AS112 provides an anycasted reverse DNS sink hole for the private addresses set aside in RFC1918 and RFC6890. Using exabgp to inject an AS112 instance into your own system is quick, easy, and painless!
As mentioned in other my blogs about Exabgp, Linux is funny about loopback type addresses. I was unable to get Debian to reliably bring up the interfaces I wanted so I ended up just putting them in
rc.local which is a hack, but it works reliably at least.
The IPv4 and IPv6 interfaces for the system can be set up as normal, including adding a default route. We won’t be installing any routes from BGP to the system, only advertising the anycasted prefix outbound.
# /etc/rc.local ip link add dev as112_dns type dummy ip link set as112_dns up ip addr add dev as112_dns 126.96.36.199/24 ip addr add dev as112_dns 188.8.131.52/24 ip addr add dev as112_dns 184.108.40.206/24 ip addr add dev as112_dns 220.127.116.11/24 ip addr add dev as112_dns 2620:4f:8000::1/128 ip addr add dev as112_dns 2620:4f:8000::6/128 ip addr add dev as112_dns 2620:4f:8000::42/128 ip addr add dev as112_dns 2001:4:112::1/128 # /etc/sysctl.conf net.ipv4.conf.all.arp_filter=1
RFC7534 lays out the configs in BIND style pretty well. Essentially, the most important things are:
This uses the excellent exabgp-healthcheck script. It is part of the recommendations made in the RFC that the prefixes not be advertised if they can not be serviced.
# /etc/exabgp/healthcheck.conf [as112v4] nexthop=192.0.2.2 metric=50 command="dig @18.104.22.168 hostname.as112.net. txt +short +norec" ip=22.214.171.124/24 ip=126.96.36.199/24 disable=/etc/exabgp/healthcheck_as112v4.disable [as112v6] nexthop=2001:db8::2 metric=50 command="dig @2620:4f:8000::6 hostname.as112.net. txt +short +norec" ip=2620:4f:8000::/48 ip=2001:4:112::/48 disable=/etc/exabgp/healthcheck_as112v6.disable
The command= line is the health check, any command which returns non-zero when it fails will work. Touching the file listed in the disable= line will cause the prefixes to be withdrawn and not advertised until the file is removed (handy for maintenance, reboots, etc).
I continue to have issues with IPv6 and next-hop addresses. I’m still doing fe80 next-hop’s to solve that. Other than that, working as designed.