https://wiki.haxogreen.lu/2024/w/api.php?action=feedcontributions&feedformat=atom&user=R3bootHaxogreen 2024 Wiki - User contributions [en]2026-05-27T08:57:23ZUser contributionsMediaWiki 1.39.7https://wiki.haxogreen.lu/2024/w/index.php?title=BGP_Workshop&diff=1356BGP Workshop2024-07-26T15:48:47Z<p>R3boot: </p>
<hr />
<div>Ever wondered how to use the protocol that binds the internet together? This workshop will help you understand the basics of BGP, by performing a number of tasks with BGP. The workshop is divided into two parts; In the first part, we will be building a demonstration network in which we will apply the basic configuration to get a working BGP network. Using this knowledge (and assuming you know how to configure point-to-point VPN tunnels), you can setup fully routed private networks that are vendor / device / OS agnostic. The second part of the workshop is optional, and will discuss some practical applications that are built on top of, namely Anycast and DDoS migitation using remotely triggered blackhole routing.<br />
<br />
# Basics<br />
## Routing theory<br />
## Setting up a peering<br />
## Filtering<br />
## Aggregation<br />
## Hijacking<br />
<br />
# Advanced<br />
## Anycast<br />
## DDoS migitation<br />
<br />
Assumed is that you have an understanding of Linux and the basics of networking (what is an ip, what is a subnet, what is a router, what is a switch). While the workshop is designed around Linux/BIRD, the concepts that we will be working with apply to all devices that are able to talk, configure policies/access lists and can speak BGP, or most other routing protocols.<br />
<br />
== Expectations ==<br />
This workshop will NOT be about internet routing. It will discuss the BGP protocol using a bunch of examples that can be applied to anything that runs BGP. These techniques can be applied on your LAN and over VPN tunnels.<br />
<br />
== Requirements ==<br />
In order to participate in this workshop, you need to have the following:<br />
<br />
* A working Debian system (either virtualized or bare-metal). Other distros will also work.<br />
* A direct connection to the network (no nat, no routed connections)<br />
* BIRD version 2.x, bash, netcat, ping, iproute2<br />
<br />
== Registration ==<br />
Every participant of the workshop needs their own AS number and a prefix. Either add your details to the sheet below, or ask [[User:R3boot|r3boot]] to add you.<br />
<br />
https://docs.nurd.space/sheet/#/2/sheet/edit/IacR4-gLFoetuyrli3JBhIMB/<br />
<br />
= Workshop =<br />
== Setting up your local networks ==<br />
<br />
Create the two networks using iproute2:<br />
<br />
ip link add type dummy<br />
ip link add type dummy<br />
<br />
ip addr add 192.168.0.1/24 dev dummy0<br />
ip addr add 192.168.1.1/24 dev dummy1<br />
<br />
ip link set dummy0 up<br />
ip link set dummy1 up<br />
<br />
Enable ip forwarding<br />
<br />
sysctl -w net.ipv4.ip_forward=1<br />
<br />
<br />
== Setup initial configuration of BIRD ==<br />
<br />
Configure BIRD to read network prefixes from all dummy devices. Do this by editing `/etc/bird/bird.conf`. Replace the current content with the content below. Be sure to replace X.X.X.X with your ip address.<br />
<br />
router id X.X.X.X;<br />
<br />
protocol device { }<br />
<br />
protocol direct {<br />
ipv4;<br />
interface "dummy*";<br />
}<br />
<br />
protocol kernel {<br />
ipv4 {<br />
export all;<br />
};<br />
}<br />
<br />
<br />
== Load and check setup ==<br />
<br />
birdc configure<br />
birdc show route<br />
<br />
A correctly configured BIRD will show a routing table that looks like the one below:<br />
<br />
BIRD 2.0.12 ready.<br />
Table master4:<br />
192.168.0.0/24 unicast [direct1 13:48:13.162] * (240)<br />
dev dummy0<br />
192.168.1.0/24 unicast [direct1 13:48:18.015] * (240)<br />
dev dummy1<br />
<br />
<br />
Doublecheck that BIRD is exporting routes to the kernel using '''ip route show protocol bird'''. It should look like the following:<br />
<br />
192.168.0.0/24 dev dummy0 proto bird scope link metric 32<br />
192.168.1.0/24 dev dummy1 proto bird scope link metric 32<br />
<br />
= 1) Basic BGP operations =<br />
<br />
== 1.1) Setting up your first BGP peering(s) ==<br />
<br />
For each participant you want to setup a peering for, configure a block like below. Replace X.X.X.X and AAAAA with your own details. Replace Y.Y.Y.Y and BBBBB with the details that are used by your peer. Add a descriptive name for PEERNAME.<br />
<br />
protocol bgp PEERNAME {<br />
local X.X.X.X as AAAAA;<br />
neighbor Y.Y.Y.Y as BBBBB;<br />
<br />
ipv4 {<br />
import all;<br />
export all;<br />
};<br />
}<br />
<br />
<br />
Once the peer configuration is added, load the configuration, and doublecheck if the peering is established.<br />
<br />
birdc configure<br />
birdc show protocols<br />
birdc show route<br />
ip route show protocol bird<br />
<br />
== 1.2) Filtering ==<br />
<br />
Modify the configuration and add an export filter for each peer.<br />
<br />
filter export_to_PEERNAME {<br />
if net ~ [ 192.168.0.0/23{23,24} ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
Next, configure the peer to use the filters for both importing and exporting routes:<br />
<br />
protocol bgp alita {<br />
[...]<br />
<br />
ipv4 {<br />
import all;<br />
export filter export_to_alita;<br />
};<br />
}<br />
<br />
Once you are done, reload the configuration and check your routes again<br />
<br />
birdc configure<br />
birdc show route<br />
ip route show protocol bird<br />
<br />
== 1.3) Aggregation ==<br />
<br />
Setup a static route which contains both your subnets. Configure the subnet to send host unreachables whenever an ip does not respond to ARP requests.<br />
<br />
protocol static my_network {<br />
ipv4;<br />
route 192.168.0.0/23 unreachable;<br />
}<br />
<br />
<br />
Tighten your export filter for all your peerings so that you only send your aggregated network:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
== 1.4) Hijacking ==<br />
<br />
Configure an extra dummy interface that is configured with an IP address belonging to some peer:<br />
<br />
ip link add type dummy<br />
ip addr add 192.168.2.66/32 dev dummy2<br />
ip link set dummy2 up<br />
<br />
<br />
Modify your export filters to send the hijacked prefix:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
if net ~ [ 192.168.2.66/32 ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
Reload the configuration, and validate that the new route is set:<br />
<br />
birdc configure<br />
birdc show route<br />
ip route show protocol bgp<br />
<br />
=== 1.4.1) Preventing BGP hijacking ===<br />
<br />
Modify the import filter for your peer to only accept prefixes that belong to your peer, and use this filter to select routes imported from your peer:<br />
<br />
filter import_from_alita {<br />
if net ~ [ 192.168.6.0/23 ] then accept;<br />
reject;<br />
}<br />
<br />
protocol bgp alita {<br />
[...]<br />
<br />
ipv4 {<br />
import filter import_from_alita;<br />
export filter export_to_alita;<br />
};<br />
}<br />
<br />
Next, reload the configuration, restart the BGP peering and check the routing tables:<br />
<br />
birdc configure<br />
birdc restart alita<br />
birdc show route<br />
<br />
<br />
Once you are done with this excercise, remove the dummy interface you used for hijacking.<br />
<br />
ip link del dummy2<br />
<br />
= 2) Advanced BGP tricks =<br />
<br />
== 2.1) BGP Anycast ==<br />
<br />
Configure a loopback interface for your service<br />
<br />
ip link add type dummy<br />
<br />
<br />
Configure a health check which manages the anycast ip.<br />
<br />
<br />
#!/usr/bin/env bash<br />
<br />
INTERFACE='dummy2'<br />
IP='192.168.0.42'<br />
<br />
while :; do<br />
if nc -w1 -nz 127.0.0.1 22; then<br />
ip addr add ${IP}/32 dev ${INTERFACE} 2>/dev/null<br />
else<br />
ip addr flush dev ${INTERFACE}<br />
fi<br />
sleep 1<br />
done<br />
<br />
Now start or stop your service. Notice that bird will advertise the service once second after the service starts listening on its port, and stops advertising the address as soon as you stop the service.<br />
<br />
Be sure to tear down the dummy2 interface once you are done, since the next example is incompatible with it.<br />
<br />
ip link del dummy2<br />
<br />
== 2.2) DDoS migitation using s/RTBH ==<br />
<br />
Modify your export filter(s) so that a BGP community gets added whenever BIRD finds a single ip address belonging to your ip space:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23{32,32} ] then<br />
bgp_community.add((65000,42));<br />
accept;<br />
fi<br />
<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
<br />
reject;<br />
}<br />
<br />
<br />
Modify the import filter of your peers to reject a prefix as soon as it finds the migitation community<br />
<br />
filter import_from_alita {<br />
if ( net ~ [ 192.168.6.0/23{32,32} ] && (65003,42) ~ bgp_community) then {<br />
dest = RTD_UNREACHABLE;<br />
accept;<br />
}<br />
<br />
if net ~ [ 192.168.6.0/23 ] then accept;<br />
<br />
reject;<br />
}<br />
<br />
Reload your configuration. Notice that nothing will change, since you have not tagged any prefix with the migitation community.<br />
<br />
Now, pick an ip address within your range, and ask one of your peers to run a ping towards this ip.<br />
<br />
To activate the migitation, add a static route for an ip address you want to protect, and reload your configuration:<br />
<br />
protocol static my_network {<br />
[...]<br />
<br />
route 192.168.1.1/32 blackhole;<br />
}<br />
<br />
To deactivate the migitation, remove the static route and reload your configuration.</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=BGP_Workshop&diff=1355BGP Workshop2024-07-26T15:46:12Z<p>R3boot: </p>
<hr />
<div>Ever wondered how to use the protocol that binds the internet together? This workshop will help you understand the basics of BGP, by performing a number of tasks with BGP. The workshop is divided into two parts; In the first part, we will be building a demonstration network in which we will apply the basic configuration to get a working BGP network. Using this knowledge (and assuming you know how to configure point-to-point VPN tunnels), you can setup fully routed private networks that are vendor / device / OS agnostic. The second part of the workshop is optional, and will discuss some practical applications that are built on top of, namely Anycast and DDoS migitation using remotely triggered blackhole routing.<br />
<br />
1) Basics<br />
1.1) Routing theory<br />
1.2) Setting up a peering<br />
1.3) Route leaks<br />
1.4) Aggregation<br />
1.5) Hijacking<br />
<br />
2) Advanced<br />
2.1) Anycast<br />
2.2) DDoS migitation<br />
<br />
Assumed is that you have an understanding of Linux and the basics of networking (what is an ip, what is a subnet, what is a router, what is a switch). While the workshop is designed around Linux/BIRD, the concepts that we will be working with apply to all devices that are able to talk, configure policies/access lists and can speak BGP, or most other routing protocols.<br />
<br />
== Expectations ==<br />
This workshop will NOT be about internet routing. It will discuss the BGP protocol using a bunch of examples that can be applied to anything that runs BGP. These techniques can be applied on your LAN and over VPN tunnels.<br />
<br />
== Requirements ==<br />
In order to participate in this workshop, you need to have the following:<br />
<br />
* A working Debian system (either virtualized or bare-metal). Other distros will also work.<br />
* A direct connection to the network (no nat, no routed connections)<br />
* BIRD version 2.x, bash, netcat, ping, iproute2<br />
<br />
== Registration ==<br />
Every participant of the workshop needs their own AS number and a prefix. Either add your details to the sheet below, or ask [[User:R3boot|r3boot]] to add you.<br />
<br />
https://docs.nurd.space/sheet/#/2/sheet/edit/IacR4-gLFoetuyrli3JBhIMB/<br />
<br />
= Workshop =<br />
== Setting up your local networks ==<br />
<br />
Create the two networks using iproute2:<br />
<br />
ip link add type dummy<br />
ip link add type dummy<br />
<br />
ip addr add 192.168.0.1/24 dev dummy0<br />
ip addr add 192.168.1.1/24 dev dummy1<br />
<br />
ip link set dummy0 up<br />
ip link set dummy1 up<br />
<br />
Enable ip forwarding<br />
<br />
sysctl -w net.ipv4.ip_forward=1<br />
<br />
<br />
== Setup initial configuration of BIRD ==<br />
<br />
Configure BIRD to read network prefixes from all dummy devices. Do this by editing `/etc/bird/bird.conf`. Replace the current content with the content below. Be sure to replace X.X.X.X with your ip address.<br />
<br />
router id X.X.X.X;<br />
<br />
protocol device { }<br />
<br />
protocol direct {<br />
ipv4;<br />
interface "dummy*";<br />
}<br />
<br />
protocol kernel {<br />
ipv4 {<br />
export all;<br />
};<br />
}<br />
<br />
<br />
== Load and check setup ==<br />
<br />
birdc configure<br />
birdc show route<br />
<br />
A correctly configured BIRD will show a routing table that looks like the one below:<br />
<br />
BIRD 2.0.12 ready.<br />
Table master4:<br />
192.168.0.0/24 unicast [direct1 13:48:13.162] * (240)<br />
dev dummy0<br />
192.168.1.0/24 unicast [direct1 13:48:18.015] * (240)<br />
dev dummy1<br />
<br />
<br />
Doublecheck that BIRD is exporting routes to the kernel using '''ip route show protocol bird'''. It should look like the following:<br />
<br />
192.168.0.0/24 dev dummy0 proto bird scope link metric 32<br />
192.168.1.0/24 dev dummy1 proto bird scope link metric 32<br />
<br />
= 1) Basic BGP operations =<br />
<br />
== 1.1) Setting up your first BGP peering(s) ==<br />
<br />
