diff --git a/README.md b/README.md new file mode 100644 index 0000000..314b662 --- /dev/null +++ b/README.md @@ -0,0 +1,155 @@ +# IPv4 Address Plan + +| Prefix | Usage | Routing | +| ---------------- | ----------------------------------------------- | -------------------------------- | +| 192.175.40.0/22 | Customer /32 (was acquired from LonsdaleNet) | Accept IPv4 /32 from Aggregation | +| 185.149.208.0/22 | Customer /32 (was acquired from LonsdaleNet) | Accept IPv4 /32 from Aggregation | +| 185.66.204.0/22 | Customer /32 (was acquired from Fibre WiFi) | Accept IPv4 /32 from Aggregation | +| 149.255.168.0/21 | Customer /32 (was acquired from Fibre WiFi) | Accept IPv4 /32 from Aggregation | +| 193.162.44.0/24 | Core and Loopbacks | (not announced to DFZ) | +| 172.22.0.0/16 | Management | Static | +| 172.22.0.0/24 | Infrastructure/Servers | Static /32, via Wireguard | +| 172.22.1.0/24 | OOB/Management at TN2 | Static /24, via Wireguard | +| 172.22.2.0/24 | OOB/Management at LD5 | Static /24, via Wireguard | +| 172.22.3.0/24 | OOB/Management at MA1 | Static /24, via Wireguard | +| 172.22.4.0/24 | OOB/Management at PUE | Static /24, via Wireguard | +| 100.64.0.0/10 | RFC6598 CGNAT for customer access | OSPF within agg network | +| 169.254.0.0/16 | Link-local addressing for linknets | Used to establish BGP to Core | + +## Core: Loopbacks and Linknets + +| Prefix | Usage | Routing | +| ----------------- | ----------------------------------------------- | -------------------------------- | +| 193.162.44.0/29 | Core Loopbacks, including blackhole destination | IS-IS; and to establish iBGP | +| 193.162.44.8/29 | Core Linknets | IS-IS core adjacencies | +| 193.162.44.16/28 | reserved for future Core Linknets | IS-IS core adjacencies | +| 193.162.44.32/27 | reserved for future Core Infrastructure | reserved | +| 193.162.44.64/26 | reserved for future Core Infrastructure | reserved | +| 193.162.44.128/25 | reserved for future Core Infrastructure | reserved | + +### Infrastructure Linknets to Aggregation Routers + +| Prefix | Usage | Routing | +| ------------------ | ----------------------------------------- | ------- | +| 169.254.0.0/21 | cr1.tn2 via NNC067 to aggregation routers | BGP | +| 169.254.64.0/21 | cr1.ld5 via NNC068 to aggregation routers | BGP | +| 169.254.128.0/21 | cr1.ma1 via NNC069 to aggregation routers | BGP | +| 169.254.192.0/21 | cr1.pue via NNC070 to aggregation routers | BGP | + +# IPv6 Address Plan + +| Prefix | Usage | Routing | +| -------------- | ------------------------------------------------ | --------------------------------------------- | +| 2a04:1840::/29 | Business Static /48 (can de-agg to /52) | Accept IPv6 /48-/52 from Aggregation | +| 2a0b:8640::/29 | Residential /56 (was acquired from Dyfed IT) | Accept IPv6 /40-/48 from Aggregation | +| 2a0d:a0c0::/29 | Residential /56 (was acquired from LonsdaleNET) | (will become like 2a0b:8640::/29 if required) | +| 2a10:f0c0::/29 | Core and Loopbacks (was acquired from FibreWiFi) | (not announced to DFZ) | + +## Core: Loopbacks and Linknets + +| Prefix | Usage | Routing | +| ------------------- | --------------------------- | -------------------- | +| 2a10:f0c0:0000::/48 | Core Linknets and Loopbacks | Some subnets may BGP | +| 2a10:f0c0:1000::/40 | BGP-speaking Infrastructure | Can speak BGP | +| 2a10:f0c0:1001::/48 | Infrastructure at TN2 | Can speak BGP | +| 2a10:f0c0:1002::/48 | Infrastructure at LD5 | Can speak BGP | +| 2a10:f0c0:1003::/48 | Infrastructure at MA1 | Can speak BGP | +| 2a10:f0c0:1004::/48 | Infrastructure at PUE | Can speak BGP | + +### Infrastructure Linknets to Aggregation Routers + +| Prefix | Usage | Routing | +| ----------------------------- | --------------------------------------------------------------- | ------- | +| 2a01:f0c0:1001:0001:0067::/80 | cr1.tn2 (1 from 193.162.44.1) via NNC067 to aggregation routers | BGP | +| 2a01:f0c0:1002:0002:0068::/80 | cr1.ld5 (2 from 193.162.44.2) via NNC068 to aggregation routers | BGP | +| 2a01:f0c0:1003:0003:0069::/80 | cr1.ma1 (3 from 193.162.44.3) via NNC069 to aggregation routers | BGP | +| 2a01:f0c0:1004:0004:0070::/80 | cr1.pue (4 from 193.162.44.4) via NNC070 to aggregation routers | BGP | + +Prefix scheme is `2a01:f0c0:10SS:CCCC:NNNN:YYYY:ZZZZ::/112` where: + +* `SS` = site +* `CCCC` = Core router IPv6 loopback last 16 bits +* `NNNN` = NNI number +* `YYYY` = outer VLAN tag (VLAN tag ordered with Neos goes here) +* `ZZZZ` = inner VLAN tag (if double-tagging for some future reason) + +Addressing within the prefix is as follows: + +* `::CCCC/112` = Core router loopback last 16 bits (e.g. `::1/112` through `::4/112`) +* `::a001/112` = Aggregation router 1 +* `::a002/112` = Aggregation router 2 (...etc) + +# BGP Communities + +## `59811:2` send to aggregation routers + +These are routes learned from ASNs that Voneus meets at 2 (or more) locations. + +## `59811:666` DDoS and blackhole + +Where: + +* `/24` = only send to Voxility +* `/32` = announce to RTBH on ixs/upstreams/UTRS + +## `65535:666` COMMUNITY-AS59811-BLACKHOLE + +## `59811:6500x` originated from site + +Where: + +* `x` is from: + - `0` = all + - `1` = TN2 + - `2` = LD5 + - `3` = MA1 + - `4` = PUE + +## `650xy:zzzzz` + +Where: + +* `x` is from: + - `0` = all + - `1` = TN2 + - `2` = LD5 + - `3` = MA1 + - `4` = PUE +* `y` is from: + - `0` = no-announce + - `1` = prepend 1 + - `2` = prepend 2 + - `3` = prepend 3 + - `9` = no-export +* `z` is ASN, where: + - `0` = any peer/upstream/downstream + - `1299` = Arelion + - `2914` = NTT + - `3223` = Voxility (NB see also 59811:666) + - `6762` = TISparkle + - `65511` = Tampnet (would be 200781) + - `65521` = LON1 + - `65522` = LON2 + - `65523` = LINX Manchester + - `65524` = LINX Scotland + - `65525` = LONAP + +# BGP Local Preferences + +## Transit + +* `100` => transit (de-pref) +* `200` => transit +* `300` => transit (up-pref) + +## Peering + +* `400` => peering (de-pref) - default for IX route-servers +* `500` => peering - default for direct sessions over IX +* `600` => peering (up-pref) - default for PNI + +## Customer + +* `700` => downstream (de-pref) +* `800` => downstream +* `900` => downstream (up-pref) diff --git a/README.txt b/README.txt deleted file mode 100644 index 1985afc..0000000 --- a/README.txt +++ /dev/null @@ -1,81 +0,0 @@ - -# IPv6 Address Plan - -2a04:1840::/29 Business Static /48-/52 (was acquired from FibreWiFi) -2a0b:8640::/29 Residential /56 (was acquired from Dyfed IT) Accept IPv6 /40-/48 from Aggregation -2a0d:a0c0::/29 Acquired from LonsdaleNET (will become like 2a0b:8640::/29 if required) -2a10:f0c0::/29 Core and Loopbacks (not announced to DFZ) - - 2a10:f0c0::/48 Core Linknets and Loopbacks - 2a01:f0c0:0001:0001:0067::/80 Linknets from cr1.tn2 (1 from 193.162.44.1) via NNC067 to Aggregation - 2a01:f0c0:0002:0002:0068::/80 Linknets from cr1.ld5 (2 from 193.162.44.2) via NNC068 to Aggregation - 2a01:f0c0:0003:0003:0069::/80 Linknets from cr1.ma1 (3 from 193.162.44.3) via NNC069 to Aggregation - 2a01:f0c0:0004:0004:0070::/80 Linknets from cr1.pue (4 from 193.162.44.4) via NNC070 to Aggregation - - 2a01:f0c0:ssss:cccc:nnnn:yyyy:zzzz:1/112 ssss = site - cccc = core router - nnnn = NNI number - yyyy = outer VLAN tag (S-tag, probably 0) - zzzz = inner VLAN tag (C-tag, Neos usual VLAN tagging) - ::c001 = core - ::a001 = agg - -# Communities - -59811:2 => routes learned from ASNs that Voneus meets at 2 (or more) locations - -59811:666 => /24 = only send to Voxility - /32 = announce to RTBH on ixs/upstreams/UTRS - -65535:666 => COMMUNITY-AS59811-BLACKHOLE - -59811:6500x => originated from site - | - x => 0 = all - 1 = TN2 - 2 = LD5 - 3 = MA1 - 4 = PUE - -650xy:zzzzz - |||| - x => 0 = all - | | 1 = TN2 - | | 2 = LD5 - | | 3 = MA1 - | | 4 = PUE - | | - y => 0 = no-announce - | 1 = prepend 1 - | 2 = prepend 2 - | 3 = prepend 3 - | 9 = no-export - | - zzzzz => 0 = any peer/upstream/downstream - 1299 = Arelion - 2914 = NTT - 3223 = Voxility (NB see also 59811:666) - 6762 = TISparkle - 65511 = Tampnet (would be 200781) - - 65521 = LON1 - 65522 = LON2 - 65523 = LINX Manchester - 65524 = LINX Scotland - 65525 = LONAP - - - -LOCAL PREFERENCES - -100 => transit (de-pref) -200 => transit -300 => transit (up-pref) - -400 => peering (de-pref) - default for IX route-servers -500 => peering - default for direct sessions over IX -600 => peering (up-pref) - default for PNI - -700 => downstream (de-pref) -800 => downstream -900 => downstream (up-pref)