Route Server Automation and ROV Nick Pratley nick@ix.asn.au Life Under Lockdown: how to stop heists, hijacks, and hostages
Timeline When Metrics and Reporting to Members NOW 17 th – 18 th August RS1 Upgrades 24th – 25 th August RS2 Upgrades 1 st September Route Server Automation (yes, including daily AS-SET updates) 1 st September Drop Invalid Routes
Metrics and Reporting • What are we going to drop when we enable ROV? • No RPKI support on current software, no easy & fast way to get and validate rib • Emails to members with invalid routes, do you know about them, can we help? Hopefully after tonight everyone is just going to go and do it? ;-) • Hacked some python scripts: • SSH to route servers & get rib: “ ssh - c ’ sudo birdc show route table master’ rs1.*. ix.asn.au ” • Validate routes using Cloudflare's rpki.json (https://rpki.cloudflare.com/rpki.json) with a Radix tree in python for searches • Export data to influxdb as a telegraf input running hourly • Graph with Grafana • https://metrics.ix.asn.au/d/58WdNHGMk/ix-rpki
So – what will we drop? AS10AS10214 10214 121.200.32.0/24 AS23838 23838 2401:f000:32:86::/64 AS3356 132199 180.191.194.0/23 AS10214 10214 121.200.33.0/24 AS23838 23838 2401:f000:32:87::/64 AS3356 132199 180.191.196.0/22 AS132405 132405 2001:df0:2c7:100::/64 AS23838 23838 2401:f000:32:92::/64 AS3356 132199 180.191.224.0/23 AS132405 132405 2001:df0:2c7:1::/64 AS23838 23838 2401:f000:32:99::/64 AS3356 132199 180.191.227.0/24 AS132405 132405 2001:df0:2c7:200::/64 AS23838 23838 2401:f000:32:c000::1/128 AS3356 132199 180.191.228.0/22 AS132405 132405 2001:df0:2c7:3001::/64 AS23838 23838 2401:f000:32:c000::2/128 AS3356 132199 180.191.232.0/22 AS132405 132405 43.250.92.0/24 AS23838 23838 2401:f000:32:c000::/64 AS3356 132199 180.191.236.0/22 AS132405 132405 43.250.93.0/24 AS23838 23838 2401:f000:32:c001::105/128 AS3356 132199 180.191.240.0/21 AS132405 132405 43.250.94.0/24 AS23838 23838 2401:f000:32:c001::11/128 AS3356 132199 180.191.248.0/22 AS132405 132405 43.250.95.0/24 AS23838 23838 2401:f000:32:c002::2/128 AS3356 132199 180.191.252.0/22 AS13335 13335 103.21.244.0/24 AS23838 23838 2401:f000:32:c002::3/128 AS3356 132199 180.191.32.0/22 AS13335 13335 2606:4700:7000::/48 AS23838 23838 2401:f000:32:c003::1/128 AS3356 132199 180.191.36.0/22 AS134090 134090 103.106.90.0/24 AS23838 23838 2401:f000:32:c005::/64 AS3356 132199 180.191.40.0/22 AS134090 134090 103.106.91.0/24 AS23838 23838 2401:f000:5:1::/64 AS3356 132199 180.191.44.0/22 AS134090 59256 2401:9cc0:200::/48 AS23838 23838 2401:f000:5::/64 AS3356 132199 180.191.48.0/24 AS134090 59256 2401:9cc0:300::/48 AS23838 23838 2402:1c00:0:1::/64 AS3356 132199 180.191.49.0/24 AS135513 17741 114.31.103.0/24 AS23838 23838 2402:1c00:1000:1::/64 AS3356 132199 180.191.50.0/23 AS136001 136001 202.179.134.0/24 AS23838 23838 2402:1c00:10::/126 AS3356 132199 180.191.52.0/22 AS139609 45891 202.1.160.0/20 AS23838 23838 2402:1c00:2000:1001::/64 AS3356 132199 