Главная Обзор Помощь
Вход
mark22k
/
dn42-wiki
зеркало из https://codeberg.org/mark22k/dn42-wiki.git
Следить 1
В избранное 0
Ответвить 0
Файлы Обсуждения 0 Вики
Ветка: pages
Ветки Метки
dn42-wiki
/
services
/
IXP-frnte.html

IXP-frnte.html 15 KB
Постоянная ссылка История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277 
  1. <!DOCTYPE html>
    2. 

  2. <html lang="en">
    3. 

  3.     <head>
    4. 

  4. <meta charset="UTF-8">
    5. 

  5. 

  6. 

  7. 

  8. <title>The IXP frnte | dn42 wiki</title>
    9. 

  9. 

  10. <meta name="viewport" content="width=device-width, initial-scale=1.0">
    11. 

  11. <meta name="robots" content="index, follow">
    12. 

  12. <meta name="keywords" content="dn42,wiki,routing,bgp">
    13. 

  13. 

  14. <link rel="canonical" href="https://dn42.obl.ong/services/IXP-frnte.html">
    15. 

  15. <link rel="icon" type="image/x-icon" href="/favicon.ico">
    16. 

  16. <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">
    17. 

  17. 

  18. <link rel="author" type="text/html" href="/docs/people">
    19. 

  19. 

  20. <link rel="stylesheet" href="/css/normalize.css">
    21. 

  21. <link rel="stylesheet" href="/css/simple.min.css">
    22. 

  22. <link rel="stylesheet" href="/css/style.css">
    23. 

  23. <link rel="stylesheet" href="/css/menu.css">
    24. 

  24. 

  25. 

  26. </head>
    27. 

  27.     
    28. 

  28.     <body>
    29. 

  29. 

  30.         <header>
    31. 

  31. 

  32. 

  33. <b>dn42 wiki / The IXP frnte</b>
    34. 

  34. 

  35. <div id="dn42_header">
    36. 

  36.     
    37. 

  37.     <p><a href="/"><img src="/dn42.png" alt="dn42" /></a></p>
    38. 

  38. 

  39. </div>
    40. 

  40. </header>
    41. 

  41. 

  42.         <main>
    43. 

  43.             <h1 id="the-ixp-frnte">The IXP frnte</h1>
    44. 

  44. 

  45. <p>An IXP is a collection point for Internet providers. This can be physical or virtual. In a physical IXP, several Internet providers place servers in a data center and connect them to each other.</p>
    46. 

  46. 

  47. <p>In a virtual IXP, the servers are not “real”. They are not physically connected with cables, but for example via a VPN.</p>
    48. 

  48. 

  49. <p>In dn42 almost all connections are virtual. One builds on the Internet and creates virtual links between the single nodes. In IXP frnte, all providers have virtual machines, which are connected to each other. Due to the large number of providers in IXP, it is possible to reach them easily and with low latency. However, the large number also leads to the fact that no direct peerings are established within an IXP, instead route servers are used. This receives and coordinates all routes of the providers and sends out appropriate routes. This way, many indirect peerings can be established.</p>
    50. 

  50. 

  51. <h2 id="current-participants">Current participants</h2>
    52. 

  52. 

  53. <table>
    54. 

  54.   <thead>
    55. 

  55.     <tr>
    56. 

  56.       <th>Name</th>
    57. 

  57.       <th>AS</th>
    58. 

  58.       <th>Route server</th>
    59. 

  59.       <th>IRC</th>
    60. 

  60.     </tr>
    61. 

  61.   </thead>
    62. 

  62.   <tbody>
    63. 

  63.     <tr>
    64. 

  64.       <td>Bandura’s network</td>
    65. 

  65.       <td>4242422923</td>
    66. 

  66.       <td>4242421081</td>
    67. 

  67.       <td>mark22k</td>
    68. 

  68.     </tr>
    69. 

  69.   </tbody>
    70. 

  70. </table>
    71. 

  71. 

  72. <h2 id="history-and-origin">History and origin</h2>
    73. 

  73. 

  74. <p>In dn42 and in the Anonet there was the UCIS IXP for a long time. However, this is no longer actively operated.</p>
    75. 

  75. 

