LabIX project. [website Git repository](https://github.com/labitat/ix.labitat.dk) LabIX en-us https://ix.labitat.dk/ LabIX These configuration examples assume your machine is present at Labicolo and use Labitat as BGP transit.

Linux

Networking

The following configuration is for an interface named enp1s0 with the file location /etc/network/interface.d/enp1s0. It configures Labicolo IPv4 and IPv6 addresses, but more importantly, it tags VLAN 42 and assigns peering LAN addresses in order for your machine to use the peering LAN for IX related traffic.

Replace interface name corresponding to yours, and replace addresses in <brackets> that fits your network interface. Check your /etc/network/interfaces file to avoid overlapping interface configurations.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29


# Labicolo addressing
## IPv4
auto enp1s0
iface enp1s0 inet static
        address <labicolo_v4_address>/26
        gateway 185.38.175.65

## IPv6
## Note: 
## - Disables Duplicate Address Detection (DAD), this skips the timeout when reloading an 
#    interface, but WILL create issues if address is already in use.
#  - Disables Route Advertisements 
iface enp1s0 inet6 static
        address <labicolo_v6_address>/64
        gateway 2a01:4262:1ab:20::1
        dad-attempts 0
        accept_ra 0

#LabIX. VLAN 42
auto enp1s0.42
iface enp1s0.42 inet static
        address <peering_lan_v4_address>/24
iface enp1s0.42 inet6 static
        address <peering_lan_v6_address>/64
        dad-attempts 0
        accept_ra 0

Reload config with systemctl restart networking.service.

BIRD

The following BIRD configuration can announce your IPv6 prefixes to your peers, receive a routing table from a transit, and connect to Route Server 0 via the peering LAN, as highlighted in the example. You need to fill in lines containing <brackets> with your own details. The default location for the BIRD configuration is /etc/bird.conf or /etc/bird/bird.conf. Reload the configuration by opening the BIRD console with birdc and use the command configure soft.

It is worth noting, that while the route server (and probably your transit) filters for reserved ASNs, reserved prefixes and invalid RPKI ROAs, it is still recommended that you implement these filters yourself. Have a look at the NLNOG BGP Filter Guide for inspiration.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229


#
# BIRD 2 configuration for ASxxxxx <AS-Set> - <at_some_location>
#
# All IPv4 related options are commented out, but left in in order easely allow enabling if needed
# This config only honors gracefull shutdown, but could be extended with 
# BGP communities as described in: https://arouteserver.readthedocs.io/en/latest/CONFIG.html?highlight=communities#bgp-communities
#
#
# Update config with
#   birdc and "configure soft"
#   Or 'birdcl configure'
#   Check config in birdc with
#      configure check "/etc/bird/bird.conf"
#
# See established peering connections with 'show protocols' in birdc

log syslog all;
#debug protocols all;
debug protocols { events, states };

watchdog warning 5 s;
watchdog timeout 30 s;

timeformat base     iso long;
timeformat log      iso long;
timeformat protocol iso long;
timeformat route    iso long;

# Global unique ID, ex. your public unicast IPv4 address
router id <your_IPv4_address>;

# functions and filters

define local_asn   = <your_ASN>;
define labitat_asn = 205235;
define labix_asn   = 60247;

# LabIX Peering LAN
# -------------------------
define local_labix_ipv6 = <peering_lan_address>;
define local_labix_ipv4 = <peering_lan_address>;

# Route Server addresses
define labix_rs0_ipv6 = 2001:7f8:149:1ab::6:0247:1;
define labix_rs0_ipv4 = 185.0.29.1;

# Define your prexies
# -------------------------
# You can also do '<your_v6_prefix>/44{44,48}'
# This allows for announcing any size between 44 and 48
define local_prefixes_v6 = [
	<your_v6_prefix>/48,
	<your_v6_prefix>/44
];

define local_prefixes_more_specific_v6 = [
	<your_v6_prefix>/48{49,128},
	<your_v6_prefix>/44{45,128}
];

#define some_peer_prefixes_v6 = [
#	<peer_v6_prefix>/48,
#	<peer_v6_prefix>/48
#];

# functions and filters

function is_default_route() {
	case net.type {
		#NET_IP4: if net = 0.0.0.0/0 then return true;
		NET_IP6: if net = ::/0 then return true;
	}
	return false;
}

function is_customer_route() {
	case net.type {
		#NET_IP4: if net ~ local_prefixes_v4 then return true;
		NET_IP6: if net ~ local_prefixes_v6 then return true;
	}
	return false;
}

# define basic protocols
protocol device {}

protocol direct {
#	ipv4;
	ipv6;
}

# -------------------------------
# Export to kernel network driver
filter kernel_export {
	if source !~ [ RTS_BGP, RTS_STATIC ] then reject;
	if is_default_route() then accept;
	if is_customer_route() then accept;
	reject;
}

function honor_graceful_shutdown()
{
	# RFC 8326 Graceful BGP Session Shutdown
	if (65535, 0) ~ bgp_community then {
		bgp_local_pref = 0;
	}
}