180.191.58.0/23 AS139609 45891 202.1.176.0/20 AS23838 23838 2402:1c00::/64 AS3356 132199 180.191.60.0/22 AS23838 23838 116.90.135.0/24 AS23838 23838 2402:1c00:dead:beef::/64 AS3356 132199 222.127.196.0/24 AS23838 23838 2401:f000:2:200::/56 AS23838 23838 2402:1c00:fffe::/127 AS3356 138197 103.126.150.0/24 AS23838 23838 2401:f000:2::/56 AS23838 23838 2402:1c00:fffe::4/127 AS3356 18190 120.28.15.0/24 AS23838 23838 2401:f000:32:101::/64 AS23838 23838 2402:1c00:ffff:ffff:ffff:ffff:0:a0/124 AS3356 27281 2620:116:800e::/48 AS23838 23838 2401:f000:32:103::/64 AS23838 23838 2402:1c00:ffff:ffff:ffff:ffff:0:c0/124 AS3356 45731 103.20.190.0/24 AS23838 23838 2401:f000:32:13::/64 AS23838 23838 2402:1c00:ffff:ffff:ffff:ffff:0:c2/127 AS36351 36351 185.147.58.0/24 AS23838 23838 2401:f000:32:16::/64 AS23838 23838 2402:1c00:ffff:ffff:ffff:ffff:0:c6/127 AS36351 36351 185.147.59.0/24 AS23838 23838 2401:f000:32:18::/64 AS23838 23838 2402:1c00:ffff:ffff:ffff:ffff:0:d0/124 AS36351 7489 27.100.39.0/24 AS23838 23838 2401:f000:32:2::/64 AS23838 23838 2402:1c00:ffff:ffff:ffff:ffff:0:e0/124 AS38195 134409 2407:c280:ffff::/48 AS23838 23838 2401:f000:32:27::/64 AS23838 23838 2402:1c00:ffff:ffff:ffff:ffff:0:f0/127 AS38220 38220 2403:cc00:4000::/36 AS23838 23838 2401:f000:32:28::/64 AS23838 23838 2402:1c00:ffff:ffff:ffff:ffff:0:f2/127 AS38561 38561 2402:f00::/32 AS23838 23838 2401:f000:32:29::/64 AS3356 132199 120.28.146.0/24 AS45177 38220 2403:cc00:4000::/36 AS23838 23838 2401:f000:32:37::/64 AS3356 132199 120.28.165.0/24 AS45177 45177 150.107.32.0/23 AS23838 23838 2401:f000:32:4::/64 AS3356 132199 120.28.252.0/22 AS45177 45177 150.107.34.0/23 AS23838 23838 2401:f000:32:5::/64 AS3356 132199 180.190.84.0/24 AS45280 45280 2402:7e00:0:102::/64 AS23838 23838 2401:f000:32:6::/64 AS3356 132199 180.191.192.0/23 AS45280 45280 2402:7e00:10:100::/56
So – what will we drop? AS4826 10214 121.200.32.0/24 AS9790 56304 2400:3d80:2000:200::/56 AS9790 56304 2400:6900:2000:f00::/56 AS4826 10214 121.200.33.0/24 AS9790 56304 2400:3d80:2000:400::/56 AS9790 56304 2400:6900:2030:9::/64 AS4826 133075 2407:f100:4::/48 AS9790 56304 2400:6900:1030:200::/56 AS9790 56304 2400:6900:2030:e::/64 AS4826 13335 2606:4700:7000::/48 AS9790 56304 2400:6900:1030:3::/64 AS9790 56304 2400:6900:2:2::/64 AS4826 17918 122.252.150.0/24 AS9790 56304 2400:6900:1030:462::/64 AS9790 56304 2400:6900:2:3::/64 AS4826 17918 122.252.151.0/24 AS9790 56304 2400:6900:1030:464::/64 AS9790 56304 2400:6900:2::/64 AS4826 56030 45.118.190.0/24 AS9790 56304 2400:6900:1030:500::/56 AS9790 56304 2400:6900:2:ff00::/64 AS4826 56068 131.203.76.0/23 AS9790 56304 2400:6900:1030:5::/64 AS9790 56304 2400:6900:3010:200::/56 AS4826 56304 131.203.63.0/24 AS9790 56304 2400:6900:1030:600::/64 AS9790 56304 2400:6900:3010:4::/64 AS4826 59256 2401:9cc0:200::/48 AS9790 56304 2400:6900:1030:6::/64 AS9790 56304 2400:6900:ffff:100::/56 AS4826 59256 2401:9cc0:300::/48 AS9790 56304 2400:6900:1030:700::/56 AS9790 56304 