  76. <p>Members of the LGP Corp have now created a new IXP in dn42. This is the IXP frnte. It is located in France near Nantes and has two separate internet connections. This article describes how to enter the IXP and set up peering with the current route server.</p>
    77. 

  77. 

  78. <h2 id="join-the-ixp">Join the IXP</h2>
    79. 

  79. 

  80. <h3 id="1-request-the-infrastructure">1. Request the infrastructure</h3>
    81. 

  81. 

  82. <p>LGP Corp provides virtual machines free of charge to any AS operator or anyone who wants to experiment with networks. There are no costs! The VM’s can be configured and linked together as desired. The VM’s can be connected to each other via a VLAN. Furthermore, an internet connection is available with two ISPs, depending on your choice. The virtual machine gets a public IPv6 and if necessary IPv4 over NAT to be able to access important resources like GitHub.<br />
    83. 

  83. It is best to create a diagram of your network and send it to the LGP Corp.<br />
    84. 

  84. The LGP Corp or the responsible admin for the IXP can be reached in <strong>IRC</strong> on hackint.org under <strong>toinux</strong>. Send the diagram to them and discuss further details.<br />
    85. 

  85. Furthermore, all virtual machines are put into a common VLAN. This causes that one can reach all providers at the IXP without problems.</p>
    86. 

  86. 

  87. <h3 id="2-proxmox-login-and-vm-setup">2. Proxmox Login and VM Setup</h3>
    88. 

  88. 

  89. <p>After that you will receive your access data for the Proxmox portal from the LGP Corp. Under which you can set up your VM’s. The portal can be reached under <a href="https://pve.home.lgp-corp.fr/"><strong>https://pve.home.lgp-corp.fr/</strong></a>. Select “Proxmox VE authentication server” as “Realm”. It also offers a VNC monitor to work directly on the server. For the setup under SSH an IPv6 connectivity to the internet is required. If you only have an IPv4, you can get an IPv6 for free from Hurricane Electric at <a href="https://tunnelbroker.net/">https://tunnelbroker.net/</a>.</p>
    90. 

  90. 

  91. <h3 id="3-configure-vlan">3. Configure VLAN</h3>
    92. 

  92. 

  93. <p>An internal IPv6 Range has been requested for the IXP: <code class="language-plaintext highlighter-rouge">fde0:93fa:7a0:2::/64</code> (<a href="https://explorer.dn42.dev/#/inet6num/fde0:93fa:7a0:2::_64">fde0:93fa:7a0:2::/64 on explorer</a>)</p>
    94. 

  94. 

  95. <p>The following is the assignment policy:<br />
    96. 

  96. <code class="language-plaintext highlighter-rouge">fde0:93fa:7a0:2:0:&lt;asn32|high16|hex&gt;:&lt;asn32|low16|hex&gt;:1/64</code><br />
    97. 

  97. For example, if you have the ASN 4242421080, you get the range <code class="language-plaintext highlighter-rouge">fde0:93fa:7a0:2:0:fcde:3558:1/64</code><br />
    98. 

  98. It should be noted that only the last block may be changed. So you get a practical IPv6 range of <code class="language-plaintext highlighter-rouge">fde0:93fa:7a0:2:0:fcde:3558:/112</code>.<br />
    99. 

  99. A Ruby script to calculate the IPv6 can be found on <a href="https://gist.github.com/marek22k/494cf9c4d269867f23f2c3577e1780ef">ixp_frnte_dn42_prefix.rb on GitHub Gist</a>.</p>
    100. 

  100. 

  101. <p>An example configuration for Debian based Linux distributions would be:</p>
    102. 

  102. 

  103. <div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>iface ensXX inet6 static
    104. 

  104.     address fde0:93fa:7a0:2:0:fcde:3558:1/64
    105. 

  105. </code></pre></div></div>
    106. 

  106. 

  107. <p>Here <code class="language-plaintext highlighter-rouge">ensXX</code> is the dn42 VLAN interface. This can be determined by comparing the MAC address of the interface with the MAC address of the dn42 VLAN in Proxmox. The MAC address can be determined on Linux with <code class="language-plaintext highlighter-rouge">ip l</code>:</p>
    108. 

  108. 

  109. <div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ensXX: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu
    110. 

  110.     1500 qdisc pfifo_fast state UP mode DEFAULT group
    111. 

