special communities
(5408:1001,5408:1002,5408:1004)
Accept all other routes that
(a) have the appropriate AS path and
(b) originate from the client (or behind it)
For these, and according to the received communities:
(i)   Blackhole routes tagged with 6408:666
(cannot be described in RPSL, but it is implemented)
(ii)  Set the appropriate local preference
(iii) Prepend, if neccessary (5408:3003/5408:3005)
         Fragments of the RIPE route objects are only accepted
within GRNET (NO_EXPORT)
Local Preference (on backup links) can be lowered by
using the appropriate community (5408:110).
Export Policy: Announce:
(a) either all routes (FIRT)
(b) or a partial routing table, consiting of GRNET
normal and special clients.
=======================================================================



=======================================================================
SEEREN Network
----------------------------------------------------------------------
PEER DESCRIPTION:
SEEREN is the South-East European Research & Education Netowork
It connects various NRENs in the Balcans. GRNET is the primary
upstream of this network, ISTF is the backup upstream.
Import Policy: Reject routes tagged with special communities
(5408:1001,5408:1002,5408:1003).
Accept all SEEREN routes (including ISTF).
Elevate the local preference in order to prefer these
routes, from those received through GEANT
Export Policy: Announce Full Internet Routing Table
=======================================================================



=======================================================================
K-ROOT mirror @ AIX
----------------------------------------------------------------------
PEER DESCRIPTION:
K-ROOT mirror @ AIX. Accept K-Root routes, announce default route
=======================================================================



=======================================================================
AS112 Project @ GRNET
----------------------------------------------------------------------
PEER DESCRIPTION:
AS112 Project. Announce nothing; Elavate Local Pref for AS112 route.
=======================================================================



=======================================================================
SYZEYXIS
----------------------------------------------------------------------
PEER DESCRIPTION:
SYZEYXIS. announce GRNET routes, route within GRNET *only*.
=======================================================================



=======================================================================
AKAMAI
----------------------------------------------------------------------
PEER DESCRIPTION:
SYZEYXIS. Accept no routes. Announce GRNET customers and SEEREN.
=======================================================================



=======================================================================
IME
----------------------------------------------------------------------
PEER DESCRIPTION:
IME. announce GRNET routes, route within GRNET *only*.
=======================================================================



=======================================================================
GRNET RTS QOS Project (AS65500)
----------------------------------------------------------------------
PEER DESCRIPTION:
RTS-QoS Project.
Accept all grnet /32 routes with '5408:555 no-advertise' community
Announce nothing.
=======================================================================


#######################################################################
#               END OF ROUTING POLICY FOR GRNET                       #
#######################################################################

--------------------------------------
For complains about abuse, spam etc:
--------------------------------------


The above information was collected from whois.ripe.net, using
object "AS5408" on November 15, 2008
Copyright - One Step Consulting Inc., © 2003-2008 All rights reserved.
One Step Consulting and the One Step design are trademarks of One Step Consulting, Inc.
All other registered trademarks and copyrights are of their respective owners.