2400:6900:ffff:10::/60 AS4826 9503 2402:6000:106::/48 AS9790 56304 2400:6900:1030:e00::/56 AS9790 56304 2400:6900:ffff:1::/64 AS4826 9503 2402:6000:109::/48 AS9790 56304 2400:6900:2000:1000::/56 AS9790 56304 2400:6900:ffff:200::/56 AS4826 9503 2402:6000:10d::/48 AS9790 56304 2400:6900:2000:1200::/56 AS9790 56304 2400:6900:ffff:2::/64 AS4826 9503 2402:6000:10e::/48 AS9790 56304 2400:6900:2000:1500::/56 AS9790 56304 2400:6900:ffff:3::/64 AS4826 9503 2402:6000:201::/48 AS9790 56304 2400:6900:2000:1800::/56 AS9790 56304 2400:6900:ffff:a::/64 AS4826 9503 2402:6000:202::/48 AS9790 56304 2400:6900:2000:1900::/56 AS9790 56304 2400:6900:ffff:b::/64 AS4826 9790 2404:4400:1000::/36 AS9790 56304 2400:6900:2000:1b00::/56 AS9790 56304 2400:6900:ffff:f300::/56 AS4826 9790 2404:4400:2000::/36 AS9790 56304 2400:6900:2000:1c00::/56 AS9790 56304 2400:6900:ffff:f500::/56 AS4826 9790 2404:4408:8::/48 AS9790 56304 2400:6900:2000:1d00::/56 AS9790 56304 2400:6900:ffff:f::/64 AS56030 56030 45.118.190.0/24 AS9790 56304 2400:6900:2000:1e00::/56 AS9790 56304 2400:6900:ffff:fe00::/56 AS58511 134409 2407:c280:ffff::/48 AS9790 56304 2400:6900:2000:1f00::/56 AS9790 56304 2400:6900:ffff:fffd::/64 AS64098 38220 2403:cc00:4000::/36 AS9790 56304 2400:6900:2000:2300::/56 AS9790 56304 2400:6900:ffff:fffe::/64 AS64098 64098 2403:780:f::/48 AS9790 56304 2400:6900:2000:300::/56 AS9790 56304 2401:9480:300:10d::/64 AS7175 7175 2402:c00:2:a00::/56 AS9790 56304 2400:6900:2000:3800::/56 AS9790 9503 202.53.182.0/24 AS7545 137079 103.107.247.0/24 AS9790 56304 2400:6900:2000:3900::/56 AS7545 18405 122.200.160.0/20 AS9790 56304 2400:6900:2000:3a00::/56 AS7575 7575 2001:388:70d2::/48 AS9790 56304 2400:6900:2000:400::/56 AS7600 9297 103.74.188.0/24 AS9790 56304 2400:6900:2000:4e00::/56 AS7600 9297 103.74.189.0/24 AS9790 56304 2400:6900:2000:500::/56 AS9297 9297 103.74.188.0/24 AS9790 56304 2400:6900:2000:600::/56 AS9297 9297 103.74.189.0/24 AS9790 56304 2400:6900:2000:800::/56 AS9500 9500 2407:7000:f300::/48 AS9790 56304 2400:6900:2000:900::/56 AS9790 56068 131.203.76.0/23 AS9790 56304 2400:6900:2000:a00::/56 AS9790 56304 131.203.63.0/24 AS9790 56304 2400:6900:2000:c00::/56 AS9790 56304 2400:3d80:2000:100::/56 AS9790 56304 2400:6900:2000:e00::/56
Route Server Software Upgrades • Current Route Server Software • Ubuntu 16.04 LTS – End of Support in April 2021 • BIRD 1.6.2 - Released September 2016 • No RPKI / ROV support (without mangling prefix lists – ew) • New Software • Ubuntu 20.04 LTS – Released April 2020 • BIRD 2.0.7 – Released October 2019 • RTR support • Plan • There are two route servers in each exchange (are you peering with both)? • Pick a time window, disable rs1, upgrade Ubuntu, upgrade bird, deploy automated BIRD config • 2 hours per route server – apt full-upgrade takes ageeeeeees, actual downtime of around 10 minutes for reboot and software ugprade • Rinse and repeat for second RS • Rinse and repeat for each exchange
Recommend
More recommend