For each participant you want to setup a peering for, configure a block like below. Replace X.X.X.X and AAAAA with your own details. Replace Y.Y.Y.Y and BBBBB with the details that are used by your peer. Add a descriptive name for PEERNAME.<br />
<br />
protocol bgp PEERNAME {<br />
local X.X.X.X as AAAAA;<br />
neighbor Y.Y.Y.Y as BBBBB;<br />
<br />
ipv4 {<br />
import all;<br />
export all;<br />
};<br />
}<br />
<br />
<br />
Once the peer configuration is added, load the configuration, and doublecheck if the peering is established.<br />
<br />
birdc configure<br />
birdc show protocols<br />
birdc show route<br />
ip route show protocol bird<br />
<br />
== 1.2) Filtering ==<br />
<br />
Modify the configuration and add an export filter for each peer.<br />
<br />
filter export_to_PEERNAME {<br />
if net ~ [ 192.168.0.0/23{23,24} ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
Next, configure the peer to use the filters for both importing and exporting routes:<br />
<br />
protocol bgp alita {<br />
[...]<br />
<br />
ipv4 {<br />
import all;<br />
export filter export_to_alita;<br />
};<br />
}<br />
<br />
Once you are done, reload the configuration and check your routes again<br />
<br />
birdc configure<br />
birdc show route<br />
ip route show protocol bird<br />
<br />
== 1.3) Aggregation ==<br />
<br />
Setup a static route which contains both your subnets. Configure the subnet to send host unreachables whenever an ip does not respond to ARP requests.<br />
<br />
protocol static my_network {<br />
ipv4;<br />
route 192.168.0.0/23 unreachable;<br />
}<br />
<br />
<br />
Tighten your export filter for all your peerings so that you only send your aggregated network:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
== 1.4) BGP hijacking ==<br />
<br />
Configure an extra dummy interface that is configured with an IP address belonging to some peer:<br />
<br />
ip link add type dummy<br />
ip addr add 192.168.2.66/32 dev dummy2<br />
ip link set dummy2 up<br />
<br />
<br />
Modify your export filters to send the hijacked prefix:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
if net ~ [ 192.168.2.66/32 ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
Reload the configuration, and validate that the new route is set:<br />
<br />
birdc configure<br />
birdc show route<br />
ip route show protocol bgp<br />
<br />
=== 1.4.1) Preventing BGP hijacking ===<br />
<br />
Modify the import filter for your peer to only accept prefixes that belong to your peer, and use this filter to select routes imported from your peer:<br />
<br />
filter import_from_alita {<br />
if net ~ [ 192.168.6.0/23 ] then accept;<br />
reject;<br />
}<br />
<br />
protocol bgp alita {<br />
[...]<br />
<br />
ipv4 {<br />
import filter import_from_alita;<br />
export filter export_to_alita;<br />
};<br />
}<br />
<br />
Next, reload the configuration, restart the BGP peering and check the routing tables:<br />
<br />
birdc configure<br />
birdc restart alita<br />
birdc show route<br />
<br />
<br />
Once you are done with this excercise, remove the dummy interface you used for hijacking.<br />
<br />
ip link del dummy2<br />
<br />
= 2) Advanced BGP tricks =<br />
<br />
== 2.1) BGP Anycast ==<br />
<br />
Configure a loopback interface for your service<br />
<br />
ip link add type dummy<br />
<br />
<br />
Configure a health check which manages the anycast ip.<br />
<br />
<br />
#!/usr/bin/env bash<br />
<br />
INTERFACE='dummy2'<br />
IP='192.168.0.42'<br />
<br />
while :; do<br />
if nc -w1 -nz 127.0.0.1 22; then<br />
ip addr add ${IP}/32 dev ${INTERFACE} 2>/dev/null<br />
else<br />
ip addr flush dev ${INTERFACE}<br />
fi<br />
sleep 1<br />
done<br />
<br />
Now start or stop your service. Notice that bird will advertise the service once second after the service starts listening on its port, and stops advertising the address as soon as you stop the service.<br />
<br />
Be sure to tear down the dummy2 interface once you are done, since the next example is incompatible with it.<br />
<br />
ip link del dummy2<br />
<br />
== 2.2) DDoS migitation using s/RTBH ==<br />
<br />
Modify your export filter(s) so that a BGP community gets added whenever BIRD finds a single ip address belonging to your ip space:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23{32,32} ] then<br />
bgp_community.add((65000,42));<br />
accept;<br />
fi<br />
<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
<br />
reject;<br />
}<br />
<br />
<br />
Modify the import filter of your peers to reject a prefix as soon as it finds the migitation community<br />
<br />
filter import_from_alita {<br />
if ( net ~ [ 192.168.6.0/23{32,32} ] && (65003,42) ~ bgp_community) then {<br />
dest = RTD_UNREACHABLE;<br />
accept;<br />
}<br />
<br />
if net ~ [ 192.168.6.0/23 ] then accept;<br />
<br />
reject;<br />
}<br />
<br />
Reload your configuration. Notice that nothing will change, since you have not tagged any prefix with the migitation community.<br />
<br />
Now, pick an ip address within your range, and ask one of your peers to run a ping towards this ip.<br />
<br />
To activate the migitation, add a static route for an ip address you want to protect, and reload your configuration:<br />
<br />
protocol static my_network {<br />
[...]<br />
<br />
route 192.168.1.1/32 blackhole;<br />
}<br />
<br />
To deactivate the migitation, remove the static route and reload your configuration.</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=BGP_Workshop&diff=1354BGP Workshop2024-07-26T15:43:48Z<p>R3boot: </p>
<hr />
<div>Ever wondered how to use the protocol that binds the internet together? This workshop will help you understand the basics of BGP, by performing a number of tasks with BGP on a small-scale. We will work with the following subjects:<br />
<br />
* Routing theory<br />
* Setting up a peering<br />
* Route leaks<br />
* Aggregation<br />
* Hijacking<br />
* Anycast<br />
* DDoS migitation (s/RTBH)<br />
<br />
Assumed is that you have an understanding of Linux and the basics of networking (what is an ip, what is a subnet, what is a router, what is a switch). While the workshop is designed around Linux/BIRD, the concepts that we will be working with apply to all devices that are able to talk, configure policies/access lists and can speak BGP, or most other routing protocols.<br />
<br />
== Expectations ==<br />
This workshop will NOT be about internet routing. It will discuss the BGP protocol using a bunch of examples that can be applied to anything that runs BGP. These techniques can be applied on your LAN and over VPN tunnels. The workshop is divided into two parts; In the first part, we will be building a demonstration network in which we will apply the basic configuration to get a working BGP network. Using this knowledge (and assuming you know how to configure point-to-point VPN tunnels), you can setup fully routed private networks that are vendor / device / OS agnostic. The second part of the workshop is optional, and will discuss some practical applications that are built on top of, namely Anycast and DDoS migitation using remotely triggered blackhole routing.<br />
<br />
== Requirements ==<br />
In order to participate in this workshop, you need to have the following:<br />
<br />
* A working Debian system (either virtualized or bare-metal). Other distros will also work.<br />
* A direct connection to the network (no nat, no routed connections)<br />
* BIRD version 2.x, bash, netcat, ping, iproute2<br />
<br />
== Registration ==<br />
Every participant of the workshop needs their own AS number and a prefix. Either add your details to the sheet below, or ask [[User:R3boot|r3boot]] to add you.<br />
<br />
https://docs.nurd.space/sheet/#/2/sheet/edit/IacR4-gLFoetuyrli3JBhIMB/<br />
<br />
= Workshop =<br />
== Setting up your local networks ==<br />
<br />
Create the two networks using iproute2:<br />
<br />
ip link add type dummy<br />
ip link add type dummy<br />
<br />
ip addr add 192.168.0.1/24 dev dummy0<br />
ip addr add 192.168.1.1/24 dev dummy1<br />
<br />
ip link set dummy0 up<br />
ip link set dummy1 up<br />
<br />
Enable ip forwarding<br />
<br />
sysctl -w net.ipv4.ip_forward=1<br />
<br />
<br />
== Setup initial configuration of BIRD ==<br />
<br />
Configure BIRD to read network prefixes from all dummy devices. Do this by editing `/etc/bird/bird.conf`. Replace the current content with the content below. Be sure to replace X.X.X.X with your ip address.<br />
<br />
router id X.X.X.X;<br />
<br />
protocol device { }<br />
<br />
protocol direct {<br />
ipv4;<br />
interface "dummy*";<br />
}<br />
<br />
protocol kernel {<br />
ipv4 {<br />
export all;<br />
};<br />
}<br />
<br />
<br />
== Load and check setup ==<br />
<br />
birdc configure<br />
birdc show route<br />
<br />
A correctly configured BIRD will show a routing table that looks like the one below:<br />
<br />
BIRD 2.0.12 ready.<br />
Table master4:<br />
192.168.0.0/24 unicast [direct1 13:48:13.162] * (240)<br />
dev dummy0<br />
192.168.1.0/24 unicast [direct1 13:48:18.015] * (240)<br />
dev dummy1<br />
<br />
<br />
Doublecheck that BIRD is exporting routes to the kernel using '''ip route show protocol bird'''. It should look like the following:<br />
<br />
192.168.0.0/24 dev dummy0 proto bird scope link metric 32<br />
192.168.1.0/24 dev dummy1 proto bird scope link metric 32<br />
<br />
= 1) Basic BGP operations =<br />
<br />
== 1.1) Setting up your first BGP peering(s) ==<br />
<br />
For each participant you want to setup a peering for, configure a block like below. Replace X.X.X.X and AAAAA with your own details. Replace Y.Y.Y.Y and BBBBB with the details that are used by your peer. Add a descriptive name for PEERNAME.<br />
<br />
protocol bgp PEERNAME {<br />
local X.X.X.X as AAAAA;<br />
neighbor Y.Y.Y.Y as BBBBB;<br />
<br />
ipv4 {<br />
import all;<br />
export all;<br />
};<br />
}<br />
<br />
<br />
Once the peer configuration is added, load the configuration, and doublecheck if the peering is established.<br />
<br />
birdc configure<br />
birdc show protocols<br />
birdc show route<br />
ip route show protocol bird<br />
<br />
== 1.2) Filtering ==<br />
<br />
Modify the configuration and add an export filter for each peer.<br />
<br />
filter export_to_PEERNAME {<br />
if net ~ [ 192.168.0.0/23{23,24} ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
Next, configure the peer to use the filters for both importing and exporting routes:<br />
<br />
protocol bgp alita {<br />
[...]<br />
<br />
ipv4 {<br />
import all;<br />
export filter export_to_alita;<br />
};<br />
}<br />
<br />
Once you are done, reload the configuration and check your routes again<br />
<br />
birdc configure<br />
birdc show route<br />
ip route show protocol bird<br />
<br />
== 1.3) Aggregation ==<br />
<br />
Setup a static route which contains both your subnets. Configure the subnet to send host unreachables whenever an ip does not respond to ARP requests.<br />
<br />
protocol static my_network {<br />
ipv4;<br />
route 192.168.0.0/23 unreachable;<br />
}<br />
<br />
<br />
Tighten your export filter for all your peerings so that you only send your aggregated network:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
== 1.4) BGP hijacking ==<br />
<br />
Configure an extra dummy interface that is configured with an IP address belonging to some peer:<br />
<br />
ip link add type dummy<br />
ip addr add 192.168.2.66/32 dev dummy2<br />
ip link set dummy2 up<br />
<br />
<br />
Modify your export filters to send the hijacked prefix:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
if net ~ [ 192.168.2.66/32 ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
Reload the configuration, and validate that the new route is set:<br />
<br />
birdc configure<br />
birdc show route<br />
ip route show protocol bgp<br />
<br />
=== 1.4.1) Preventing BGP hijacking ===<br />
<br />
Modify the import filter for your peer to only accept prefixes that belong to your peer, and use this filter to select routes imported from your peer:<br />
<br />
filter import_from_alita {<br />
if net ~ [ 192.168.6.0/23 ] then accept;<br />
reject;<br />
}<br />
<br />
protocol bgp alita {<br />
[...]<br />
<br />
ipv4 {<br />
import filter import_from_alita;<br />
export filter export_to_alita;<br />
};<br />
}<br />
<br />
Next, reload the configuration, restart the BGP peering and check the routing tables:<br />
<br />
birdc configure<br />
birdc restart alita<br />
birdc show route<br />
<br />
<br />
Once you are done with this excercise, remove the dummy interface you used for hijacking.<br />
<br />
ip link del dummy2<br />
<br />
= 2) Advanced BGP tricks =<br />
<br />
== 2.1) BGP Anycast ==<br />
<br />
Configure a loopback interface for your service<br />
<br />
ip link add type dummy<br />
<br />
<br />
Configure a health check which manages the anycast ip.<br />
<br />
<br />
#!/usr/bin/env bash<br />
<br />
INTERFACE='dummy2'<br />
IP='192.168.0.42'<br />
<br />
while :; do<br />
if nc -w1 -nz 127.0.0.1 22; then<br />
ip addr add ${IP}/32 dev ${INTERFACE} 2>/dev/null<br />
else<br />
ip addr flush dev ${INTERFACE}<br />
fi<br />
sleep 1<br />
done<br />
<br />
Now start or stop your service. Notice that bird will advertise the service once second after the service starts listening on its port, and stops advertising the address as soon as you stop the service.<br />
<br />
Be sure to tear down the dummy2 interface once you are done, since the next example is incompatible with it.<br />
<br />
ip link del dummy2<br />
<br />
== 2.2) DDoS migitation using s/RTBH ==<br />
<br />
Modify your export filter(s) so that a BGP community gets added whenever BIRD finds a single ip address belonging to your ip space:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23{32,32} ] then<br />
bgp_community.add((65000,42));<br />
