howto/Address-Space.md
... ...
@@ -15,7 +15,7 @@ grep -r ^policy data/inet{,6}num/
15 15
16 16
The [filter.txt](https://git.dn42.dev/dn42/registry/src/master/data/filter.txt) and [filter6.txt](https://git.dn42.dev/dn42/registry/src/master/data/filter6.txt) files within the registry detail the network wide constraints on what address ranges are in use together with the global limits on what can be announced.
17 17
18
-`inetnum` and `inet6num` objects within the registry are used to describe the allocation of address space to users. `route` and `route6` objects in the registry are used to validate routing announcements through [ROA](/howto/Bird#route-origin-authorization).
18
+`inetnum` and `inet6num` objects within the registry are used to describe the allocation of address space to users. `route` and `route6` objects in the registry are used to validate routing announcements through [ROA](/howto/Bird2#route-origin-authorization).
19 19
20 20
In addition to the native DN42 address ranges, the registry also contains allocations for the address space used by affiliate networks. These are updated by a regular [sync script](https://git.dn42.dev/dn42/registry-sync).
21 21
howto/Bird2.md
... ...
@@ -1,4 +1,4 @@
1
-This guide is similar to the normal [Bird](/howto/Bird) guide in that it provides you with help setting up the BIRD routing daemon, with the difference that this page is dedicated to versions 2.x.
1
+This guide is similar to the normal [Bird](/historical/Bird) guide in that it provides you with help setting up the BIRD routing daemon, with the difference that this page is dedicated to versions 2.x.
2 2
3 3
# Arch Linux
4 4
... ...
@@ -174,11 +174,42 @@ template bgp dnpeers {
174 174
include "/etc/bird/peers/*";
175 175
```
176 176
177
+# Setting up peers
178
+
179
+Please note: This section assumes that you've already got a tunnel to your peering partner setup.
180
+
181
+First, make sure the /etc/bird/peers directory exists:
182
+
183
+```sh
184
+# mkdir -p /etc/bird/peers
185
+```
186
+
187
+Then for each peer, create a configuration file similar to this one:
188
+
189
+`/etc/bird/peers/<NEIGHBOR_NAME>.conf`:
190
+
191
+```conf
192
+protocol bgp <NEIGHBOR_NAME> from dnpeers {
193
+ neighbor <NEIGHBOR_IP> as <NEIGHBOR_ASN>;
194
+}
195
+
196
+protocol bgp <NEIGHBOR_NAME>_v6 from dnpeers {
197
+ neighbor <NEIGHBOR_IPv6>%<NEIGHBOR_INTERFACE> as <NEIGHBOR_ASN>;
198
+}
199
+```
200
+
201
+Due to the special link local addresses of IPv6, an interface has to be specified using the `%<if>` syntax if a link local address is used (Which is recommended)
202
+
203
+# BGP communities
204
+
205
+Communities can be used to prioritize traffic based on different flags, in DN42 we are using communities to prioritize based on latency, bandwidth and encryption. It is really easy to get started with communities and we encourage all of you to get the basic configuration done and to mark your peerings with the correct flags for improved routing.
206
+More information can be found [here](/howto/BGP-communities).
207
+
177 208
# Route Origin Authorization
178 209
179
-The example config above relies on ROA configuration files in `/etc/bird/roa_dn42{,_v6}.conf`. These should be automatically downloaded and updated every so often to prevent BGP highjacking, [see the bird1 page](/howto/Bird#route-origin-authorization) for more details and links to the ROA files. Note: edit the links to replace roa_bird1 to say roa_bird2 if using the cron jobs listed on that page.
210
+Route Origin Authorizations should be used in BIRD to authenticate prefix announcements. These check the originating AS and validate that they are allowed to advertise a prefix.
180 211
181
-# RPKI / RTR for ROA
212
+## RPKI / RTR for ROA
182 213
183 214
To use an RTR server for ROA information, replace this config in your bird2 configuration file:
184 215
... ...
@@ -222,41 +253,6 @@ template bgp dnpeers {
222 253
}
223 254
```
224 255
225
-# Setting up peers
226
-
227
-Please note: This section assumes that you've already got a tunnel to your peering partner setup.