  111.     default qlen 1000
    112. 

  112.     <span class="nb">link</span>/ether MAC brd ff:ff:ff:ff:ff:ff
    113. 

  113. </code></pre></div></div>
    114. 

  114. 

  115. <p><code class="language-plaintext highlighter-rouge">MAC</code> would be the MAC address. After that you can activate the interface with ifup or a reboot of the VM.<br />
    116. 

  116. Of course there are other configuration possibilities. This is only an example for Debian-based Linux distributions.</p>
    117. 

  117. 

  118. <h3 id="4-connect-to-the-route-server">4. Connect to the Route Server</h3>
    119. 

  119. 

  120. <p>There can be several Route Servers (RS) on one IXP. However, on the IXP frnte there is currently only one, which is operated by jlu5 (operator of the highdef network).
    121. 

  121. IPv6: fde0:93fa:7a0:2:0:fcde:3559:1
    122. 

  122. ASN: 4242421081</p>
    123. 

  123. 

  124. <p>You can now enter this configuration into your routing daemon and it will connect to the RS. You should keep in mind that the RS itself does not forward any traffic, but is only responsible for the coordination. Therefore the AS path must not necessarily start with the AS of the RS.</p>
    125. 

  125. 

  126. <p>An example configuration for bird2 would be the following:</p>
    127. 

  127. 

  128. <div class="language-conf highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">protocol</span> <span class="n">bgp</span> <span class="n">ixp_rs</span> <span class="n">from</span> <span class="n">dnpeers</span> {
    129. 

  129.     <span class="n">neighbor</span> <span class="n">fde0</span>:<span class="m">93</span><span class="n">fa</span>:<span class="m">7</span><span class="n">a0</span>:<span class="m">2</span>:<span class="m">0</span>:<span class="n">fcde</span>:<span class="m">3559</span>:<span class="m">1</span> <span class="n">as</span> <span class="m">4242421081</span>;
    130. 

  130.     
    131. 

  131.     <span class="n">enable</span> <span class="n">extended</span> <span class="n">messages</span> <span class="n">on</span>;
    132. 

  132.     <span class="n">direct</span>;
    133. 

  133.     <span class="n">enforce</span> <span class="n">first</span> <span class="n">as</span> <span class="n">off</span>;
    134. 

  134.     
    135. 

  135.     <span class="n">ipv4</span> {
    136. 

  136.     	<span class="n">extended</span> <span class="n">next</span> <span class="n">hop</span>;
    137. 

  137.     };
    138. 

  138. }
    139. 

  139. </code></pre></div></div>
    140. 

  140. 

  141. <p><strong>What does this configuration do?</strong></p>
    142. 

  142. 

  143. <p>First we create a new BGP session (<code class="language-plaintext highlighter-rouge">protocol bgp</code>). This is based on the dnpeers template which can be found in the standard Bird2 configuration in the <a href="/howto/Bird2">wiki</a>. We name this session “ixp_rs”. However, this is only an internal name and can be replaced with another one.</p>
    144. 

  144. 

  145. <p>After that we determine with whom we want to have the session. This would be the RS. Therefore we put IPv6 address and ASN there.</p>
    146. 

  146. 

  147. <p>Furthermore, we allow larger BGP messages. Thus, instead of 4096 bytes, a whole 65535 bytes are transmitted in one message. This is especially useful because an RS has to announce a lot of routes.</p>
    148. 

  148. 

  149. <p>With <code class="language-plaintext highlighter-rouge">direct</code> we indicate that the RS is directly connected to our server and no routing via third parties has to be performed. In our case, the RS is connected to us via the dn42 VLAN.</p>
    150. 

  150. 

  151. <p>The next line has the effect that the ASN of the RS does not necessarily have to be the next hop for routing. This is important because we do not route the traffic via the RS, but via the respective peers. These have an ASN that differs from the ASN of the RS.</p>
    152. 

  152. 

  153. <p>Since the dn42 VLAN <em>only</em> supports IPv6, any IPv4 traffic must also go over IPv6. If you do not have or do not want to use IPv4, you can ignore this part of the configuration.</p>
    154. 

  154. 

  155. <p>Finally we save the bird2 configuration and load the new configuration with <code class="language-plaintext highlighter-rouge">birdc configure</code>.</p>
    156. 