# Transit filters
filter transit_import {
	honor_graceful_shutdown();
	accept;
}

filter transit_export {
	if !is_customer_route() then reject;
	accept;
}

# generate local routes
#protocol static static4 {
#	ipv4;
#	route <your_v4_prefix>/24 unreachable;
#	route <your_v4_prefix>/24 unreachable;
#}

protocol static static6 {
	ipv6;
	route <your_v6_prefix>/48 unreachable;
	route <your_v6_prefix>/44 unreachable;
}

# ---------------------
# Export to your kernel
#protocol kernel kernel4 {
#	ipv4 {
#		import all;
#		export filter kernel_export;
#	};
#	learn;
#	persist;
#	graceful restart;
#	merge paths;
#}

protocol kernel kernel6 {
	ipv6 {
		import all;
		export filter kernel_export;
	};
	learn;
	persist;
	graceful restart;
	merge paths;
}

# -------
# Transit
#protocol bgp labitat_ipv4 {
#	local <your_local_v4_address> as local_asn;
#	neighbor <peer_v4_address> as labitat_asn;
#	passive;
#	ipv4 {
#		import limit 10 action block;
#		receive limit 20 action disable;
#		import keep filtered on;
#		import filter transit_import;
#		export filter transit_export;
#	};
#}

# Transit - Labitat
protocol bgp labitat_ipv6 {
	local <your_local_v6_address> as local_asn;
	neighbor <transit_v6_address> as labitat_asn;
	passive;
	ipv6 {
		import limit off;
		receive limit off;
		import keep filtered on;
		import filter transit_import;
		export filter transit_export;
	};
}

# LabIX Route Server
# -------------------------------------------------
# Non-passive connection, the RS awaits for your routers connection
protocol bgp labix_ipv6 {
        local local_labix_ipv6 as local_asn;
        neighbor labix_rs0_ipv6 as labix_asn;
        ipv6 {
                import limit off;
                receive limit off;
                import keep filtered on;
                import filter transit_import;
                export filter transit_export;
        };
}


# Peering
# ---------------------
template bgp bgp_peer {
	default bgp_local_pref 120;
}

# customer import
function peer_import(int peer_asn; prefix set peer_prefixes) {
	if net !~ peer_prefixes then reject;
	if bgp_path.first != peer_asn then reject;
	accept;
}

#protocol bgp <some_peer_v6> from bgp_peer {
#	local <your_local_v6_address> as local_asn;
#	neighbor <peer_local_v6_address> as <some_peer_asn>;
#	ttl security;
#	ipv6 {
#		import limit 10 action block;
#		receive limit 20 action disable;
#		import keep filtered on;
#		import filter { peer_import(<some_peer_asn>, <some_peer_prefixes_v6>); };
#		export filter transit_export;
#	};
#}
]]> https://ix.labitat.dk/documentation/ https://ix.labitat.dk/documentation/ Documentation Welcome

Hi camping network nerds,

Labitat Internet Exchange (LabIX) will temporarily become a multi-site IX, as we will be present at BornHack 2023. More concretely, we will transport our local peering LAN via our upstream provider to a VLAN the scouting field in Gelsted at BornHack, so you can peer with our members in Labitat and at BornHack.

Why even do this?

It has now become a tradition for the NOC team at BornHack to ask participant to USE MORE BANDWIDTH. This is of course not about abusing speedtest servers in order to achieve the highest possible throughput or hog the network from other participants, but to use the bandwidth for use-cases that benefits the event, participant or our society.

BornHack usually gets a temporary IPv4 prefix and already got a IPv6 prefix, which is fine for many uses-cases. But you can also choose to run your own little ISP from your village and offer BGP dependent services to other participants (probably costs a beer to the NOC team), or you can use this opportunity to have more on hands experience with the workings of the internet. The IX is totally optional, but it is more fun to announce prefixes and play around, if there are others that can join in on the fun.

How to connect?

More details will come later, but if you do not already have an ASN and IP resources, now is definitely the time to request some (it takes some time to finalize).

If you plan on joining LabIX at BornHack, please sign up by creating a pull request on the labix repository.

I’m interested! How do learn more about Internet Exchanges

]]> https://ix.labitat.dk/bornhack/ https://ix.labitat.dk/bornhack/ LabIX @ BornHack Members present at Labicolo.

AS Member Speed IPv6
60247 LabIX Route Servers 1G 2001:7f8:149:1ab::6:0247:1
199750 Olivia Wenya 1G 2001:7f8:149:1ab::19:9750:1
198886 Daniel Brasholt 1G 2001:7f8:149:1ab::19:8886:1
211153 Emil Petersen 1G 2001:7f8:149:1ab::21:1153:1
198275 Thomas Flummer 1G 2001:7f8:149:1ab::19:8275:1

We encourage IX clients to register on PeeringDB.com if not already done so. We use the database for max prefix length and AS-Set filtering. Our PDB entry can be found here. AS-sets are attempted to be collected from PeeringDB in case it is not available ix_clients.yml.

The automation tool-chain for exporting members to the IX-F schema (coming soon) and updating PeeringDB currently only includes Route Server clients. This is due to time constrains and as ARouteServer supporting this feature we opted for the working solution. We are aware that forcing IX clients to be route server members is bad practice, which will be worked on as soon as possible.

]]> https://ix.labitat.dk/members/ https://ix.labitat.dk/members/ Members