228
-
229
-First, make sure the /etc/bird/peers directory exists:
230
-
231
-```sh
232
-# mkdir -p /etc/bird/peers
233
-```
234
-
235
-Then for each peer, create a configuration file similar to this one:
236
-
237
-`/etc/bird/peers/<NEIGHBOR_NAME>.conf`:
238
-
239
-```conf
240
-protocol bgp <NEIGHBOR_NAME> from dnpeers {
241
- neighbor <NEIGHBOR_IP> as <NEIGHBOR_ASN>;
242
-}
243
-
244
-protocol bgp <NEIGHBOR_NAME>_v6 from dnpeers {
245
- neighbor <NEIGHBOR_IPv6>%<NEIGHBOR_INTERFACE> as <NEIGHBOR_ASN>;
246
-}
247
-```
248
-
249
-Due to the special link local addresses of IPv6, an interface has to be specified using the `%<if>` syntax if a link local address is used (Which is recommended)
250
-
251
-# BGP communities
252
-
253
-Communities can be used to prioritize traffic based on different flags, in DN42 we are using communities to prioritize based on latency, bandwidth and encryption. It is really easy to get started with communities and we encourage all of you to get the basic configuration done and to mark your peerings with the correct flags for improved routing.
254
-More information can be found [here](/howto/BGP-communities).
255
-
256
-# Route Origin Authorization
257
-
258
-Route Origin Authorizations should be used in BIRD to authenticate prefix announcements. These check the originating AS and validate that they are allowed to advertise a prefix.
259
-
260 256
## ROA Tables
261 257
262 258
The ROA table can be generated from the registry directly or you can use the following pre-built ROA tables for BIRD:
... ...
@@ -411,13 +407,3 @@ if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then {
411 407
reject;
412 408
}
413 409
```
414
-
415
-Also, define your ROA table with:
416
-
417
-```conf
418
-roa table dn42_roa {
419
- include "/var/lib/bird/bird_roa_dn42.conf";
420
-};
421
-```
422
-
423
-**NOTE**: Make sure you setup ROA checks for both IPv4 and IPv6.
howto/Getting-Started.md
... ...
@@ -303,7 +303,7 @@ source: DN42
303 303
304 304
# Get some peers
305 305
306
-In dn42, there is no real distinction between peering and transit: in most cases, everybody serves as an upstream provider to all its peers. Note that if you have very slow connectivity to the Internet, you may want to avoid providing transit between your peers, which can be done by filtering or prepending your ASN. For the sake of sane routing, try to peer with people on the same continent to avoid inefficient routing, <50ms is a good rule of thumb. You can also look into Bird communities if you are using Bird to mark the latency for the [link](/howto/Bird-communities).
306
+In dn42, there is no real distinction between peering and transit: in most cases, everybody serves as an upstream provider to all its peers. Note that if you have very slow connectivity to the Internet, you may want to avoid providing transit between your peers, which can be done by filtering or prepending your ASN. For the sake of sane routing, try to peer with people on the same continent to avoid inefficient routing, <50ms is a good rule of thumb. You can also look into Bird communities if you are using Bird to mark the latency for the [link](/howto/BGP-communities).
307 307
308 308
You can use the peerfinder to help you find potential peers close to you: <https://dn42.us/peers>
309 309
... ...
@@ -319,7 +319,7 @@ There is some documentation in this wiki, like [gre-plus-ipsec](/howto/GRE-plus-
319 319
320 320
You need a routing daemon to speak BGP with your peers. People usually run Bird or FRR, but you may use anything (OpenBGPD, XORP, somebody even used an old [hardware router](BGP-on-Extreme-Summit1i) ). See the relevant [FAQ entry](/FAQ#frequently-asked-questions_what-bgp-daemon-should-i-use).
321 321
322
-You can find [configuration examples for Bird here](/howto/Bird).
322
+You can find [configuration examples for Bird here](/howto/Bird2).
323 323
324 324
## Configuration Examples
325 325
... ...
@@ -331,7 +331,7 @@ You can find [configuration examples for Bird here](/howto/Bird).
331 331
* [Tinc](/howto/tinc)
332 332
* [IPsec with public key authentication](/howto/IPsec-with-PublicKeys)
333 333
* BGP:
334
- * [Bird](/howto/Bird)
334
+ * [Bird](/howto/Bird2)
335 335
* [Quagga](/howto/Quagga)
336 336
* Router specific:
337 337
* [dn42 on OpenWRT](/howto/OpenWRT)
howto/wireguard.md
... ...
@@ -60,7 +60,7 @@ ping fe80::<your_peers_suffix>%<interface_name>
60 60
61 61
(For older iputils, use `ping6`.)
62 62
63
-Afterwards configure your [BGP session](/howto/Bird) as usual
63
+Afterwards configure your [BGP session](/howto/Bird2) as usual
64 64
65 65
## Debugging
66 66