This Post is related to dig out the minimum requirement to follow when implementing BGP in an environment as it is required by ISP. Below is the minimum requirement criteria to be followed by customers of SPRINT when configuring BGP on their Routers..
BGP can be set up for your connection if you are dual homed to Sprint, or multi-homed to another provider. This document is intended to provide enough information for you to evaluate your options in setting up your BGP session.
BASIC REQUIREMENTS
Sprint now offers the ability for customers running BGP to remotely manage a null route for their hosts in the event of a DDoS attack. This prevents the customer circuit from being overwhelmed with attack traffic and gives customers the flexibility to make the changes without having to contact Sprint.
BGP can be set up for your connection if you are dual homed to Sprint, or multi-homed to another provider. This document is intended to provide enough information for you to evaluate your options in setting up your BGP session.
BASIC REQUIREMENTS
- You must be multi-homed to run BGP
- You must be assigned an official AS number through one of the RIRs (Regional Internet Registry, for example ARIN, RIPE, APNIC, LACNIC)
- You must have IOS 10.3 or higher to run BGP and we do not turn up new BGP sessions with anything less than version 10.3
- You must be capable of configuring your BGP session. If you are currently not a Sprint Managed Services customer, Sprint does not provide assistance in configuring customer routers for BGP
- You should NOT configure unfiltered redistribution from your interior routing protocol into BGP
- Explicit distribute-list or network statements should be used to prevent injections of invalid routes into global tables
- You should NOT redistribute routes from BGP into your interior routing protocols, as it corrupts as-path information
- You should configure filters that prevent leakage of routing information from your other service providers to us and vice versa. Filters should be inclusive, rather than exclusive i.e. they should list customer ASs instead of excluding other provider's ASs)
- Contiguous IP blocks for several specific routes should be aggregated into larger routes as much as possible
- Networks listed in configuration should be sane (i.e. no networks assigned to other customers, subnets should never be announced outside, etc)
- Sprint requires that the customer device meets basic hardware memory vendor recommendations when requesting full internet routing table (full routes). Currently, the minimum memory requirement is 512MB, which Sprint will enforce. However, due to the fact that these recommendations vary according to a number of factors (multi-homing, the addition IPv6 in conjunction with IPv4, other routing protocols in use, etc), Sprint recommends checking your vendor?s site and/or contacting your technical representative to determine the recommended guidelines for your immediate needs as well as future requirements
See
below for further information.
RESTRICTIONS:
- Sprint will not run EBGP Multi-hop except for load balancing purposes between the loopback addresses of the Customer and Sprint routers that share multiple serial connections
- Sprint reserves the right to aggregate any announcement for a network smaller than /19 when advertising to external peers such as AT&T, Verizon, etc
- Customers will not be permitted to use '*' wildcards in their requested route filters
WHAT
TO EXPECT:
NEW CIRCUIT INSTALLATION:
- At the time of circuit installation, inform the installation engineer that you want to configure BGP. You will be required to complete the BGP Network Change Request form located within your Compass account
CONVERSION FROM STATIC ROUTING:
- Sprint will configure their side of the line and copy the customer with the BGP configuration changes. Your static routes will not be removed at this time
- Once Sprint is finished configuring its portion, you are responsible for initiating or clearing the BGP session
- Once you are satisfied that the session is up and running, you should notify the Sprint Service Delivery Department to remove your old static routes. Please use the Comments section of the BGP change request form within Compass to contact the Sprint Service Delivery Department
MODIFICATIONS:
Any time you need to modify your BGP filter, you must
complete the BGP request form within Compass. Sprint will take action on all
requests within 3 business days of receipt of the request
WHAT
YOU CAN CONTROL
AS-PATH PREPENDS
Sprint allows customers to use
AS-path prepending to adjust route preference on the network. Such prepending
will be received and passed on properly without notifying Sprint of your change
in announcements.
Additionally, Sprint will prepend
AS1239 to eBGP sessions with certain autonomous systems depending on a received
community. Currently, the following ASes are supported: 1668, 209, 2914, 3300,
3356, 3549, 3561, 4635, 701, 7018, 702 and 8220.