  156. 

  157. <h3 id="5-check-if-it-works">5. Check if it works</h3>
    158. 

  158. 

  159. <p>There are now a few things to check:<br />
    160. 

  160. Once you can see if the BGP session is esablished. In Bird you can do this with <code class="language-plaintext highlighter-rouge">birdc show protocols all ixp_rs</code>.<br />
    161. 

  161. Furthermore, you can display different routes (in case of bird with <code class="language-plaintext highlighter-rouge">birdc show route for [ip address]</code>) or perform a traceroute.<br />
    162. 

  162. One can also try to ping the IP of some at the IXP. From the latency you can also see if everything is working:</p>
    163. 

  163. 

  164. <ul>
    165. 

  165.   <li>Bandura’s pingable:
    166. 

  166.     <ul>
    167. 

  167.       <li><code class="language-plaintext highlighter-rouge">172.22.149.224</code></li>
    168. 

  168.       <li><code class="language-plaintext highlighter-rouge">fd04:234e:fc31::</code></li>
    169. 

  169.     </ul>
    170. 

  170.   </li>
    171. 

  171. </ul>
    172. 

  172. 

  173. 

  174. 

  175.             <div id="menu-container" class="menu-container">
    176. 

  176.                 <hr>
    177. 

  177.                 <div id="menu" class="menu">
    178. 

  178.                     
    179. 

  179.                     <ul>
    180. 

  180.   <li><a href="/Home">Home</a>
    181. 

  181.     <ul>
    182. 

  182.       <li><a href="/howto/Getting-Started">Getting Started</a></li>
    183. 

  183.       <li><a href="/howto/Registry-Authentication">Registry Authentication</a></li>
    184. 

  184.       <li><a href="/howto/Address-Space">Address Space</a></li>
    185. 

  185.       <li><a href="/howto/BGP-communities">BGP communities</a></li>
    186. 

  186.       <li><a href="/FAQ">FAQ</a></li>
    187. 

  187.     </ul>
    188. 

  188.   </li>
    189. 

  189.   <li>How-To
    190. 

  190.     <ul>
    191. 

  191.       <li><a href="/howto/wireguard">Wireguard</a></li>
    192. 

  192.       <li><a href="/howto/openvpn">Openvpn</a></li>
    193. 

  193.       <li><a href="/howto/IPsec-with-PublicKeys">IPsec With Public Keys</a></li>
    194. 

  194.       <li><a href="/howto/tinc">Tinc</a></li>
    195. 

  195.       <li><a href="/howto/GRE-on-FreeBSD">GRE on FreeBSD</a></li>
    196. 

  196.       <li><a href="/howto/GRE-on-OpenBSD">GRE on OpenBSD</a></li>
    197. 

  197.       <li><a href="/howto/IPv6-Multicast">IPv6 Multicast (PIM-SM)</a></li>
    198. 

  198.       <li><a href="/howto/multicast">SSM Multicast</a></li>
    199. 

  199.       <li><a href="/howto/mpls">MPLS</a></li>
    200. 

  200.       <li><a href="/howto/Bird2">Bird2</a></li>
    201. 

  201.       <li><a href="/howto/frr">FRRouting</a></li>
    202. 

  202.       <li><a href="/howto/OpenBGPD">OpenBGPD</a></li>
    203. 

  203.       <li><a href="/howto/mikrotik">Mikrotik RouterOS</a></li>
    204. 

  204.       <li><a href="/howto/EdgeOS-Config">EdgeRouter</a></li>
    205. 

  205.       <li><a href="/howto/Static-routes-on-Windows">Static routes on Windows</a></li>
    206. 

  206.       <li><a href="/howto/networksettings">Universal Network Requirements</a></li>
    207. 

  207.       <li><a href="/howto/vyos1.4.x">VyOS</a></li>
    208. 

  208.       <li><a href="/howto/nixos">NixOS</a></li>
    209. 

  209.     </ul>
    210. 

  210.   </li>
    211. 

  211.   <li>Services
    212. 

  212.     <ul>
    213. 

  213.       <li><a href="/services/IRC">IRC</a></li>
    214. 

  214.       <li><a href="/services/Whois">Whois registry</a></li>
    215. 

  215.       <li><a href="/services/DNS">DNS</a></li>
    216. 