accept;<br />
fi<br />
<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
<br />
reject;<br />
}<br />
<br />
<br />
Modify the import filter of your peers to reject a prefix as soon as it finds the migitation community<br />
<br />
filter import_from_alita {<br />
if ( net ~ [ 192.168.6.0/23{32,32} ] && (65003,42) ~ bgp_community) then {<br />
dest = RTD_UNREACHABLE;<br />
accept;<br />
}<br />
<br />
if net ~ [ 192.168.6.0/23 ] then accept;<br />
<br />
reject;<br />
}<br />
<br />
Reload your configuration. Notice that nothing will change, since you have not tagged any prefix with the migitation community.<br />
<br />
Now, pick an ip address within your range, and ask one of your peers to run a ping towards this ip.<br />
<br />
To activate the migitation, add a static route for an ip address you want to protect, and reload your configuration:<br />
<br />
protocol static my_network {<br />
[...]<br />
<br />
route 192.168.1.1/32 blackhole;<br />
}<br />
<br />
To deactivate the migitation, remove the static route and reload your configuration.</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=BGP_Workshop&diff=1353BGP Workshop2024-07-26T15:36:30Z<p>R3boot: </p>
<hr />
<div>= Introduction =<br />
Ever wondered how to use the protocol that binds the internet together? This workshop will help you understand the basics of BGP, by performing a number of tasks with BGP on a small-scale. We will work with the following subjects:<br />
<br />
* Routing theory<br />
* Setting up a peering<br />
* Route leaks<br />
* Aggregation<br />
* Hijacking<br />
* Anycast<br />
* DDoS migitation (s/RTBH)<br />
<br />
Assumed is that you have an understanding of Linux and the basics of networking (what is an ip, what is a subnet, what is a router, what is a switch).<br />
<br />
== Expectations ==<br />
This workshop will NOT be about internet routing. It will discuss the BGP protocol using a bunch of examples that can be applied to anything that runs BGP. These techniques can be applied on your LAN and over VPN tunnels.<br />
<br />
== Requirements ==<br />
In order to participate in this workshop, you need to have the following:<br />
<br />
* A working Debian system (either virtualized or bare-metal). Other distros will also work.<br />
* A direct connection to the network (no nat, no routed connections)<br />
* BIRD version 2.x, bash, netcat, ping, iproute2<br />
<br />
== Registration ==<br />
Every participant of the workshop needs their own AS number and a prefix. Either add your details to the sheet below, or ask [[User:R3boot|r3boot]] to add you.<br />
<br />
https://docs.nurd.space/sheet/#/2/sheet/edit/IacR4-gLFoetuyrli3JBhIMB/<br />
<br />
= Workshop =<br />
== Setting up your local networks ==<br />
<br />
Create the two networks using iproute2:<br />
<br />
ip link add type dummy<br />
ip link add type dummy<br />
<br />
ip addr add 192.168.0.1/24 dev dummy0<br />
ip addr add 192.168.1.1/24 dev dummy1<br />
<br />
ip link set dummy0 up<br />
ip link set dummy1 up<br />
<br />
Enable ip forwarding<br />
<br />
sysctl -w net.ipv4.ip_forward=1<br />
<br />
<br />
== Setup initial configuration of BIRD ==<br />
<br />
Configure BIRD to read network prefixes from all dummy devices. Do this by editing `/etc/bird/bird.conf`. Replace the current content with the content below. Be sure to replace X.X.X.X with your ip address.<br />
<br />
router id X.X.X.X;<br />
<br />
protocol device { }<br />
<br />
protocol direct {<br />
ipv4;<br />
interface "dummy*";<br />
}<br />
<br />
protocol kernel {<br />
ipv4 {<br />
export all;<br />
};<br />
}<br />
<br />
<br />
== Load and check setup ==<br />
<br />
birdc configure<br />
birdc show route<br />
<br />
A correctly configured BIRD will show a routing table that looks like the one below:<br />
<br />
BIRD 2.0.12 ready.<br />
Table master4:<br />
192.168.0.0/24 unicast [direct1 13:48:13.162] * (240)<br />
dev dummy0<br />
192.168.1.0/24 unicast [direct1 13:48:18.015] * (240)<br />
dev dummy1<br />
<br />
<br />
Doublecheck that BIRD is exporting routes to the kernel using '''ip route show protocol bird'''. It should look like the following:<br />
<br />
192.168.0.0/24 dev dummy0 proto bird scope link metric 32<br />
192.168.1.0/24 dev dummy1 proto bird scope link metric 32<br />
<br />
= 1) Basic BGP operations =<br />
<br />
== 1.1) Setting up your first BGP peering(s) ==<br />
<br />
For each participant you want to setup a peering for, configure a block like below. Replace X.X.X.X and AAAAA with your own details. Replace Y.Y.Y.Y and BBBBB with the details that are used by your peer. Add a descriptive name for PEERNAME.<br />
<br />
protocol bgp PEERNAME {<br />
local X.X.X.X as AAAAA;<br />
neighbor Y.Y.Y.Y as BBBBB;<br />
<br />
ipv4 {<br />
import all;<br />
export all;<br />
};<br />
}<br />
<br />
<br />
Once the peer configuration is added, load the configuration, and doublecheck if the peering is established.<br />
<br />
birdc configure<br />
birdc show protocols<br />
birdc show route<br />
ip route show protocol bird<br />
<br />
== 1.2) Filtering ==<br />
<br />
Modify the configuration and add an export filter for each peer.<br />
<br />
filter export_to_PEERNAME {<br />
if net ~ [ 192.168.0.0/23{23,24} ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
Next, configure the peer to use the filters for both importing and exporting routes:<br />
<br />
protocol bgp alita {<br />
[...]<br />
<br />
ipv4 {<br />
import all;<br />
export filter export_to_alita;<br />
};<br />
}<br />
<br />
Once you are done, reload the configuration and check your routes again<br />
<br />
birdc configure<br />
birdc show route<br />
ip route show protocol bird<br />
<br />
== 1.3) Aggregation ==<br />
<br />
Setup a static route which contains both your subnets. Configure the subnet to send host unreachables whenever an ip does not respond to ARP requests.<br />
<br />
protocol static my_network {<br />
ipv4;<br />
route 192.168.0.0/23 unreachable;<br />
}<br />
<br />
<br />
Tighten your export filter for all your peerings so that you only send your aggregated network:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
== 1.4) BGP hijacking ==<br />
<br />
Configure an extra dummy interface that is configured with an IP address belonging to some peer:<br />
<br />
ip link add type dummy<br />
ip addr add 192.168.2.66/32 dev dummy2<br />
ip link set dummy2 up<br />
<br />
<br />
Modify your export filters to send the hijacked prefix:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
if net ~ [ 192.168.2.66/32 ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
Reload the configuration, and validate that the new route is set:<br />
<br />
birdc configure<br />
birdc show route<br />
ip route show protocol bgp<br />
<br />
=== 1.4.1) Preventing BGP hijacking ===<br />
<br />
Modify the import filter for your peer to only accept prefixes that belong to your peer, and use this filter to select routes imported from your peer:<br />
<br />
filter import_from_alita {<br />
if net ~ [ 192.168.6.0/23 ] then accept;<br />
reject;<br />
}<br />
<br />
protocol bgp alita {<br />
[...]<br />
<br />
ipv4 {<br />
import filter import_from_alita;<br />
export filter export_to_alita;<br />
};<br />
}<br />
<br />
Next, reload the configuration, restart the BGP peering and check the routing tables:<br />
<br />
birdc configure<br />
birdc restart alita<br />
birdc show route<br />
<br />
<br />
Once you are done with this excercise, remove the dummy interface you used for hijacking.<br />
<br />
ip link del dummy2<br />
<br />
= 2) Advanced BGP tricks =<br />
<br />
== 2.1) BGP Anycast ==<br />
<br />
Configure a loopback interface for your service<br />
<br />
ip link add type dummy<br />
<br />
<br />
Configure a health check which manages the anycast ip.<br />
<br />
<br />
#!/usr/bin/env bash<br />
<br />
INTERFACE='dummy2'<br />
IP='192.168.0.42'<br />
<br />
while :; do<br />
if nc -w1 -nz 127.0.0.1 22; then<br />
ip addr add ${IP}/32 dev ${INTERFACE} 2>/dev/null<br />
else<br />
ip addr flush dev ${INTERFACE}<br />
fi<br />
sleep 1<br />
done<br />
<br />
Now start or stop your service. Notice that bird will advertise the service once second after the service starts listening on its port, and stops advertising the address as soon as you stop the service.<br />
<br />
Be sure to tear down the dummy2 interface once you are done, since the next example is incompatible with it.<br />
<br />
ip link del dummy2<br />
<br />
== 2.2) DDoS migitation using s/RTBH ==<br />
<br />
Modify your export filter(s) so that a BGP community gets added whenever BIRD finds a single ip address belonging to your ip space:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23{32,32} ] then<br />
bgp_community.add((65000,42));<br />
accept;<br />
fi<br />
<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
<br />
reject;<br />
}<br />
<br />
<br />
Modify the import filter of your peers to reject a prefix as soon as it finds the migitation community<br />
<br />
filter import_from_alita {<br />
if ( net ~ [ 192.168.6.0/23{32,32} ] && (65003,42) ~ bgp_community) then {<br />
dest = RTD_UNREACHABLE;<br />
accept;<br />
}<br />
<br />
if net ~ [ 192.168.6.0/23 ] then accept;<br />
<br />
reject;<br />
}<br />
<br />
Reload your configuration. Notice that nothing will change, since you have not tagged any prefix with the migitation community.<br />
<br />
Now, pick an ip address within your range, and ask one of your peers to run a ping towards this ip.<br />
<br />
To activate the migitation, add a static route for an ip address you want to protect, and reload your configuration:<br />
<br />
protocol static my_network {<br />
[...]<br />
<br />
route 192.168.1.1/32 blackhole;<br />
}<br />
<br />
To deactivate the migitation, remove the static route and reload your configuration.</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=BGP_Workshop&diff=1352BGP Workshop2024-07-26T15:34:03Z<p>R3boot: /* Load and check setup */</p>
<hr />
<div>= Introduction =<br />
Ever wondered how to use the protocol that binds the internet together? This workshop will help you understand the basics of BGP, by performing a number of tasks with BGP on a small-scale. We will work with the following subjects:<br />
<br />
* Routing theory<br />
* Setting up a peering<br />
* Route leaks<br />
* Aggregation<br />
* Hijacking<br />
* Anycast<br />
* DDoS migitation (s/RTBH)<br />
<br />
Assumed is that you have an understanding of Linux and the basics of networking (what is an ip, what is a subnet, what is a router, what is a switch).<br />
<br />
== Expectations ==<br />
This workshop will NOT be about internet routing. It will discuss the BGP protocol using a bunch of examples that can be applied to anything that runs BGP. These techniques can be applied on your LAN and over VPN tunnels.<br />
<br />
== Requirements ==<br />
In order to participate in this workshop, you need to have the following:<br />
<br />
* A working Debian system (either virtualized or bare-metal). Other distros will also work.<br />
* A direct connection to the network (no nat, no routed connections)<br />
* BIRD version 2.x, bash, netcat, ping, iproute2<br />
<br />
== Registration ==<br />
Every participant of the workshop needs their own AS number and a prefix. Either add your details to the sheet below, or ask [[User:R3boot|r3boot]] to add you.<br />
<br />
https://docs.nurd.space/sheet/#/2/sheet/edit/IacR4-gLFoetuyrli3JBhIMB/<br />
<br />
= Workshop =<br />
== Setting up your local networks ==<br />
<br />
Create the two networks using iproute2:<br />
<br />
ip link add type dummy<br />
ip link add type dummy<br />
<br />
ip addr add 192.168.0.1/24 dev dummy0<br />
ip addr add 192.168.1.1/24 dev dummy1<br />
<br />
ip link set dummy0 up<br />
ip link set dummy1 up<br />
<br />
Enable ip forwarding<br />
<br />
sysctl -w net.ipv4.ip_forward=1<br />
<br />
<br />
== Setup initial configuration of BIRD ==<br />
<br />
Configure BIRD to read network prefixes from all dummy devices. Do this by editing `/etc/bird/bird.conf`. Replace the current content with the content below. Be sure to replace X.X.X.X with your ip address.<br />
<br />
router id X.X.X.X;<br />
<br />
protocol device { }<br />
<br />
protocol direct {<br />
ipv4;<br />
interface "dummy*";<br />
}<br />
<br />
protocol kernel {<br />
ipv4 {<br />
export all;<br />
};<br />
}<br />
<br />
<br />
== Load and check setup ==<br />
<br />
birdc configure<br />
birdc show route<br />
<br />
A correctly configured BIRD will show a routing table that looks like the one below:<br />
<br />
BIRD 2.0.12 ready.<br />
Table master4:<br />
192.168.0.0/24 unicast [direct1 13:48:13.162] * (240)<br />
dev dummy0<br />
192.168.1.0/24 unicast [direct1 13:48:18.015] * (240)<br />
dev dummy1<br />
<br />
<br />
Doublecheck that BIRD is exporting routes to the kernel using '''ip route show protocol bird'''. It should look like the following:<br />
<br />
192.168.0.0/24 dev dummy0 proto bird scope link metric 32<br />
192.168.1.0/24 dev dummy1 proto bird scope link metric 32<br />
<br />
= Basic BGP operations =<br />
<br />
== Setting up your first BGP peering(s) ==<br />
<br />
For each participant you want to setup a peering for, configure a block like below. Replace X.X.X.X and AAAAA with your own details. Replace Y.Y.Y.Y and BBBBB with the details that are used by your peer. Add a descriptive name for PEERNAME.<br />
<br />
protocol bgp PEERNAME {<br />
local X.X.X.X as AAAAA;<br />
neighbor Y.Y.Y.Y as BBBBB;<br />
<br />
ipv4 {<br />
import all;<br />
export all;<br />
};<br />
}<br />
<br />
<br />
Once the peer configuration is added, load the configuration, and doublecheck if the peering is established.<br />
<br />
birdc configure<br />
birdc show protocols<br />
