[NLNOG] KPN doesn't seem to pick up new routes from AS31383
Verschuren, Antoin
averschuren at libertyglobal.com
Thu Jan 25 11:02:58 CET 2024
Hi Bart,
In my experience, prefix filter lists used in route filters can indeed take up to 24 hours to get updated. They are usually only updated once or twice a day in automated orchestration, some even only after manual validation on workdays.
So I would advise to publish new route objects for changes or migrations at least 24 hours before announcing new BGP routes. 3 days is even better.
The BGP updates themselves are much faster, and new ROAs are usually picked up within an hour, depending on the validator configuration.
So if you prepare well creating route objects and ROAs, the migration itself should indeed only be minutes.
Kind regards,
Antoin Verschuren
Senior Manager Network Security
M + 31 6 15682664
Liberty Global Technology Services B.V.
Boeing Avenue 53
1119 PE Schiphol-Rijk
The Netherlands
www.libertyglobal.com
-----Original Message-----
From: Bart van Dam | Computel Standby <b.vandam at computel.nl>
Sent: Thursday 25 January 2024 10:32
To: Verschuren, Antoin <averschuren at libertyglobal.com>; nlnog at nlnog.net
Subject: Re: [NLNOG] KPN doesn't seem to pick up new routes from AS31383
Hi Antoin,
Thank you for responding to my question.
It looks like KPN picked up the new route after 24 hours.
Maybe this is not the place to ask this question, but...
Like I said in my previous email, we are migrating from 1 datacenter to another.
Our plan was to migrate a /24 range of our current /21 to the new datacenter during a nightly maintenance window during which we will be physically moving some equipment as well. In order for this to work, the new specific /24 route needs to be picked up in a couple hours max.
My understanding was that new routes would be picked up in minutes rather than hours after announcing, is this not usually the case?
With kind regards,
Met vriendelijke groet,
Bart van Dam
-----Original Message-----
From: Verschuren, Antoin <averschuren at libertyglobal.com>
Sent: Thursday, January 25, 2024 10:04
To: Bart van Dam | Computel Standby <b.vandam at computel.nl>; nlnog at nlnog.net
Subject: RE: [SUSPICIOUS] Re: [NLNOG] [SUSPICIOUS] KPN doesn't seem to pick up new routes from AS31383
My bad, I didn't see the AS-COMPUTEL member-of statement.
Your upstreams should accept:
[averschuren at crookie ~]$ bgpq4 AS1299:AS-TWELVE99-V4 | grep 83.137.16.0 ip prefix-list NN permit 83.137.16.0/21
Kind regards,
Antoin Verschuren
Senior Manager Network Security
M + 31 6 15682664
Liberty Global Technology Services B.V.
Boeing Avenue 53
1119 PE Schiphol-Rijk
The Netherlands
www.libertyglobal.com
-----Original Message-----
From: NLNOG <nlnog-bounces at nlnog.net> On Behalf Of Verschuren, Antoin via NLNOG
Sent: Thursday 25 January 2024 09:47
To: Bart van Dam | Computel Standby <b.vandam at computel.nl>; nlnog at nlnog.net
Subject: [SUSPICIOUS] Re: [NLNOG] [SUSPICIOUS] KPN doesn't seem to pick up new routes from AS31383
Hi Bart,
I don't see any export statements in your AS31383 aut-num object, so when upstreams filter using IRR data, how are they to know that you announce AS31383 to your upstreams?
aut-num: AS31383
as-name: NEDERLANDNET-AS
member-of: AS-COMPUTEL
org: ORG-CSB1-RIPE
remarks: www.computel.nl
admin-c: CH784-RIPE
tech-c: CH784-RIPE
status: ASSIGNED
mnt-by: COMPUTEL-MNT
mnt-by: RIPE-NCC-END-MNT
remarks: E-mail is the preferred contact method
remarks: Please use one of the following addresses
remarks: abuse at computel.nl - for abuse notificion
remarks: noc at computel.nl - for operational questions
remarks: peering at computel.nl - for peering questions
created: 2004-04-29T11:01:05Z
last-modified: 2024-01-19T12:47:55Z
source: RIPE # Filtered
You should add import/export statements to your 5 upstream ASNs:
import: from ASXXX accept XXX
export: to ASXXX announce AS31383
If you want to announce more than your own ASN, create an AS-SET to announce.
Kind regards,
Antoin Verschuren
Senior Manager Network Security
M + 31 6 15682664
Liberty Global Technology Services B.V.
Boeing Avenue 53
1119 PE Schiphol-Rijk
The Netherlands
www.libertyglobal.com
-----Original Message-----
From: NLNOG <nlnog-bounces at nlnog.net> On Behalf Of Bart van Dam | Computel Standby via NLNOG
Sent: Wednesday 24 January 2024 17:39
To: nlnog at nlnog.net
Subject: [SUSPICIOUS] [NLNOG] KPN doesn't seem to pick up new routes from AS31383
Good evening,
We're currently making changes to our route announcements to migrate ranges to a new datacenter.
We created the new route objects a couple days ago in the RIPE database and started announcing a test range yesterday evening.
To specify, we are AS31383, we announce 83.137.16.0/21 on our current BGP routers and started announcing 83.137.23.0/24 on our new ones in the other datacenter.
The problem we ran into is that it looks like KPN isn't picking up the new route, other big providers like VodafoneZiggo or Odido seem to work just fine.
I was wondering if there is anyone on this mailing list able to help or shed some light on our current situation.
Any help or information would be greatly appreciated.
With kind regards,
Bart van Dam
Computel Stand-by B.V.
_______________________________________________
NLNOG mailing list
NLNOG at nlnog.net
http://mailman.nlnog.net/listinfo/nlnog
_______________________________________________
NLNOG mailing list
NLNOG at nlnog.net
http://mailman.nlnog.net/listinfo/nlnog
More information about the NLNOG
mailing list