Mailing Lists

There are two mailing lists which this project uses to distribute analysis data.

Joining the Project

While we have a representative selection of Regional and National Research & Education Networks involved with this project, we are always happy to accept new feeds. More feeds increases the diversity and helps with our goal of improving the routing infrastructure for the global R&E network community.

To join the project, potential hosts need to be able to offer a BGP feed, using EBGP multihop, of IPv4 R&E prefixes (over an IPv4 peering) and IPv6 R&E prefixes (over an IPv6 peering).

The NSRC collector has these details:

Please contact philip at nsrc dot org if you would like to join the project and offer a BGP feed.

Technical Discussion

The Collector

The NSRC collector is a Linux appliance running Free Range Routing, better known as FRR. FRR has its origin in Quagga, and is now a highly capable suite of routing protocols including, of course, BGP, IS-IS, and OSPF.

Each participant in the project sets up an EBGP Multihop from one of their routers, sending the NSRC collector their view of the global R&E table. The collector is configured so that each feed exists in its own view. This means that to display the routes received from one participant in the project, we simply run the command sh ip bgp view NAME for IPv4, and for IPv6 we run sh bgp ipv6 view NAME.

The FRR collector has no FIB - the entries learned from each neighbour are only stored in the BGP table for that neighbour.

The BGP Analysis

Once the BGP table has been dumped from the collector, the analysis programme is run over the raw dump (reading in the Cisco IOS format produced by FRR). The analysis is stored in several files, which are then published on this site under the the participants own page, as well as being compressed and archived for posterity (and future reference).

IPv6 Table Analysis?

While the focus is on IPv4 at the moment, the IPv6 table is also dumped from the collector - a future activity will see the same analysis being applied to it too.

RPKI Invalids

The NSRC collector has an "RPKI feed" from the validator run by the RouteViews Project hosted at the University of Oregon. This validator provides a continuously updated feed of the current VRPS (validated ROA payloads), basically the address space that has had its ROAs signed.

This means that a daily record of the RPKI invalids for IPv4 and IPv6 can be collected from each participant. This is helpful in tracking the global deployment of Route Origin Authorisation (using RPKI) and Route Origin Validation (ROV - the dropping invalid prefixes).

The invalids are gathered from the collector by running sh ip bgp view VIEW route-map invalid for IPv4 and sh bgp ipv6 view VIEW route-map invalid for IPv6.

Participants who have implemented ROV will show no output in the RPKI Invalid dump - the more who implement ROV, the better it is for the Internet as a whole.

Configuration Example - FRrouting

The following shows the FRR configuration needed to set up an EBGP multihop session with the NSRC Collector:


router bgp 64511 view NSRC
 bgp router-id 192.0.2.254
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 timers bgp 15 45
 neighbor 128.223.157.40 remote-as 65534
 neighbor 128.223.157.40 description NSRC Collector
 neighbor 128.223.157.40 ebgp-multihop 255
 neighbor 2607:8400:2880:4::80df:9d28 remote-as 65534
 neighbor 2607:8400:2880:4::80df:9d28 description NSRC Collector
 neighbor 2607:8400:2880:4::80df:9d28 ebgp-multihop 255
 !
 address-family ipv4 unicast
  neighbor 128.223.157.40 activate
  neighbor 128.223.157.40 prefix-list DENY-ALL in
  neighbor 128.223.157.40 route-map RNE-out out
 exit-address-family
 !
 address-family ipv6 unicast
  neighbor 2607:8400:2880:4::80df:9d28 activate
  neighbor 2607:8400:2880:4::80df:9d28 DENY-ALLv6 in
  neighbor 2607:8400:2880:4::80df:9d28 RNE-out out
 exit-address-family
!
ip prefix-list DENY-ALL seq 5 deny 0.0.0.0/0 le 32
!
ipv6 prefix-list DENY-ALLv6 seq 5 deny ::/0 le 128
!
route-map RNE-out permit 10
 description Match R&E networks
 match community rne
!
route-map RNE-out deny 20
 description Deny everything else
!

Note that this configuration snippet assumes that the BGP community rne has already been set elsewhere in the operator's network infrastructure.

Operators using routing equipment with a CLI similar to that of FRR should have no difficulty in adapting the above configuration snippet for their own requirements.

Configuration Example - JunOS

The following shows the JunOS configuration needed to set up an EBGP multihop session with the NSRC Collector:


top edit policy-options
set policy-statement DENY-ALL term END then reject

set policy-statement ANNOUNCE-RNE term RNE from family inet
set policy-statement ANNOUNCE-RNE term RNE from protocol bgp
set policy-statement ANNOUNCE-RNE term RNE from community RNE
set policy-statement ANNOUNCE-RNE term RNE from route-type external
set policy-statement ANNOUNCE-RNE term RNE then accept
set policy-statement ANNOUNCE-RNE term END then reject

set policy-statement ANNOUNCE-RNEv6 term RNE from family inet6
set policy-statement ANNOUNCE-RNEv6 term RNE from protocol bgp
set policy-statement ANNOUNCE-RNEv6 term RNE from community RNE
set policy-statement ANNOUNCE-RNEv6 term RNE from route-type external
set policy-statement ANNOUNCE-RNEv6 term RNE then accept
set policy-statement ANNOUNCE-RNEv6 term END then reject

top edit protocols bgp
set group NSRC-View type external
set group NSRC-View local-address LOCAL_ADDRESS
set group NSRC-View import DENY-ALL
set group NSRC-View family inet unicast
set group NSRC-View export ANNOUNCE-RNE
set group NSRC-View neighbor 128.223.157.40 description "NSRC Collector"
set group NSRC-View neighbor 128.223.157.40 multihop ttl 255
set group NSRC-View neighbor 128.223.157.40 peer-as 65534

set group NSRC-Viewv6 type external
set group NSRC-Viewv6 local-address LOCAL_V6_ADDRESS
set group NSRC-Viewv6 import DENY-ALL
set group NSRC-Viewv6 family inet6 unicast
set group NSRC-Viewv6 export ANNOUNCE-RNEv6
set group NSRC-Viewv6 neighbor 2607:8400:2880:4::80df:9d28 description "NSRC Collector"
set group NSRC-Viewv6 neighbor 2607:8400:2880:4::80df:9d28 multihop ttl 255
set group NSRC-Viewv6 neighbor 2607:8400:2880:4::80df:9d28 peer-as 65534

Note that this configuration snippet assumes that the BGP community RNE has already been set elsewhere in the operator's network infrastructure. Also, LOCAL_ADDRESS and LOCAL_V6_ADDRESS are the router's local address, whether this is chosen as a Loopback (normal) or a physical interface.

Operators using Juniper equipment in their network should be able to adapt this for their own needs.

Back to Homepage