birdc show route<br />
ip route show protocol bird<br />
<br />
== Filtering ==<br />
<br />
Modify the configuration and add an export filter for each peer.<br />
<br />
filter export_to_PEERNAME {<br />
if net ~ [ 192.168.0.0/23{23,24} ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
Next, configure the peer to use the filters for both importing and exporting routes:<br />
<br />
protocol bgp alita {<br />
[...]<br />
<br />
ipv4 {<br />
import all;<br />
export filter export_to_alita;<br />
};<br />
}<br />
<br />
Once you are done, reload the configuration and check your routes again<br />
<br />
birdc configure<br />
birdc show route<br />
ip route show protocol bird<br />
<br />
== Aggregation ==<br />
<br />
Setup a static route which contains both your subnets. Configure the subnet to send host unreachables whenever an ip does not respond to ARP requests.<br />
<br />
protocol static my_network {<br />
ipv4;<br />
route 192.168.0.0/23 unreachable;<br />
}<br />
<br />
<br />
Tighten your export filter for all your peerings so that you only send your aggregated network:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
== BGP hijacking ==<br />
<br />
Configure an extra dummy interface that is configured with an IP address belonging to some peer:<br />
<br />
ip link add type dummy<br />
ip addr add 192.168.2.66/32 dev dummy2<br />
ip link set dummy2 up<br />
<br />
<br />
Modify your export filters to send the hijacked prefix:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
if net ~ [ 192.168.2.66/32 ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
Reload the configuration, and validate that the new route is set:<br />
<br />
birdc configure<br />
birdc show route<br />
ip route show protocol bgp<br />
<br />
=== Preventing BGP hijacking ===<br />
<br />
Modify the import filter for your peer to only accept prefixes that belong to your peer, and use this filter to select routes imported from your peer:<br />
<br />
filter import_from_alita {<br />
if net ~ [ 192.168.6.0/23 ] then accept;<br />
reject;<br />
}<br />
<br />
protocol bgp alita {<br />
[...]<br />
<br />
ipv4 {<br />
import filter import_from_alita;<br />
export filter export_to_alita;<br />
};<br />
}<br />
<br />
Next, reload the configuration, restart the BGP peering and check the routing tables:<br />
<br />
birdc configure<br />
birdc restart alita<br />
birdc show route<br />
<br />
<br />
Once you are done with this excercise, remove the dummy interface you used for hijacking.<br />
<br />
ip link del dummy2<br />
<br />
= Advanced BGP tricks =<br />
<br />
== BGP Anycast ==<br />
<br />
Configure a loopback interface for your service<br />
<br />
ip link add type dummy<br />
<br />
<br />
Configure a health check which manages the anycast ip.<br />
<br />
<br />
#!/usr/bin/env bash<br />
<br />
INTERFACE='dummy2'<br />
IP='192.168.0.42'<br />
<br />
while :; do<br />
if nc -w1 -nz 127.0.0.1 22; then<br />
ip addr add ${IP}/32 dev ${INTERFACE} 2>/dev/null<br />
else<br />
ip addr flush dev ${INTERFACE}<br />
fi<br />
sleep 1<br />
done<br />
<br />
Now start or stop your service. Notice that bird will advertise the service once second after the service starts listening on its port, and stops advertising the address as soon as you stop the service.<br />
<br />
Be sure to tear down the dummy2 interface once you are done, since the next example is incompatible with it.<br />
<br />
ip link del dummy2<br />
<br />
== DDoS migitation using s/RTBH ==<br />
<br />
Modify your export filter(s) so that a BGP community gets added whenever BIRD finds a single ip address belonging to your ip space:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23{32,32} ] then<br />
bgp_community.add((65000,42));<br />
accept;<br />
fi<br />
<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
<br />
reject;<br />
}<br />
<br />
<br />
Modify the import filter of your peers to reject a prefix as soon as it finds the migitation community<br />
<br />
filter import_from_alita {<br />
if ( net ~ [ 192.168.6.0/23{32,32} ] && (65003,42) ~ bgp_community) then {<br />
dest = RTD_UNREACHABLE;<br />
accept;<br />
}<br />
<br />
if net ~ [ 192.168.6.0/23 ] then accept;<br />
<br />
reject;<br />
}<br />
<br />
Reload your configuration. Notice that nothing will change, since you have not tagged any prefix with the migitation community.<br />
<br />
Now, pick an ip address within your range, and ask one of your peers to run a ping towards this ip.<br />
<br />
To activate the migitation, add a static route for an ip address you want to protect, and reload your configuration:<br />
<br />
protocol static my_network {<br />
[...]<br />
<br />
route 192.168.1.1/32 blackhole;<br />
}<br />
<br />
To deactivate the migitation, remove the static route and reload your configuration.</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=BGP_Workshop&diff=1351BGP Workshop2024-07-26T15:32:11Z<p>R3boot: /* Registration */</p>
<hr />
<div>= Introduction =<br />
Ever wondered how to use the protocol that binds the internet together? This workshop will help you understand the basics of BGP, by performing a number of tasks with BGP on a small-scale. We will work with the following subjects:<br />
<br />
* Routing theory<br />
* Setting up a peering<br />
* Route leaks<br />
* Aggregation<br />
* Hijacking<br />
* Anycast<br />
* DDoS migitation (s/RTBH)<br />
<br />
Assumed is that you have an understanding of Linux and the basics of networking (what is an ip, what is a subnet, what is a router, what is a switch).<br />
<br />
== Expectations ==<br />
This workshop will NOT be about internet routing. It will discuss the BGP protocol using a bunch of examples that can be applied to anything that runs BGP. These techniques can be applied on your LAN and over VPN tunnels.<br />
<br />
== Requirements ==<br />
In order to participate in this workshop, you need to have the following:<br />
<br />
* A working Debian system (either virtualized or bare-metal). Other distros will also work.<br />
* A direct connection to the network (no nat, no routed connections)<br />
* BIRD version 2.x, bash, netcat, ping, iproute2<br />
<br />
== Registration ==<br />
Every participant of the workshop needs their own AS number and a prefix. Either add your details to the sheet below, or ask [[User:R3boot|r3boot]] to add you.<br />
<br />
https://docs.nurd.space/sheet/#/2/sheet/edit/IacR4-gLFoetuyrli3JBhIMB/<br />
<br />
= Workshop =<br />
== Setting up your local networks ==<br />
<br />
Create the two networks using iproute2:<br />
<br />
ip link add type dummy<br />
ip link add type dummy<br />
<br />
ip addr add 192.168.0.1/24 dev dummy0<br />
ip addr add 192.168.1.1/24 dev dummy1<br />
<br />
ip link set dummy0 up<br />
ip link set dummy1 up<br />
<br />
Enable ip forwarding<br />
<br />
sysctl -w net.ipv4.ip_forward=1<br />
<br />
<br />
== Setup initial configuration of BIRD ==<br />
<br />
Configure BIRD to read network prefixes from all dummy devices. Do this by editing `/etc/bird/bird.conf`. Replace the current content with the content below. Be sure to replace X.X.X.X with your ip address.<br />
<br />
router id X.X.X.X;<br />
<br />
protocol device { }<br />
<br />
protocol direct {<br />
ipv4;<br />
interface "dummy*";<br />
}<br />
<br />
protocol kernel {<br />
ipv4 {<br />
export all;<br />
};<br />
}<br />
<br />
<br />
== Load and check setup ==<br />
<br />
birdc configure<br />
birdc show route<br />
<br />
A correctly configured BIRD will show a routing table that looks like the one below:<br />
<br />
BIRD 2.0.12 ready.<br />
Table master4:<br />
192.168.0.0/24 unicast [direct1 13:48:13.162] * (240)<br />
dev dummy0<br />
192.168.1.0/24 unicast [direct1 13:48:18.015] * (240)<br />
dev dummy1<br />
<br />
<br />
Doublecheck that BIRD is exporting routes to the kernel using `ip route show protocol bird`. It should look like the following:<br />
<br />
192.168.0.0/24 dev dummy0 proto bird scope link metric 32<br />
192.168.1.0/24 dev dummy1 proto bird scope link metric 32<br />
<br />
<br />
= Basic BGP operations =<br />
<br />
== Setting up your first BGP peering(s) ==<br />
<br />
For each participant you want to setup a peering for, configure a block like below. Replace X.X.X.X and AAAAA with your own details. Replace Y.Y.Y.Y and BBBBB with the details that are used by your peer. Add a descriptive name for PEERNAME.<br />
<br />
protocol bgp PEERNAME {<br />
local X.X.X.X as AAAAA;<br />
neighbor Y.Y.Y.Y as BBBBB;<br />
<br />
ipv4 {<br />
import all;<br />
export all;<br />
};<br />
}<br />
<br />
<br />
Once the peer configuration is added, load the configuration, and doublecheck if the peering is established.<br />
<br />
birdc configure<br />
birdc show protocols<br />
birdc show route<br />
ip route show protocol bird<br />
<br />
== Filtering ==<br />
<br />
Modify the configuration and add an export filter for each peer.<br />
<br />
filter export_to_PEERNAME {<br />
if net ~ [ 192.168.0.0/23{23,24} ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
Next, configure the peer to use the filters for both importing and exporting routes:<br />
<br />
protocol bgp alita {<br />
[...]<br />
<br />
ipv4 {<br />
import all;<br />
export filter export_to_alita;<br />
};<br />
}<br />
<br />
Once you are done, reload the configuration and check your routes again<br />
<br />
birdc configure<br />
birdc show route<br />
ip route show protocol bird<br />
<br />
== Aggregation ==<br />
<br />
Setup a static route which contains both your subnets. Configure the subnet to send host unreachables whenever an ip does not respond to ARP requests.<br />
<br />
protocol static my_network {<br />
ipv4;<br />
route 192.168.0.0/23 unreachable;<br />
}<br />
<br />
<br />
Tighten your export filter for all your peerings so that you only send your aggregated network:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
== BGP hijacking ==<br />
<br />
Configure an extra dummy interface that is configured with an IP address belonging to some peer:<br />
<br />
ip link add type dummy<br />
ip addr add 192.168.2.66/32 dev dummy2<br />
ip link set dummy2 up<br />
<br />
<br />
Modify your export filters to send the hijacked prefix:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
if net ~ [ 192.168.2.66/32 ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
Reload the configuration, and validate that the new route is set:<br />
<br />
birdc configure<br />
birdc show route<br />
ip route show protocol bgp<br />
<br />
=== Preventing BGP hijacking ===<br />
<br />
Modify the import filter for your peer to only accept prefixes that belong to your peer, and use this filter to select routes imported from your peer:<br />
<br />
filter import_from_alita {<br />
if net ~ [ 192.168.6.0/23 ] then accept;<br />
reject;<br />
}<br />
<br />
protocol bgp alita {<br />
[...]<br />
<br />
ipv4 {<br />
import filter import_from_alita;<br />
export filter export_to_alita;<br />
};<br />
}<br />
<br />
Next, reload the configuration, restart the BGP peering and check the routing tables:<br />
<br />
birdc configure<br />
birdc restart alita<br />
birdc show route<br />
<br />
<br />
Once you are done with this excercise, remove the dummy interface you used for hijacking.<br />
<br />
ip link del dummy2<br />
<br />
= Advanced BGP tricks =<br />
<br />
== BGP Anycast ==<br />
<br />
Configure a loopback interface for your service<br />
<br />
ip link add type dummy<br />
<br />
<br />
Configure a health check which manages the anycast ip.<br />
<br />
<br />
#!/usr/bin/env bash<br />
<br />
INTERFACE='dummy2'<br />
IP='192.168.0.42'<br />
<br />
while :; do<br />
if nc -w1 -nz 127.0.0.1 22; then<br />
ip addr add ${IP}/32 dev ${INTERFACE} 2>/dev/null<br />
else<br />
ip addr flush dev ${INTERFACE}<br />
fi<br />
sleep 1<br />
done<br />
<br />
Now start or stop your service. Notice that bird will advertise the service once second after the service starts listening on its port, and stops advertising the address as soon as you stop the service.<br />
<br />
Be sure to tear down the dummy2 interface once you are done, since the next example is incompatible with it.<br />
<br />
ip link del dummy2<br />
<br />
== DDoS migitation using s/RTBH ==<br />
<br />
Modify your export filter(s) so that a BGP community gets added whenever BIRD finds a single ip address belonging to your ip space:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23{32,32} ] then<br />
bgp_community.add((65000,42));<br />
accept;<br />
fi<br />
<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
<br />
reject;<br />
}<br />
<br />
<br />
Modify the import filter of your peers to reject a prefix as soon as it finds the migitation community<br />
<br />
filter import_from_alita {<br />
if ( net ~ [ 192.168.6.0/23{32,32} ] && (65003,42) ~ bgp_community) then {<br />
dest = RTD_UNREACHABLE;<br />
accept;<br />
}<br />
<br />
if net ~ [ 192.168.6.0/23 ] then accept;<br />
<br />
reject;<br />
}<br />
<br />
Reload your configuration. Notice that nothing will change, since you have not tagged any prefix with the migitation community.<br />
<br />
Now, pick an ip address within your range, and ask one of your peers to run a ping towards this ip.<br />
<br />
To activate the migitation, add a static route for an ip address you want to protect, and reload your configuration:<br />
<br />
protocol static my_network {<br />
[...]<br />
<br />
route 192.168.1.1/32 blackhole;<br />
}<br />
<br />
To deactivate the migitation, remove the static route and reload your configuration.</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=BGP_Workshop&diff=1350BGP Workshop2024-07-26T15:31:57Z<p>R3boot: </p>
<hr />
<div>= Introduction =<br />