  216.       <li><a href="/services/IX-Collection">IX Collection</a></li>
    217. 

  217.       <li><a href="/services/Clearnet-Domains">Public DNS</a></li>
    218. 

  218.       <li><a href="/services/Looking-Glasses">Looking Glasses</a></li>
    219. 

  219.       <li><a href="/services/Automatic-Peering">Automatic Peering</a></li>
    220. 

  220.       <li><a href="/services/Repository-Mirrors">Repository Mirrors</a></li>
    221. 

  221.       <li><a href="/services/Distributed-Wiki">Distributed Wiki</a></li>
    222. 

  222.       <li><a href="/services/Certificate-Authority">Certificate Authority</a></li>
    223. 

  223.       <li><a href="/services/Route-Collector">Route Collector</a></li>
    224. 

  224.     </ul>
    225. 

  225.   </li>
    226. 

  226.   <li>Internal
    227. 

  227.     <ul>
    228. 

  228.       <li><a href="/internal/Internal-Services">Internal services</a></li>
    229. 

  229.       <li><a href="/internal/Interconnections">Interconnections</a></li>
    230. 

  230.       <li><a href="/internal/APIs">APIs</a></li>
    231. 

  231.       <li><a href="/internal/ShowAndTell">Show and Tell</a></li>
    232. 

  232.       <li><a href="/internal/Historical-Services">Historical services</a></li>
    233. 

  233.     </ul>
    234. 

  234.   </li>
    235. 

  235.   <li>Historical
    236. 

  236.     <ul>
    237. 

  237.       <li><a href="/historical/Bird">Bird 1</a></li>
    238. 

  238.       <li><a href="/historical/Quagga">Quagga</a></li>
    239. 

  239.     </ul>
    240. 

  240.   </li>
    241. 

  241.   <li>External Tools
    242. 

  242.     <ul>
    243. 

  243.       <li><a href="https://paste.dn42.us">Paste Board</a></li>
    244. 

  244.       <li><a href="https://git.dn42.dev">Git Repositories</a></li>
    245. 

  245.     </ul>
    246. 

  246.   </li>
    247. 

  247. </ul>
    248. 

  248. 

  249. <hr />
    250. 

  250. 

  251. 

  252.                 </div>
    253. 

  253.             </div>
    254. 

  254.         </main>
    255. 

  255.         
    256. 

  256.         <footer><div class="center">
    257. 

  257.     <div id="dn42_footer">
    258. 

  258.         
    259. 

  259.         <table>
    260. 

  260.   <tbody>
    261. 

  261.     <tr>
    262. 

  262.       <td>Hosted by: <a href="mailto:dn42@burble.com">BURBLE-MNT</a>, <a href="mailto:nurtic-vibe@grmml.net">GRMML-MNT</a>, <a href="mailto:xuu@dn42.us">XUU-MNT</a>, <a href="mailto:janeric@ortgies.it">JAN-MNT</a>, <a href="mailto:lare@lare.cc">LARE-MNT</a>, <a href="mailto:danny@saru.moe">SARU-MNT</a>, <a href="mailto:androw95220@gmail.com">ANDROW-MNT</a>, <a href="mailto:dn42@mk16.de">MARK22K-MNT</a></td>
    263. 

  263.       <td>Accessible via: <a href="https://wiki.dn42">dn42</a>, <a href="https://dn42.dev/">dn42.dev</a>, <a href="https://dn42.eu/">dn42.eu</a>, <a href="https://wiki.dn42.us/">wiki.dn42.us</a>, <a href="https://dn42.de/">dn42.de</a> (IPv6-only), <a href="https://dn42.cc/">dn42.cc</a> (wiki-ng), <a href="https://dn42.wiki/">dn42.wiki</a>, <a href="https://dn42.pp.ua/">dn42.pp.ua</a>, <a href="https://dn42.obl.ong/">dn42.obl.ong</a></td>
    264. 

  264.     </tr>
    265. 

  265.   </tbody>
    266. 

  266. </table>
    267. 

  267. 

  268.     </div>
    269. 

  269. </div>
    270. 

  270. </footer>
    271. 

  271. 

  272.         
    273. 

  273. 

  274.     </body>
    275. 

  275. 

  276. </html>
    277. 

  277.