String
|
Resulting
AS Path to ASXXX
|
65000:XXX
|
Do not advertise to ASXXX
|
65001:XXX
|
1239 (default) ...
|
65002:XXX
|
1239 1239 ...
|
65003:XXX
|
1239 1239 1239 ...
|
65004:XXX
|
1239 1239 1239 1239 ...
|
String
|
Resulting
AS Path to ASXXX in Asia
|
65070:XXX
|
Do not advertise to ASXXX
|
65071:XXX
|
1239 (default) ...
|
65072:XXX
|
1239 1239 ...
|
65073:XXX
|
1239 1239 1239 ...
|
65074:XXX
|
1239 1239 1239 1239 ...
|
String
|
Resulting
AS Path to ASXXX in Europe
|
65050:XXX
|
Do not advertise to ASXXX
|
65051:XXX
|
1239 (default) ...
|
65052:XXX
|
1239 1239 ...
|
65053:XXX
|
1239 1239 1239 ...
|
65054:XXX
|
1239 1239 1239 1239 ...
|
String
|
Resulting
AS Path to ASXXX in North America
|
65010:XXX
|
Do not advertise to ASXXX
|
65011:XXX
|
1239 (default) ...
|
65012:XXX
|
1239 1239 ...
|
65013:XXX
|
1239 1239 1239 ...
|
65014:XXX
|
1239 1239 1239 1239 ...
|
String
|
Resulting
AS Path to all supported ASes
|
65000:0
|
Do not advertise
|
65001:0
|
1239 (default) ...
|
65002:0
|
1239 1239 ...
|
65003:0
|
1239 1239 1239 ...
|
65004:0
|
1239 1239 1239 1239 ...
|
String
|
Resulting
AS Path to all supported ASes in Asia
|
65070:0
|
Do not advertise
|
65071:0
|
1239 (default) ...
|
65072:0
|
1239 1239 ...
|
65073:0
|
1239 1239 1239 ...
|
65074:0
|
1239 1239 1239 1239 ...
|
String
|
Resulting
AS Path to all supported ASes in Europe
|
65050:0
|
Do not advertise
|
65051:0
|
1239 (default) ...
|
65052:0
|
1239 1239 ...
|
65053:0
|
1239 1239 1239 ...
|
65054:0
|
1239 1239 1239 1239 ...
|
String
|
Resulting
AS Path to all supported ASes in North America
|
65010:0
|
Do not advertise
|
65011:0
|
1239 (default) ...
|
65012:0
|
1239 1239 ...
|
65013:0
|
1239 1239 1239 ...
|
65014:0
|
1239 1239 1239 1239 ...
|
LOCAL PREFERENCE
You can control the local preference
for your announcements on the Sprint router using a community string which you
may pass to Sprint in your BGP session. The following table lists the community
strings and the corresponding local preference that Sprint will set in the
network. Remember that community strings are not exported by default, so be
sure to add whatever export command is necessary for your router.
String
|
Resulting
Local Pref
|
1239:70
|
70
|
1239:80
|
80
|
1239:90
|
90
|
1239:100
|
100
|
1239:110
|
110
|
MED (Multi Exit Discriminator)
Sprint accepts MEDs from all
customers to adjust route preference on the network.
NO-EXPORT
Sprint will accept the well-known
community "no-export".
TRANSIT TO NON-TRANSIT
Sprint allows transit customers to
tag routes to be non-transit by sending community "1239:600". A
non-transit route will not be advertised as a Sprint customer route. This route
will still be advertised to customers who receive the full Internet routing table,
but will not be advertised to eBGP peers who only wish to receive Sprint
customer routes.
REMOTE
TRIGGERED BLACKHOLE:
Sprint now offers the ability for customers running BGP to remotely manage a null route for their hosts in the event of a DDoS attack. This prevents the customer circuit from being overwhelmed with attack traffic and gives customers the flexibility to make the changes without having to contact Sprint.
This capability requires additional
configuration restrictions.
- Customer must be using a prefix style filter with Sprint. Wildcards will not be allowed in the filter. The prefixes permitted in the prefix filter, should have been assigned to the customer by an Internet registry. Sprint will not configure RTB for transit ISP's or customers.
- Customer must have MD5 passwords enabled on the BGP session(s) with Sprint.
- The route will only be nullrouted on the directly peering router. If the customer has multiple connections with Sprint, the tagged prefix must be announced though each peering session.
- This policy is subject to change and the capability may be globally revoked if operational issues are found that affect the stability of Sprint's network.
- Sprint is not responsible for any misconfiguration on the customer equipment which results in unintended traffic loss.
Once the
request for RTB service has been reviewed, a Sprint technician will contact the
customer to arrange the password setup. After setup, the customer can trigger a
blackhole by sending an authorized route between /30 and /32 with the community
1239:66 to Sprint.