Ever wondered how to use the protocol that binds the internet together? This workshop will help you understand the basics of BGP, by performing a number of tasks with BGP on a small-scale. We will work with the following subjects:<br />
<br />
* Routing theory<br />
* Setting up a peering<br />
* Route leaks<br />
* Aggregation<br />
* Hijacking<br />
* Anycast<br />
* DDoS migitation (s/RTBH)<br />
<br />
Assumed is that you have an understanding of Linux and the basics of networking (what is an ip, what is a subnet, what is a router, what is a switch).<br />
<br />
== Expectations ==<br />
This workshop will NOT be about internet routing. It will discuss the BGP protocol using a bunch of examples that can be applied to anything that runs BGP. These techniques can be applied on your LAN and over VPN tunnels.<br />
<br />
== Requirements ==<br />
In order to participate in this workshop, you need to have the following:<br />
<br />
* A working Debian system (either virtualized or bare-metal). Other distros will also work.<br />
* A direct connection to the network (no nat, no routed connections)<br />
* BIRD version 2.x, bash, netcat, ping, iproute2<br />
<br />
== Registration ==<br />
Every participant of the workshop needs their own AS number and a prefix. Either add your details to the sheet below, or ask [User:R3boot|r3boot] to add you.<br />
<br />
https://docs.nurd.space/sheet/#/2/sheet/edit/IacR4-gLFoetuyrli3JBhIMB/<br />
<br />
= Workshop =<br />
== Setting up your local networks ==<br />
<br />
Create the two networks using iproute2:<br />
<br />
ip link add type dummy<br />
ip link add type dummy<br />
<br />
ip addr add 192.168.0.1/24 dev dummy0<br />
ip addr add 192.168.1.1/24 dev dummy1<br />
<br />
ip link set dummy0 up<br />
ip link set dummy1 up<br />
<br />
Enable ip forwarding<br />
<br />
sysctl -w net.ipv4.ip_forward=1<br />
<br />
<br />
== Setup initial configuration of BIRD ==<br />
<br />
Configure BIRD to read network prefixes from all dummy devices. Do this by editing `/etc/bird/bird.conf`. Replace the current content with the content below. Be sure to replace X.X.X.X with your ip address.<br />
<br />
router id X.X.X.X;<br />
<br />
protocol device { }<br />
<br />
protocol direct {<br />
ipv4;<br />
interface "dummy*";<br />
}<br />
<br />
protocol kernel {<br />
ipv4 {<br />
export all;<br />
};<br />
}<br />
<br />
<br />
== Load and check setup ==<br />
<br />
birdc configure<br />
birdc show route<br />
<br />
A correctly configured BIRD will show a routing table that looks like the one below:<br />
<br />
BIRD 2.0.12 ready.<br />
Table master4:<br />
192.168.0.0/24 unicast [direct1 13:48:13.162] * (240)<br />
dev dummy0<br />
192.168.1.0/24 unicast [direct1 13:48:18.015] * (240)<br />
dev dummy1<br />
<br />
<br />
Doublecheck that BIRD is exporting routes to the kernel using `ip route show protocol bird`. It should look like the following:<br />
<br />
192.168.0.0/24 dev dummy0 proto bird scope link metric 32<br />
192.168.1.0/24 dev dummy1 proto bird scope link metric 32<br />
<br />
<br />
= Basic BGP operations =<br />
<br />
== Setting up your first BGP peering(s) ==<br />
<br />
For each participant you want to setup a peering for, configure a block like below. Replace X.X.X.X and AAAAA with your own details. Replace Y.Y.Y.Y and BBBBB with the details that are used by your peer. Add a descriptive name for PEERNAME.<br />
<br />
protocol bgp PEERNAME {<br />
local X.X.X.X as AAAAA;<br />
neighbor Y.Y.Y.Y as BBBBB;<br />
<br />
ipv4 {<br />
import all;<br />
export all;<br />
};<br />
}<br />
<br />
<br />
Once the peer configuration is added, load the configuration, and doublecheck if the peering is established.<br />
<br />
birdc configure<br />
birdc show protocols<br />
birdc show route<br />
ip route show protocol bird<br />
<br />
== Filtering ==<br />
<br />
Modify the configuration and add an export filter for each peer.<br />
<br />
filter export_to_PEERNAME {<br />
if net ~ [ 192.168.0.0/23{23,24} ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
Next, configure the peer to use the filters for both importing and exporting routes:<br />
<br />
protocol bgp alita {<br />
[...]<br />
<br />
ipv4 {<br />
import all;<br />
export filter export_to_alita;<br />
};<br />
}<br />
<br />
Once you are done, reload the configuration and check your routes again<br />
<br />
birdc configure<br />
birdc show route<br />
ip route show protocol bird<br />
<br />
== Aggregation ==<br />
<br />
Setup a static route which contains both your subnets. Configure the subnet to send host unreachables whenever an ip does not respond to ARP requests.<br />
<br />
protocol static my_network {<br />
ipv4;<br />
route 192.168.0.0/23 unreachable;<br />
}<br />
<br />
<br />
Tighten your export filter for all your peerings so that you only send your aggregated network:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
== BGP hijacking ==<br />
<br />
Configure an extra dummy interface that is configured with an IP address belonging to some peer:<br />
<br />
ip link add type dummy<br />
ip addr add 192.168.2.66/32 dev dummy2<br />
ip link set dummy2 up<br />
<br />
<br />
Modify your export filters to send the hijacked prefix:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
if net ~ [ 192.168.2.66/32 ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
Reload the configuration, and validate that the new route is set:<br />
<br />
birdc configure<br />
birdc show route<br />
ip route show protocol bgp<br />
<br />
=== Preventing BGP hijacking ===<br />
<br />
Modify the import filter for your peer to only accept prefixes that belong to your peer, and use this filter to select routes imported from your peer:<br />
<br />
filter import_from_alita {<br />
if net ~ [ 192.168.6.0/23 ] then accept;<br />
reject;<br />
}<br />
<br />
protocol bgp alita {<br />
[...]<br />
<br />
ipv4 {<br />
import filter import_from_alita;<br />
export filter export_to_alita;<br />
};<br />
}<br />
<br />
Next, reload the configuration, restart the BGP peering and check the routing tables:<br />
<br />
birdc configure<br />
birdc restart alita<br />
birdc show route<br />
<br />
<br />
Once you are done with this excercise, remove the dummy interface you used for hijacking.<br />
<br />
ip link del dummy2<br />
<br />
= Advanced BGP tricks =<br />
<br />
== BGP Anycast ==<br />
<br />
Configure a loopback interface for your service<br />
<br />
ip link add type dummy<br />
<br />
<br />
Configure a health check which manages the anycast ip.<br />
<br />
<br />
#!/usr/bin/env bash<br />
<br />
INTERFACE='dummy2'<br />
IP='192.168.0.42'<br />
<br />
while :; do<br />
if nc -w1 -nz 127.0.0.1 22; then<br />
ip addr add ${IP}/32 dev ${INTERFACE} 2>/dev/null<br />
else<br />
ip addr flush dev ${INTERFACE}<br />
fi<br />
sleep 1<br />
done<br />
<br />
Now start or stop your service. Notice that bird will advertise the service once second after the service starts listening on its port, and stops advertising the address as soon as you stop the service.<br />
<br />
Be sure to tear down the dummy2 interface once you are done, since the next example is incompatible with it.<br />
<br />
ip link del dummy2<br />
<br />
== DDoS migitation using s/RTBH ==<br />
<br />
Modify your export filter(s) so that a BGP community gets added whenever BIRD finds a single ip address belonging to your ip space:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23{32,32} ] then<br />
bgp_community.add((65000,42));<br />
accept;<br />
fi<br />
<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
<br />
reject;<br />
}<br />
<br />
<br />
Modify the import filter of your peers to reject a prefix as soon as it finds the migitation community<br />
<br />
filter import_from_alita {<br />
if ( net ~ [ 192.168.6.0/23{32,32} ] && (65003,42) ~ bgp_community) then {<br />
dest = RTD_UNREACHABLE;<br />
accept;<br />
}<br />
<br />
if net ~ [ 192.168.6.0/23 ] then accept;<br />
<br />
reject;<br />
}<br />
<br />
Reload your configuration. Notice that nothing will change, since you have not tagged any prefix with the migitation community.<br />
<br />
Now, pick an ip address within your range, and ask one of your peers to run a ping towards this ip.<br />
<br />
To activate the migitation, add a static route for an ip address you want to protect, and reload your configuration:<br />
<br />
protocol static my_network {<br />
[...]<br />
<br />
route 192.168.1.1/32 blackhole;<br />
}<br />
<br />
To deactivate the migitation, remove the static route and reload your configuration.</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=Schedule&diff=1349Schedule2024-07-26T15:30:03Z<p>R3boot: </p>
<hr />
<div><br />
== Timed events ==<br />
<br />
{| class="sortable wikitable smwtable"<br />
! Date & Time !! Length !! Name !! Contact Person !! Village/Location<br />
|-<br />
| 2024-07-24 - 10:00 || ? || Home Automation with Home Assistant || Tezza || TBA<br />
|-<br />
| 2024-07-24 - 14:00 || 2h || Hotplate [[Badge]] soldering workshop || [[User:The0|The0]] || HackCenter<br />
|-<br />
| 2024-07-25 - TBA || ? || Kubernetes 4 Home || Tezza || TBA<br />
|-<br />
| 2024-07-25 - 14:00 || 2h || getting started with [[KiCAD]] walkthrough || [[User:The0|The0]] || [[Villages/Idiopolis|Bormhack]]<br />
|-<br />
| 2024-07-25 - 15:00 || ca. 20 Min. || [[Startup | 10 Gründe, warum du kein Start-Up gründen solltest (Grund 7 wird dich überraschen!)]] || [[User:Jmrtr|jm_rtr]] || Conference Room "Rittersall"<br />
|-<br />
| 2024-07-25 - 16:30 || 1h || From Bits to Qbits: How to use Atoms and Silicon-Carbide for Quantum Networks || Dirk/Guest || rittersall<br />
|-<br />
| 2024-07-26 - 14:00 || ? || Kiffel-Meetup || [[User:Jmrtr|jm_rtr]] || [[Villages/Hacksaar|Hacksaar-Lounge]]<br />
|-<br />
| 2024-07-26 - 15:00 || 2h || Wanderung op eng Buergruine an der Géigend || rice || In front of Stage<br />
|-<br />
| 2024-07-26 - 16:00 || 3h || Programming STM32 on register level || casartar || rittersall<br />
|-<br />
| 2024-07.26 - 17:00 || 30 Min. || Talk: Drachen- und Gleitschirmfliegen || Fredi || [[Villages/Hacksaar|hacksaar]]<br />
|-<br />
| 2024-07-26 - 19:30 || 2h || [[BGP_Workshop|BGP routing workshop]] || [[User:R3boot|"Lex" / r3boot]] || HackCenter<br />
|-<br />
| 2024-07-24 - 10:00 || ? || [[Yoga]] || [[User:Gunstick|Gunstick]] || Yoga spot<br />
|-<br />
| 2024-07-25 - 10:00 || ? || [[Yoga]] || [[User:Gunstick|Gunstick]] || Yoga spot<br />
|-<br />
| 2024-07-26 - 10:00 || ? || [[Yoga]] || [[User:Gunstick|Gunstick]] || Yoga spot<br />
|-<br />
| 2024-07-27 - 10:00 || ? || [[Yoga]] || [[User:Gunstick|Gunstick]] || Yoga spot<br />
|-<br />
| TBD || || [[Privacy Preserving Biometric Two-Cheek Identification|Privacy Preserving Biometric Two-Cheek Identification]] || ZZEPPOSS || TBD<br />
|-<br />
| TBD || || [[Geschichten aus dem Fahrgastbeirat|Geschichten aus dem Fahrgastbeirat]] || [[User:Jmrtr|jm_rtr]] || TBD<br />
|-<br />
|}<br />
<br />
== On Demand ==<br />
{| class="sortable wikitable smwtable"<br />
! Name !! Contact Person !! Village/Location<br />
|-<br />
| [[Massage]] || [[User:Gunstick|Gunstick]] || ask at Infodesk or syn2cat table in hackcenter<br />
|-<br />
| [[Badge]] soldering || [[User:The0|The0]] || [[Villages/Idiopolis|Bormhack]]<br />
|-<br />
| [[OpenSourceVaping]] || iPontus || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[ProfessionalTentRepair]] || [[User:Bigmacfoobar|bigmacfoobar]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[BOS | Einführung in den BOS-Sprechfunk]] || [[User:Jmrtr|jm_rtr]] || [[Villages/Hacksaar | Haxokom @ Hacksaar]]<br />
|-<br />
| [[Soldering USB-C cable tester]] || [[casartar]] || [[Villages/Hacksaar]]<br />
|-<br />
| [[OpenSCAD | The trinity of OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD meow meow]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | Faith based OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD trivia quiz]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | Falun OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD Gong]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD Guru meditation]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | Yin and Yang of OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | Functional Fallacy with OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | The world according to OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | Holy OpenSCAD scripture]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | Myths, Madness and Mayhem:OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD in large, friendly letters]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | A demagogue's view on the history of OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | Design and implementation of the functional INTERCAL programming language]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD for crash test idiots]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | Never mind OpenSCAD - MSPAINT everything]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD OS with embedded EMACS I]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD OS with embedded EMACS IV]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD for vegetarians]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD for veteranarians]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD for vegetables]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD for veterans]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD for vegeteranarianseblerans]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | The Good, The Bad and The OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|}<br />
<br />
== Stage ==<br />
<br />
Stage is available from 10am until 1am.<br />
<br />
General: Please keep Volume also of your music devices moderate during sleeping times 1am to 10am.<br />
<br />
Update<br />
<br />
'''Volume Regulations:'''<br />
