change routing announcement of 63.245.214.0/23 to 63.245.212.0/22

RESOLVED FIXED

Status

Infrastructure & Operations
NetOps
RESOLVED FIXED
3 years ago
2 years ago

People

(Reporter: dcurado, Assigned: dcurado)

Tracking

Details

(Assignee)

Description

3 years ago
As we move infrastructure from PHX1 to SCL3, there will be a need for more public IP address space in SCL3.  Fortunately for us, we have enough public IP address space to meet this need.  We just need to tell the world about it.

The planned activity goes like this:

 - modify the configurations of the POP border routers so that they advertise
   63.245.212.0/22 in addition to 63.245.214.0/23 
 - verify that all the routers in the world's default free zone (DFZ) learn
   the new route announcement (63.245.212.0/22)
   (we can do this by using various "looking-glass" web sites around the world)
 - when we are confident that 63.245.212.0/22 has propagated out to the world
   (this takes but a few minutes usually)
   then we can delete the 63.245.214.0/23 routing announcement from the POP
   border routers.
Flags: cab-review?
(Assignee)

Updated

3 years ago
Assignee: network-operations → dcurado
Status: NEW → ASSIGNED
(In reply to Dave Curado :dcurado from comment #0)
> As we move infrastructure from PHX1 to SCL3, there will be a need for more
> public IP address space in SCL3.  Fortunately for us, we have enough public
> IP address space to meet this need.  We just need to tell the world about it.
> 
> The planned activity goes like this:
> 
>  - modify the configurations of the POP border routers so that they advertise
>    63.245.212.0/22 in addition to 63.245.214.0/23 
>  - verify that all the routers in the world's default free zone (DFZ) learn
>    the new route announcement (63.245.212.0/22)
>    (we can do this by using various "looking-glass" web sites around the
> world)
>  - when we are confident that 63.245.212.0/22 has propagated out to the world
>    (this takes but a few minutes usually)
>    then we can delete the 63.245.214.0/23 routing announcement from the POP
>    border routers.

Dave when are you looking to do this (do I need to expedite this for TCW?)
(Assignee)

Comment 2

3 years ago
I can do this just about any time.
I will do it at some off hour, out an abundance of caution.
(Assignee)

Comment 3

3 years ago
There was an old static route on both border routers, from when the SJC1 data center was still in place.
Netops at the time did a lot of unorthodox things, which included routing some of our own private IP
space out towards our providers, so reach SJC1.  
I deleted that static route from both POP border routers.

dcurado@border1.ops.sjc2.mozilla.net> show configuration | compare rollback 2    
[edit routing-options static]
-    route 63.245.208.0/22 next-hop 64.125.170.37;
(Assignee)

Comment 4

3 years ago
- updated the bgp-announce policy on border1.sjc2 to allow 63.245.212.0/22 to be announced
- updated the inbound anti spoofing filter to allow packets to the 63.245.212.0/22 range to come in
- created the static route for 63.245.212.0/22 next-hop discard, preference 200
- commited, then verified through a looking glass in Japan that the route is in the default free zone 

dcurado@border1.ops.sjc2.mozilla.net> show configuration | compare rollback 7    
[edit routing-options static]
     route 63.245.219.36/30 { ... }
+    route 63.245.212.0/22 {
+        discard;
+        preference 200;
+    }
-    route 63.245.208.0/22 next-hop 64.125.170.37;
[edit policy-options policy-statement bgp-announce term announce-scl3 from]
       route-filter 63.245.223.0/24 exact { ... }
+      route-filter 63.245.212.0/22 exact;
[edit firewall family inet filter inbound-anti-spoofing term reject-mozilla from source-address]
         63.245.223.0/24 { ... }
+        63.245.212.0/22;
(Assignee)

Comment 5

3 years ago
on border1.pao1... same changes...

dcurado@border1.ops.pao1.mozilla.net> show configuration | compare rollback 4    
[edit routing-options static]
     route 63.245.219.32/30 { ... }
+    route 63.245.212.0/22 {
+        discard;
+        preference 200;
+    }
-    route 63.245.208.0/22 next-hop 64.125.170.33;
[edit policy-options policy-statement bgp-announce term announce-scl3 from]
       route-filter 63.245.223.0/24 exact { ... }
+      route-filter 63.245.212.0/22 exact;
[edit firewall family inet filter inbound-anti-spoofing term reject-mozilla from source-address]
         63.245.223.0/24 { ... }
+        63.245.212.0/22;
(Assignee)

Comment 6

3 years ago
All looks good.
From border1.pao1:
dcurado@border1.ops.pao1.mozilla.net> show route advertising-protocol bgp 64.125.170.33 

inet.0: 541178 destinations, 1039194 routes (541175 active, 3 holddown, 0 hidden)
  Prefix		  Nexthop	       MED     Lclpref    AS path
* 63.245.212.0/22         Self                                    I
* 63.245.214.0/23         Self                 0                  I
* 63.245.219.0/24         Self                                    I
* 63.245.221.0/24         Self                                    I
* 63.245.223.0/24         Self                                    I

--------------

dcurado@border1.ops.sjc2.mozilla.net> show route advertising-protocol bgp 64.125.170.37 

inet.0: 541176 destinations, 1417258 routes (541175 active, 1 holddown, 0 hidden)
Restart Complete
  Prefix		  Nexthop	       MED     Lclpref    AS path
* 63.245.212.0/22         Self                                    I
* 63.245.214.0/23         Self                 0                  I
* 63.245.219.0/24         Self                                    I
* 63.245.221.0/24         Self                                    I
* 63.245.223.0/24         Self                                    I

{master}
dcurado@border1.ops.sjc2.mozilla.net> show route advertising-protocol bgp 62.115.8.161     

inet.0: 541176 destinations, 1417252 routes (541175 active, 1 holddown, 0 hidden)
Restart Complete
  Prefix		  Nexthop	       MED     Lclpref    AS path
* 63.245.212.0/22         Self                                    I
* 63.245.214.0/23         Self                 0                  I
* 63.245.219.0/24         Self                                    I
* 63.245.221.0/24         Self                                    I
* 63.245.223.0/24         Self                                    I
(Assignee)

Comment 7

3 years ago
I can now safely delete the static route for 63.245.214.0/23.
But, in an abundance of caution, I'll do that during the TCW coming this saturday.
Reviewed 7/15 CAB approved
Flags: cab-review? → cab-review+
(Assignee)

Comment 9

3 years ago
this work has been completed.
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED

Updated

2 years ago
Cab Review: --- → approved
Flags: cab-review+
You need to log in before you can comment on or make changes to this bug.