<br />
9:00 - 12:00 fixed: breakfast low background music<br />
<br />
12:00 - 19:00 only low Volume background music<br />
<br />
19:00 - 01:00 volume may raise during the evening<br />
<br />
<br />
No Performances between 10am and 4pm (10:00 - 16:00)<br />
<br />
Don't forget to post your handwritten performance also on the infobard at the hackcenter.<br />
<br />
<br />
<br />
{| class="sortable wikitable smwtable"<br />
! Date & Time !! Name !! What !! Type<br />
|-<br />
| 2024-07-24 - 19:00-21:00 || Gunstick || Atari Underground Chiptune Resistance || DJ<br />
|-<br />
| 2024-07-24 - 21:00-23:00 || MADTIXX || Eröffnungsball / Opening Dance Gala || DJ<br />
|-<br />
| 2024-07-25 - 18:00-20:00 || golo || Surf-Punk || Musician<br />
|-<br />
| 2024-07-25 - 20:00-22:00 || mase || Hardcore-Punk || Musician<br />
|-<br />
| 2024-07-25 - 22:00-00:00 || Hacksaar Veranstaltungsgesellschaft || punk, deutschpunk, postpunk, elektropunk, liedermaching, helge || Music collectiv<br />
|-<br />
| 2024-07-26 - 21:00-23:00 || Aluburkaseinbruder|| dnb || DJ<br />
|-<br />
| 2024-07-26 - 23:00-01:00 || l33tc0re || Techno, hard Techno ... || DJ<br />
|-<br />
| 2024-07-27 - 22:00-0:00 || MADTIXX || Gentle Hard Dance FuckUp || DJ<br />
|-<br />
|}</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=Schedule&diff=1348Schedule2024-07-26T15:29:46Z<p>R3boot: </p>
<hr />
<div><br />
== Timed events ==<br />
<br />
{| class="sortable wikitable smwtable"<br />
! Date & Time !! Length !! Name !! Contact Person !! Village/Location<br />
|-<br />
| 2024-07-24 - 10:00 || ? || Home Automation with Home Assistant || Tezza || TBA<br />
|-<br />
| 2024-07-24 - 14:00 || 2h || Hotplate [[Badge]] soldering workshop || [[User:The0|The0]] || HackCenter<br />
|-<br />
| 2024-07-25 - TBA || ? || Kubernetes 4 Home || Tezza || TBA<br />
|-<br />
| 2024-07-25 - 14:00 || 2h || getting started with [[KiCAD]] walkthrough || [[User:The0|The0]] || [[Villages/Idiopolis|Bormhack]]<br />
|-<br />
| 2024-07-25 - 15:00 || ca. 20 Min. || [[Startup | 10 Gründe, warum du kein Start-Up gründen solltest (Grund 7 wird dich überraschen!)]] || [[User:Jmrtr|jm_rtr]] || Conference Room "Rittersall"<br />
|-<br />
| 2024-07-25 - 16:30 || 1h || From Bits to Qbits: How to use Atoms and Silicon-Carbide for Quantum Networks || Dirk/Guest || rittersall<br />
|-<br />
| 2024-07-26 - 14:00 || ? || Kiffel-Meetup || [[User:Jmrtr|jm_rtr]] || [[Villages/Hacksaar|Hacksaar-Lounge]]<br />
|-<br />
| 2024-07-26 - 15:00 || 2h || Wanderung op eng Buergruine an der Géigend || rice || In front of Stage<br />
|-<br />
| 2024-07-26 - 16:00 || 3h || Programming STM32 on register level || casartar || rittersall<br />
|-<br />
| 2024-07.26 - 17:00 || 30 Min. || Talk: Drachen- und Gleitschirmfliegen || Fredi || [[Villages/Hacksaar|hacksaar]]<br />
|-<br />
| 2024-07-26 - 19:30 || 1.5h~2h || [[BGP_Workshop|BGP routing workshop]] || [[User:R3boot|"Lex" / r3boot]] || HackCenter<br />
|-<br />
| 2024-07-24 - 10:00 || ? || [[Yoga]] || [[User:Gunstick|Gunstick]] || Yoga spot<br />
|-<br />
| 2024-07-25 - 10:00 || ? || [[Yoga]] || [[User:Gunstick|Gunstick]] || Yoga spot<br />
|-<br />
| 2024-07-26 - 10:00 || ? || [[Yoga]] || [[User:Gunstick|Gunstick]] || Yoga spot<br />
|-<br />
| 2024-07-27 - 10:00 || ? || [[Yoga]] || [[User:Gunstick|Gunstick]] || Yoga spot<br />
|-<br />
| TBD || || [[Privacy Preserving Biometric Two-Cheek Identification|Privacy Preserving Biometric Two-Cheek Identification]] || ZZEPPOSS || TBD<br />
|-<br />
| TBD || || [[Geschichten aus dem Fahrgastbeirat|Geschichten aus dem Fahrgastbeirat]] || [[User:Jmrtr|jm_rtr]] || TBD<br />
|-<br />
|}<br />
<br />
== On Demand ==<br />
{| class="sortable wikitable smwtable"<br />
! Name !! Contact Person !! Village/Location<br />
|-<br />
| [[Massage]] || [[User:Gunstick|Gunstick]] || ask at Infodesk or syn2cat table in hackcenter<br />
|-<br />
| [[Badge]] soldering || [[User:The0|The0]] || [[Villages/Idiopolis|Bormhack]]<br />
|-<br />
| [[OpenSourceVaping]] || iPontus || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[ProfessionalTentRepair]] || [[User:Bigmacfoobar|bigmacfoobar]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[BOS | Einführung in den BOS-Sprechfunk]] || [[User:Jmrtr|jm_rtr]] || [[Villages/Hacksaar | Haxokom @ Hacksaar]]<br />
|-<br />
| [[Soldering USB-C cable tester]] || [[casartar]] || [[Villages/Hacksaar]]<br />
|-<br />
| [[OpenSCAD | The trinity of OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD meow meow]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | Faith based OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD trivia quiz]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | Falun OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD Gong]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD Guru meditation]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | Yin and Yang of OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | Functional Fallacy with OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | The world according to OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | Holy OpenSCAD scripture]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | Myths, Madness and Mayhem:OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD in large, friendly letters]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | A demagogue's view on the history of OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | Design and implementation of the functional INTERCAL programming language]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD for crash test idiots]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | Never mind OpenSCAD - MSPAINT everything]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD OS with embedded EMACS I]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD OS with embedded EMACS IV]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD for vegetarians]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD for veteranarians]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD for vegetables]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD for veterans]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | OpenSCAD for vegeteranarianseblerans]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|-<br />
| [[OpenSCAD | The Good, The Bad and The OpenSCAD]] || [[User:BusyBee]] || [[Villages/Idiopolis|Idiopolis]]<br />
|}<br />
<br />
== Stage ==<br />
<br />
Stage is available from 10am until 1am.<br />
<br />
General: Please keep Volume also of your music devices moderate during sleeping times 1am to 10am.<br />
<br />
Update<br />
<br />
'''Volume Regulations:'''<br />
<br />
9:00 - 12:00 fixed: breakfast low background music<br />
<br />
12:00 - 19:00 only low Volume background music<br />
<br />
19:00 - 01:00 volume may raise during the evening<br />
<br />
<br />
No Performances between 10am and 4pm (10:00 - 16:00)<br />
<br />
Don't forget to post your handwritten performance also on the infobard at the hackcenter.<br />
<br />
<br />
<br />
{| class="sortable wikitable smwtable"<br />
! Date & Time !! Name !! What !! Type<br />
|-<br />
| 2024-07-24 - 19:00-21:00 || Gunstick || Atari Underground Chiptune Resistance || DJ<br />
|-<br />
| 2024-07-24 - 21:00-23:00 || MADTIXX || Eröffnungsball / Opening Dance Gala || DJ<br />
|-<br />
| 2024-07-25 - 18:00-20:00 || golo || Surf-Punk || Musician<br />
|-<br />
| 2024-07-25 - 20:00-22:00 || mase || Hardcore-Punk || Musician<br />
|-<br />
| 2024-07-25 - 22:00-00:00 || Hacksaar Veranstaltungsgesellschaft || punk, deutschpunk, postpunk, elektropunk, liedermaching, helge || Music collectiv<br />
|-<br />
| 2024-07-26 - 21:00-23:00 || Aluburkaseinbruder|| dnb || DJ<br />
|-<br />
| 2024-07-26 - 23:00-01:00 || l33tc0re || Techno, hard Techno ... || DJ<br />
|-<br />
| 2024-07-27 - 22:00-0:00 || MADTIXX || Gentle Hard Dance FuckUp || DJ<br />
|-<br />
|}</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=BGP_Workshop&diff=1347BGP Workshop2024-07-26T15:09:47Z<p>R3boot: </p>
<hr />
<div>= Introduction =<br />
Ever wondered how to use the protocol that binds the internet together? This workshop will help you understand the basics of BGP, by performing a number of tasks with BGP on a small-scale. We will work with the following subjects:<br />
<br />
* Routing theory<br />
* Setting up a peering<br />
* Route leaks<br />
* Aggregation<br />
* Hijacking<br />
* Anycast<br />
* DDoS migitation (s/RTBH)<br />
<br />
Assumed is that you have an understanding of Linux and the basics of networking (what is an ip, what is a subnet, what is a router, what is a switch).<br />
<br />
== Expectations ==<br />
This workshop will NOT be about internet routing. It will discuss the BGP protocol using a bunch of examples that can be applied to anything that runs BGP. These techniques can be applied on your LAN and over VPN tunnels.<br />
<br />
== Requirements ==<br />
In order to participate in this workshop, you need to have the following:<br />
<br />
* A working Debian system (either virtualized or bare-metal). Other distros will also work.<br />
* A direct connection to the network (no nat, no routed connections)<br />
* BIRD version 2.x, bash, netcat, ping, iproute2<br />
<br />
== Registration ==<br />
Every participant of the workshop will receive a temporarily and private AS number and two private networks. During the workshop, we will create an "Internet" with these details. In order to register, ping r3boot on IRC or send an email to r3boot at r3blog dot nl, and I will add you to the list below:<br />
<br />
https://docs.nurd.space/sheet/#/2/sheet/edit/IacR4-gLFoetuyrli3JBhIMB/<br />
<br />
= Workshop =<br />
== Setting up your local networks ==<br />
<br />
Create the two networks using iproute2:<br />
<br />
ip link add type dummy<br />
ip link add type dummy<br />
<br />
ip addr add 192.168.0.1/24 dev dummy0<br />
ip addr add 192.168.1.1/24 dev dummy1<br />
<br />
ip link set dummy0 up<br />
ip link set dummy1 up<br />
<br />
Enable ip forwarding<br />
<br />
sysctl -w net.ipv4.ip_forward=1<br />
<br />
<br />
== Setup initial configuration of BIRD ==<br />
<br />
Configure BIRD to read network prefixes from all dummy devices. Do this by editing `/etc/bird/bird.conf`. Replace the current content with the content below. Be sure to replace X.X.X.X with your ip address.<br />
<br />
router id X.X.X.X;<br />
<br />
protocol device { }<br />
<br />
protocol direct {<br />
ipv4;<br />
interface "dummy*";<br />
}<br />
<br />
protocol kernel {<br />
ipv4 {<br />
export all;<br />
};<br />
}<br />
<br />
<br />
== Load and check setup ==<br />
<br />
birdc configure<br />
birdc show route<br />
<br />
A correctly configured BIRD will show a routing table that looks like the one below:<br />
<br />
BIRD 2.0.12 ready.<br />
Table master4:<br />
192.168.0.0/24 unicast [direct1 13:48:13.162] * (240)<br />
dev dummy0<br />
192.168.1.0/24 unicast [direct1 13:48:18.015] * (240)<br />
dev dummy1<br />
<br />
<br />
Doublecheck that BIRD is exporting routes to the kernel using `ip route show protocol bird`. It should look like the following:<br />
<br />
192.168.0.0/24 dev dummy0 proto bird scope link metric 32<br />
192.168.1.0/24 dev dummy1 proto bird scope link metric 32<br />
<br />
<br />
= Basic BGP operations =<br />
<br />
== Setting up your first BGP peering(s) ==<br />
<br />
For each participant you want to setup a peering for, configure a block like below. Replace X.X.X.X and AAAAA with your own details. Replace Y.Y.Y.Y and BBBBB with the details that are used by your peer. Add a descriptive name for PEERNAME.<br />
<br />
protocol bgp PEERNAME {<br />
local X.X.X.X as AAAAA;<br />
neighbor Y.Y.Y.Y as BBBBB;<br />
<br />
ipv4 {<br />
import all;<br />
export all;<br />
};<br />
}<br />
<br />
<br />
Once the peer configuration is added, load the configuration, and doublecheck if the peering is established.<br />
<br />
birdc configure<br />
birdc show protocols<br />
birdc show route<br />
ip route show protocol bird<br />
<br />
== Filtering ==<br />
<br />
Modify the configuration and add an export filter for each peer.<br />
<br />
filter export_to_PEERNAME {<br />
if net ~ [ 192.168.0.0/23{23,24} ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
Next, configure the peer to use the filters for both importing and exporting routes:<br />
<br />
protocol bgp alita {<br />
[...]<br />
<br />
ipv4 {<br />
import all;<br />
export filter export_to_alita;<br />
};<br />
}<br />
<br />
Once you are done, reload the configuration and check your routes again<br />
<br />
birdc configure<br />
birdc show route<br />
ip route show protocol bird<br />
<br />
== Aggregation ==<br />
<br />
Setup a static route which contains both your subnets. Configure the subnet to send host unreachables whenever an ip does not respond to ARP requests.<br />
<br />
protocol static my_network {<br />
ipv4;<br />
route 192.168.0.0/23 unreachable;<br />
}<br />
<br />
<br />
Tighten your export filter for all your peerings so that you only send your aggregated network:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
== BGP hijacking ==<br />
<br />
Configure an extra dummy interface that is configured with an IP address belonging to some peer:<br />
<br />
ip link add type dummy<br />
ip addr add 192.168.2.66/32 dev dummy2<br />
ip link set dummy2 up<br />
<br />
<br />
Modify your export filters to send the hijacked prefix:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
if net ~ [ 192.168.2.66/32 ] then accept;<br />
reject;<br />
}<br />
<br />
<br />
Reload the configuration, and validate that the new route is set:<br />
<br />
birdc configure<br />
birdc show route<br />
ip route show protocol bgp<br />
<br />
=== Preventing BGP hijacking ===<br />
<br />
Modify the import filter for your peer to only accept prefixes that belong to your peer, and use this filter to select routes imported from your peer:<br />
<br />
filter import_from_alita {<br />
if net ~ [ 192.168.6.0/23 ] then accept;<br />
reject;<br />
}<br />
<br />
protocol bgp alita {<br />
[...]<br />
<br />
ipv4 {<br />
import filter import_from_alita;<br />
export filter export_to_alita;<br />
};<br />
}<br />
<br />
Next, reload the configuration, restart the BGP peering and check the routing tables:<br />
<br />
birdc configure<br />
birdc restart alita<br />
birdc show route<br />
<br />
<br />
Once you are done with this excercise, remove the dummy interface you used for hijacking.<br />
<br />
ip link del dummy2<br />
<br />
= Advanced BGP tricks =<br />
<br />
== BGP Anycast ==<br />
<br />
Configure a loopback interface for your service<br />
<br />
ip link add type dummy<br />
<br />
<br />
Configure a health check which manages the anycast ip.<br />
<br />
<br />
#!/usr/bin/env bash<br />
<br />
INTERFACE='dummy2'<br />
IP='192.168.0.42'<br />
<br />
while :; do<br />
if nc -w1 -nz 127.0.0.1 22; then<br />
ip addr add ${IP}/32 dev ${INTERFACE} 2>/dev/null<br />
else<br />
ip addr flush dev ${INTERFACE}<br />
fi<br />
sleep 1<br />
done<br />
<br />
Now start or stop your service. Notice that bird will advertise the service once second after the service starts listening on its port, and stops advertising the address as soon as you stop the service.<br />
<br />
Be sure to tear down the dummy2 interface once you are done, since the next example is incompatible with it.<br />
<br />
ip link del dummy2<br />
<br />
== DDoS migitation using s/RTBH ==<br />
<br />
Modify your export filter(s) so that a BGP community gets added whenever BIRD finds a single ip address belonging to your ip space:<br />
<br />
filter export_to_alita {<br />
if net ~ [ 192.168.0.0/23{32,32} ] then<br />
bgp_community.add((65000,42));<br />
accept;<br />
fi<br />
<br />
if net ~ [ 192.168.0.0/23 ] then accept;<br />
<br />
reject;<br />
}<br />
<br />
<br />
Modify the import filter of your peers to reject a prefix as soon as it finds the migitation community<br />
<br />
filter import_from_alita {<br />
if ( net ~ [ 192.168.6.0/23{32,32} ] && (65003,42) ~ bgp_community) then {<br />
dest = RTD_UNREACHABLE;<br />
accept;<br />
}<br />
<br />
if net ~ [ 192.168.6.0/23 ] then accept;<br />
<br />
reject;<br />
}<br />
<br />
Reload your configuration. Notice that nothing will change, since you have not tagged any prefix with the migitation community.<br />
<br />
Now, pick an ip address within your range, and ask one of your peers to run a ping towards this ip.<br />
<br />
To activate the migitation, add a static route for an ip address you want to protect, and reload your configuration:<br />
<br />
protocol static my_network {<br />
[...]<br />
<br />
route 192.168.1.1/32 blackhole;<br />
}<br />
<br />
To deactivate the migitation, remove the static route and reload your configuration.</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=BGP_Workshop&diff=1346BGP Workshop2024-07-26T11:25:34Z<p>R3boot: </p>
<hr />
<div>=== Introduction ===<br />
Ever wondered how to use the protocol that binds the internet together? This workshop will help you understand the basics of BGP, by performing a number of tasks with BGP on a small-scale. We will work with the following subjects:<br />
<br />
* Routing theory<br />
* Setting up a peering<br />
* Route leaks<br />
* Aggregation<br />
* Hijacking<br />
* DDoS migitation (s/RTBH)<br />
<br />
Assumed is that you have an understanding of Linux and the basics of networking (what is an ip, what is a subnet, what is a router, what is a switch).<br />
<br />
'''IMPORTANT! You need to register for this workshop (see below), since it requires planning and preparation in advance.<br />
'''<br />
=== Requirements ===<br />
In order to participate in this workshop, you need to have the following:<br />
<br />
* A working Debian system (either virtualized or bare-metal). Other distros will also work.<br />
* A direct connection to the network (no nat, no routed connections)<br />
<br />
=== Planning ===<br />
Due to the amount of configuration needed multiplied by the number of participants, there might be more then one workshop, or the workshop will be split up into a single talk and multiple workshop parts.<br />
<br />
=== Registration ===<br />
Every participant of the workshop will receive a temporarily and private AS number and two private networks. During the workshop, we will create an "Internet" with these details. In order to register, ping r3boot on IRC or send an email to r3boot at r3blog dot nl, and I will add you to the list below:<br />
<br />
{|<br />
! style="text-align: left; width: 10%"| Neighbor<br />
! style="text-align: left; width: 10%"| IP<br />
! style="text-align: left; width: 10%"| AS<br />
! style="text-align: left; width: 15%"| Prefix<br />
! style="text-align: left; width: 15%"| Subnet 1<br />
! style="text-align: left; width: 15%"| Subnet 2<br />
|-<br />
| r3boot<br />
|<br />
| 65001<br />
| 192.168.0.0/23<br />
| 192.168.0.0/24<br />
| 192.168.1.0/24<br />
|-<br />
| Marden<br />
|<br />
| 65001<br />
| 192.168.2.0/23<br />
| 192.168.2.0/24<br />
| 192.168.3.0/24<br />
|-<br />
| Marden<br />
|<br />
| 65002<br />
| 192.168.4.0/23<br />
| 192.168.4.0/24<br />
| 192.168.5.0/24<br />
|-<br />
| r3boot<br />
|<br />
| 65003<br />
| 192.168.6.0/23<br />
| 192.168.6.0/24<br />
| 192.168.7.0/24<br />
|}<br />
<br />
=== Router requirements ===<br />
TBA</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=Network&diff=1294Network2024-07-24T14:35:38Z<p>R3boot: /* FTP */</p>
<hr />
<div>== Internet connection ==<br />
<br />
== Wireless ==<br />
=== SSIDs ===<br />
* HaxoGreen_2024_NOC<br />
* HaxoGreen_2024<br />
** WPA2 Personal<br />
** Password: <code>h4x0gr33n2024</code><br />
=== wpa_supplicant ===<br />
<br />
network={<br />
ssid="HaxoGreen_2024"<br />
psk="h4x0gr33n2024"<br />
}<br />
<br />
== Wired ==<br />
We are providing gigabit ethernet at the two datenklos and on the hackcenter desks.<br />
<br />
=== Static DHCP lease ===<br />
If you want to provide a service to the outside world or need an IP address which doesn't change, you can get a static DHCP lease. Please contact noc[_at_]haxogreen.lu with a MAC address and we'll set you up. Also you don't need to wait until you're on site, just throw a MAC at us and your personal IP will be waiting for you when you arrive.<br />
<br />
=== Colocation ===<br />
You can bring a server and colocate it in the NOC. If you want to do that please send us a MAC address and leave it on DHCP.<br />
<br />
== FTP ==<br />
There is a camp FTP server.<br />
<br />
* Host: <code>ftp.camp.haxogreen.lu</code><br />
* Protocol:<br />
** <code>ftp/24</code><br />
** <code>sftp/2024</code><br />
* Login: <code>haxogreen/haxogreen</code><br />
* Two folders<br />
** <code>camp_photos</code>: upload your pictures for sharing with other camp attendees<br />
** <code>other</code>: upload whatever you want<br />
* Restrictions<br />
** no delete permitted in photos folder (shared with everybody), ping Infodesk if removal is needed<br />
** only accessible within the camp<br />
** only upload stuff that you have permission to<br />
<br />
=== Party FTP server ===<br />
'''<br />
▓▓<br />
░░ ▓▓▓▓░░<br />
░░▒▒▓▓░░ ▓▓▓▓▓▓▓▓▓▓▓▓<br />
░░▓▓░░▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓<br />
░░▓▓ ▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓<br />
▒▒▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓<br />
░░ ▒▒▒▒▒▒ ░░ ░░ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓<br />
▓▓▒▒ ▓▓▒▒▒▒ ▓▓████ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓<br />
▓▓▓▓▒▒ ▓▓░░▓▓ ██████ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓<br />
░░▓▓▓▓▒▒░░▓▓░░▓▓▒▒░░ ▓▓▓▓░░░░ ██████▒▒ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓<br />
▒▒▓▓▒▒░░▓▓██████████ ░░ ▓▓▒▒ ▓▓▒▒ ████████████████ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓<br />
▒▒▓▓██████████████████ ▒▒░░▓▓▒▒ ▓▓▒▒ ████████████▒▒ ░░░░ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓<br />
▓▓▓▓██▓▓ ████▓▓ ▓▓░░▓▓▓▓▒▒ ▒▒██████ ██████ ▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓<br />
▒▒██████ ██████ ░░██████ ██████▓▓ ▓▓████▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓<br />
░░██████ ██████ ░░ ██████ ▓▓██████ ██████ ▓▓▓▓▓▓▓▓▓▓▓▓<br />
██████ ░░██▓▓▒▒ ░░████████▒▒ ░░▒▒ ▒▒██▓▓ ██████ ░░██████ ██████▓▓ ▓▓▓▓▓▓▓▓▓▓▓▓<br />
████████░░▒▒▓▓██████ ▓▓████████████▒▒ ████░░██████ ██████ ██████ ██████ ▓▓▓▓▓▓▓▓▓▓<br />
▓▓██████████████▓▓ ▓▓████ ████ ██████▒▒ ██████ ████ ▓▓████▒▒ ▓▓▓▓▓▓▓▓░░<br />
░░████████▒▒░░ ████ ██████ ████████ ▒▒ ██████░░██████ ▓▓▓▓▓▓▓▓<br />
██████ ▒▒▓▓████████ ▓▓████ ▓▓██████████ ██████▓▓████▓▓ ▒▒▓▓▓▓<br />
██████ ██████████▓▓████ ██████ ██████████ ▓▓██████████ ▓▓<br />
▓▓████▒▒ ██████ ████ ████ ▒▒████████░░ ▒▒<br />
▒▒████▓▓ ██████ ████ ░░████ ██████▓▓<br />
██████ ██████▓▓██████████ ████░░ ░░██████ ░░ ░░<br />
██████████▓▓████ ██▓▓▓▓██████▓▓ ░░▓▓▓▓▓▓▓▓▓▓░░<br />
░░██░░ ████████████ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓<br />
██████████▒▒ ▓▓▓▓░░▓▓░░▓▓▓▓▓▓▓▓<br />
░░▓▓▓▓▓▓░░ ▓▓▒▒▓▓▓▓▓▓░░▓▓▓▓▓▓<br />
▓▓▒▒▓▓▓▓▓▓▒▒▓▓▓▓▓▓<br />
▓▓▓▓▓▓▒▒▓▓░░▓▓▓▓▓▓<br />
▓▓▓▓▓▓▓▓ ▓▓▓▓▓▓▓▓<br />
▓▓▒▒▓▓▓▓▓▓▓▓▓▓▓▓<br />
▒▒▓▓▓▓▓▓▓▓▓▓▓▓ <br />
<br />
-=[ like its 1997 ]=-<br />
<br />
<br />
Visit 151.216.41.47 with FTP, HTTP or RSYNC.<br />
'''<br />
<br />
== Dashboard ==<br />
Graph ALL the things at [https://mon.camp.haxogreen.lu/dashboards Dashboard ↗️]</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=BGP_Workshop&diff=1215BGP Workshop2024-07-22T07:28:17Z<p>R3boot: </p>
<hr />
<div>=== Introduction ===<br />
Ever wondered how to use the protocol that binds the internet together? This workshop will help you understand the basics of BGP, by performing a number of tasks with BGP on a small-scale. We will work with the following subjects:<br />
<br />
* Routing theory<br />
* Setting up a peering<br />
* Route leaks<br />
* Aggregation<br />
* Hijacking<br />
* DDoS migitation (s/RTBH)<br />
<br />
Assumed is that you have an understanding of Linux and the basics of networking (what is an ip, what is a subnet, what is a router, what is a switch).<br />
<br />
'''IMPORTANT! You need to register for this workshop (see below), since it requires planning and preparation in advance.<br />
'''<br />
=== Requirements ===<br />
In order to participate in this workshop, you need to have the following:<br />
<br />
* A working Debian system (either virtualized or bare-metal). Other distros will also work.<br />
* A direct connection to the network (no nat, no routed connections)<br />
<br />
=== Planning ===<br />
Due to the amount of configuration needed multiplied by the number of participants, there might be more then one workshop, or the workshop will be split up into a single talk and multiple workshop parts.<br />
<br />
=== Registration ===<br />
Every participant of the workshop will receive a temporarily and private AS number and two private networks. During the workshop, we will create an "Internet" with these details. In order to register, ping r3boot on IRC or send an email to r3boot at r3blog dot nl, and I will add you to the list below:<br />
<br />
{|<br />
! style="text-align: left; width: 10%"| Neighbor<br />
! style="text-align: left; width: 10%"| IP<br />
! style="text-align: left; width: 10%"| AS<br />
! style="text-align: left; width: 15%"| Prefix<br />
! style="text-align: left; width: 15%"| Subnet 1<br />
! style="text-align: left; width: 15%"| Subnet 2<br />
|-<br />
| r3boot<br />
|<br />
| 65001<br />
| 192.168.0.0/23<br />
| 192.168.0.0/24<br />
| 192.168.1.0/24<br />
|-<br />
| Marden<br />
|<br />
| 65001<br />
| 192.168.2.0/23<br />
| 192.168.2.0/24<br />
| 192.168.3.0/24<br />
|-<br />
| Marden<br />
|<br />
| 65002<br />
| 192.168.4.0/23<br />
| 192.168.4.0/24<br />
| 192.168.5.0/24<br />
|-<br />
|}<br />
<br />
=== Router requirements ===<br />
TBA</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=Schedule&diff=1178Schedule2024-07-15T11:54:26Z<p>R3boot: </p>
<hr />
<div><br />
Timed events<br />
<br />
{| class="sortable wikitable smwtable"<br />
! Date & Time !! Length !! Name !! Contact Person !! Village/Location<br />
|-<br />
| 2024-07-24 - 10:00 || ? || Home Automation with Home Assistant || Tezza || TBA<br />
|-<br />
| 2024-07-24 - 14:00 || 2h || Hotplate [[Badge]] soldering workshop || The0 || [[Villages/Idiopolis|Bormhack]]<br />
|-<br />
| 2024-07-25 - 10:00 || ? || Kubernetes 4 Home || Tezza || TBA<br />
|-<br />
| 2024-07-25 - 14:00 || 2h || getting started with [[KiCAD]] walkthrough || The0 || [[Villages/Idiopolis|Bormhack]]<br />
|-<br />
| 2024-07-?? - ??:?? || 2h || [[BGP_Workshop|BGP routing workshop]] (registration required) || [[User:R3boot|"Lex" / r3boot]] || TBA<br />
|-<br />
| 2024-07-26 - 10:00 || ? || Running your own server @ home || Tezza || TBA<br />
|-<br />
| 2024-07-24 - 10:00 || ? || [[Yoga]] || [[User:Gunstick|Gunstick]] || Yoga spot<br />
|-<br />
| 2024-07-25 - 10:00 || ? || [[Yoga]] || [[User:Gunstick|Gunstick]] || Yoga spot<br />
|-<br />
| 2024-07-26 - 10:00 || ? || [[Yoga]] || [[User:Gunstick|Gunstick]] || Yoga spot<br />
|-<br />
| 2024-07-27 - 10:00 || ? || [[Yoga]] || [[User:Gunstick|Gunstick]] || Yoga spot<br />
|-<br />
|}<br />
<br />
On Demand<br />
{| class="sortable wikitable smwtable"<br />
! Name !! Contact Person !! Village/Location<br />
|-<br />
| [[Massage]] || [[User:Gunstick|Gunstick]] || ask at Infodesk or syn2cat table in hackcenter<br />
|-<br />
| [[Badge]] soldering || [[User:The0|The0]] || [[Villages/Idiopolis|Bormhack]]<br />
|}<br />
<br />
Stage<br />
{| class="sortable wikitable smwtable"<br />
! Date & Time !! Name !! Type<br />
|-<br />
| 2024-07-24 - 20:00-22:00 || MADTIXX || DJ<br />
|-<br />
| 2024-07-25 - 20:00-20:00 || 24Hrs of AI generated hardstyle-mongolian throatsinging-polka-reggae fusion mahem &brvbar; TBA || AI &brvbar; TBA<br />
|-<br />
| 2024-07-26 - 20:00-22:00 || Aluburkaseinbruder|| DJ<br />
|-<br />
| 2024-07-26 - 22:00-0:00 || l33tc0re || DJ<br />
|-<br />
| 2024-07-27 - 22:00-0:00 || MADTIXX || DJ<br />
|-<br />
|}</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=BGP_Workshop&diff=1177BGP Workshop2024-07-15T11:52:41Z<p>R3boot: /* Requirements */</p>
<hr />
<div>=== Introduction ===<br />
Ever wondered how to use the protocol that binds the internet together? This workshop will help you understand the basics of BGP, by performing a number of tasks with BGP on a small-scale. We will work with the following subjects:<br />
<br />
* Routing theory<br />
* Setting up a peering<br />
* Route leaks<br />
* Aggregation<br />
* Hijacking<br />
* DDoS migitation (s/RTBH)<br />
<br />
Assumed is that you have an understanding of Linux and the basics of networking (what is an ip, what is a subnet, what is a router, what is a switch).<br />
<br />
'''IMPORTANT! You need to register for this workshop (see below), since it requires planning and preparation in advance.<br />
'''<br />
=== Requirements ===<br />
In order to participate in this workshop, you need to have the following:<br />
<br />
* A working Debian system (either virtualized or bare-metal). Other distros will also work.<br />
* A direct connection to the network (no nat, no routed connections)<br />
<br />
=== Planning ===<br />
Due to the amount of configuration needed multiplied by the number of participants, there might be more then one workshop, or the workshop will be split up into a single talk and multiple workshop parts.<br />
<br />
=== Registration ===<br />
Every participant of the workshop will receive a temporarily and private AS number and two private networks. During the workshop, we will create an "Internet" with these details. In order to register, ping r3boot on IRC or send an email to r3boot at r3blog dot nl, and I will add you to the list below:<br />
<br />
{|<br />
! style="text-align: left; width: 10%"| Neighbor<br />
! style="text-align: left; width: 10%"| IP<br />
! style="text-align: left; width: 10%"| AS<br />
! style="text-align: left; width: 15%"| Prefix<br />
! style="text-align: left; width: 15%"| Subnet 1<br />
! style="text-align: left; width: 15%"| Subnet 2<br />
|-<br />
| r3boot<br />
|<br />
| 65001<br />
| 192.168.0.0/23<br />
| 192.168.0.0/24<br />
| 192.168.1.0/24<br />
|-<br />
|}<br />
<br />
=== Router requirements ===<br />
TBA</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=BGP_Workshop&diff=1176BGP Workshop2024-07-15T11:50:20Z<p>R3boot: </p>
<hr />
<div>=== Introduction ===<br />
Ever wondered how to use the protocol that binds the internet together? This workshop will help you understand the basics of BGP, by performing a number of tasks with BGP on a small-scale. We will work with the following subjects:<br />
<br />
* Routing theory<br />
* Setting up a peering<br />
* Route leaks<br />
* Aggregation<br />
* Hijacking<br />
* DDoS migitation (s/RTBH)<br />
<br />
Assumed is that you have an understanding of Linux and the basics of networking (what is an ip, what is a subnet, what is a router, what is a switch).<br />
<br />
'''IMPORTANT! You need to register for this workshop (see below), since it requires planning and preparation in advance.<br />
'''<br />
=== Requirements ===<br />
In order to participate in this workshop, you need to have the following:<br />
<br />
* A working Debian system (either virtualized or bare-metal)<br />
* A direct connection to the network (no nat, no routed connections)<br />
<br />
=== Planning ===<br />
Due to the amount of configuration needed multiplied by the number of participants, there might be more then one workshop, or the workshop will be split up into a single talk and multiple workshop parts.<br />
<br />
=== Registration ===<br />
Every participant of the workshop will receive a temporarily and private AS number and two private networks. During the workshop, we will create an "Internet" with these details. In order to register, ping r3boot on IRC or send an email to r3boot at r3blog dot nl, and I will add you to the list below:<br />
<br />
{|<br />
! style="text-align: left; width: 10%"| Neighbor<br />
! style="text-align: left; width: 10%"| IP<br />
! style="text-align: left; width: 10%"| AS<br />
! style="text-align: left; width: 15%"| Prefix<br />
! style="text-align: left; width: 15%"| Subnet 1<br />
! style="text-align: left; width: 15%"| Subnet 2<br />
|-<br />
| r3boot<br />
|<br />
| 65001<br />
| 192.168.0.0/23<br />
| 192.168.0.0/24<br />
| 192.168.1.0/24<br />
|-<br />
|}<br />
<br />
=== Router requirements ===<br />
TBA</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=User:R3boot&diff=1175User:R3boot2024-07-15T11:45:46Z<p>R3boot: </p>
<hr />
<div>[[File:R3boot.jpg|thumb]]<br />
<br />
DevSecOps/SRE by day, hacker by night<br />
<br />
Interests:<br />
<br />
* UNIX<br />
* networking<br />
* 3d design / printing<br />
* NURDspace<br />
* Nature<br />
* Hiking</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=File:R3boot.jpg&diff=1174File:R3boot.jpg2024-07-15T11:45:04Z<p>R3boot: </p>
<hr />
<div>r3boot</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=Villages/Idiopolis&diff=1173Villages/Idiopolis2024-07-15T11:39:51Z<p>R3boot: </p>
<hr />
<div>An idiopolis is a city of idiots, where weirdness, creativity, freaks, connectivity and the quality of life combine to create dynamic local madness.<br />
<br />
<br />
In effect, idiopolis are cities where those who can choose where to hang out, choose to freak out.<br />
<br />
== Gibberish ==<br />
For many, the road to this village already started long ago. For its second arrival at Haxogreen, here are the idiots.<br />
<br />
And we're bringing Idioduinos! Expect a lot of chaos and unfinished projects. Be ready to be taken by suprise.<br />
<br />
<br />
== Contact ==<br />
You can contact us on our village DECT-phone: 4346 / IDIO or on irc: OFTC/#idiopolis<br />
<br />
<br />
== Travel ==<br />
We will get there<br />
<br />
<br />
== Villagers ==<br />
<br />
{| class="sortable wikitable smwtable"<br />
! Who !! ~ arrival date/time !! ~ departure date/time<br />
|-<br />
| BuZz || Tuesday afternoon || yes<br />
|-<br />
| nzo || Tuesday afternoon || yes<br />
|-<br />
| berend || Tuesday afternoon || yes<br />
|-<br />
| The0 || Sunday afternoon || Sunday morning<br />
|-<br />
| Pixal || Sunday afternoon || Sunday morning<br />
|-<br />
| Tiglo || Sunday afternoon || Sunday morning<br />
|-<br />
| Erin || Wednesday night || Sunday morning<br />
|-<br />
| Rwn || Wednesday night || Sunday morning<br />
|-<br />
| danieltoo || ? || ?<br />
|-<br />
| r3boot || Tuesday || Yes<br />
|-<br />
| bigmacfoobar || ? || ?<br />
|-<br />
| assa || ? || ?<br />
|-<br />
| ? || ? || ?<br />
|-<br />
| ? || ? || ?<br />
|-<br />
|}<br />
<br />
== Stuff ==<br />
<br />
<br />
== Events ==<br />
<br />
<br />
== Idocubator services ==<br />
An Idiocubator is a service that helps new and startup villages to develop by providing services such as training or space.<br />
<br />
We will be assisting new and exciting disruptions with:<br />
<br />
Coffee/Tea<br />
Lipo charging<br />
Lipo suction (discharging of Lipo)<br />
Meme creation<br />
Laughter<br />
Offering 'storefront' for selling kits/items/stickers/stuff<br />
-possibly- a cryptocoin to/from ccc coins exchange<br />
...<br />
<br />
Some of the AMAZING startups we are helping blossom into fruition:<br />
<br />
Projects:EspLight<br />
IDIOwhack - Projects:IDIOduino<br />
<br />
<br />
== Infrastructure ==<br />
Tents and rocks<br />
Power and network<br />
<br />
== Personal equipment ==<br />
Ice maker<br />
<br />
<br />
== Activities ==<br />
We tend to get very social:3.0<br />
<br />
We will try to host a 24/7 broadcast of Radiopolis (music/talk/noise radio) and Videopolis (Camera interpretation of Radiopolis). <br />
<br />
We will be bringing something to serve files with, likely with a bunch of content.<br />
<br />
== Links ==<br />
http://idiopolis.org/<br />
https://nurdspace.nl/<br />
https://hackwinkel.nl/<br />
<br />
<br />
== Buy-an-idiot ==<br />
Our unique sponsoring scheme allows anyone to buy an idiot. Once bought, the sponsor has to provide remuneration for the following costs we're making, and need saving:<br />
<br />
Table/Chair rental: 150eu<br />
MidiDome: ~200 100eu<br />
MaxiDome: ~700 350eu<br />
Monkeyhut: ~320eu<br />
Bus rental: ~900 540eu<br />
Power rental: 55eu<br />
...<br />
<br />
Current ~total: 1515eu<br />
<br />
With ~40 members this would be about 40eu p/p</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=Villages/Idiopolis&diff=1172Villages/Idiopolis2024-07-15T11:38:05Z<p>R3boot: </p>
<hr />
<div>An idiopolis is a city of idiots, where weirdness, creativity, freaks, connectivity and the quality of life combine to create dynamic local madness.<br />
<br />
<br />
In effect, idiopolis are cities where those who can choose where to hang out, choose to freak out.<br />
<br />
== Gibberish ==<br />
For many, the road to this village already started long ago. For its second arrival at Haxogreen, here are the idiots.<br />
<br />
And we're bringing Idioduinos! Expect a lot of chaos and unfinished projects. Be ready to be taken by suprise.<br />
<br />
<br />
== Contact ==<br />
You can contact us on our village DECT-phone: 4346 / IDIO or on irc: OFTC/#idiopolis<br />
<br />
<br />
== Travel ==<br />
We will get there<br />
<br />
<br />
== Villagers ==<br />
<br />
{| class="sortable wikitable smwtable"<br />
! Who !! ~ arrival date/time !! ~ departure date/time<br />
|-<br />
| BuZz || Tuesday afternoon || yes<br />
|-<br />
| nzo || Tuesday afternoon || yes<br />
|-<br />
| berend || Tuesday afternoon || yes<br />
|-<br />
| The0 || Sunday afternoon || Sunday morning<br />
|-<br />
| Pixal || Sunday afternoon || Sunday morning<br />
|-<br />
| Tiglo || Sunday afternoon || Sunday morning<br />
|-<br />
| Erin || Wednesday night || Sunday morning<br />
|-<br />
| Rwn || Wednesday night || Sunday morning<br />
|-<br />
| danieltoo || ? || ?<br />
|-<br />
| r3boot || Tuesday || Yes<br />
|-<br />
| bigmacfoobar || ? || ?<br />
|-<br />
| assa || ? || ?<br />
|-<br />
| ? || ? || ?<br />
|-<br />
| ? || ? || ?<br />
|-<br />
|}<br />
<br />
== Stuff ==<br />
<br />
<br />
== Events ==<br />
<br />
<br />
== Idocubator services ==<br />
An Idiocubator is a service that helps new and startup villages to develop by providing services such as training or space.<br />
<br />
We will be assisting new and exciting disruptions with:<br />
<br />
Coffee/Tea<br />
Lipo charging<br />
Lipo suction (discharging of Lipo)<br />
Meme creation<br />
Laughter<br />
Offering 'storefront' for selling kits/items/stickers/stuff<br />
-possibly- a cryptocoin to/from ccc coins exchange<br />
...<br />
<br />
Some of the AMAZING startups we are helping blossom into fruition:<br />
<br />
Projects:EspLight<br />
IDIOwhack - Projects:IDIOduino<br />
<br />
<br />
== Infrastructure ==<br />
Tents and rocks<br />
Power and network<br />
<br />
== Personal equipment ==<br />
Ice maker<br />
<br />
<br />
== Activities ==<br />
We tend to get very social:3.0<br />
<br />
We will try to host a 24/7 broadcast of Radiopolis (music/talk/noise radio) and Videopolis (Camera interpretation of Radiopolis). <br />
<br />
<br />
== Links ==<br />
http://idiopolis.org/<br />
https://nurdspace.nl/<br />
https://hackwinkel.nl/<br />
<br />
<br />
== Buy-an-idiot ==<br />
Our unique sponsoring scheme allows anyone to buy an idiot. Once bought, the sponsor has to provide remuneration for the following costs we're making, and need saving:<br />
<br />
Table/Chair rental: 150eu<br />
MidiDome: ~200 100eu<br />
MaxiDome: ~700 350eu<br />
Monkeyhut: ~320eu<br />
Bus rental: ~900 540eu<br />
Power rental: 55eu<br />
...<br />
<br />
Current ~total: 1515eu<br />
<br />
With ~40 members this would be about 40eu p/p</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=Schedule&diff=1171Schedule2024-07-15T11:35:44Z<p>R3boot: </p>
<hr />
<div><br />
Timed events<br />
<br />
{| class="sortable wikitable smwtable"<br />
! Date & Time !! Length !! Name !! Contact Person !! Village/Location<br />
|-<br />
| 2024-07-24 - 10:00 || ? || Home Automation with Home Assistant || Tezza || TBA<br />
|-<br />
| 2024-07-24 - 14:00 || 2h || Hotplate [[Badge]] soldering workshop || The0 || [[Villages/Idiopolis|Bormhack]]<br />
|-<br />
| 2024-07-25 - 10:00 || ? || Kubernetes 4 Home || Tezza || TBA<br />
|-<br />
| 2024-07-25 - 14:00 || 2h || getting started with [[KiCAD]] walkthrough || The0 || [[Villages/Idiopolis|Bormhack]]<br />
|-<br />
| 2024-07-?? - ??:?? || 2h || [[BGP_Workshop|BGP routing workshop]] || [[User:R3boot|"Lex" / r3boot]] || TBA<br />
|-<br />
| 2024-07-26 - 10:00 || ? || Running your own server @ home || Tezza || TBA<br />
|-<br />
| 2024-07-24 - 10:00 || ? || [[Yoga]] || [[User:Gunstick|Gunstick]] || Yoga spot<br />
|-<br />
| 2024-07-25 - 10:00 || ? || [[Yoga]] || [[User:Gunstick|Gunstick]] || Yoga spot<br />
|-<br />
| 2024-07-26 - 10:00 || ? || [[Yoga]] || [[User:Gunstick|Gunstick]] || Yoga spot<br />
|-<br />
| 2024-07-27 - 10:00 || ? || [[Yoga]] || [[User:Gunstick|Gunstick]] || Yoga spot<br />
|-<br />
|}<br />
<br />
On Demand<br />
{| class="sortable wikitable smwtable"<br />
! Name !! Contact Person !! Village/Location<br />
|-<br />
| [[Massage]] || [[User:Gunstick|Gunstick]] || ask at Infodesk or syn2cat table in hackcenter<br />
|-<br />
| [[Badge]] soldering || [[User:The0|The0]] || [[Villages/Idiopolis|Bormhack]]<br />
|}<br />
<br />
Stage<br />
{| class="sortable wikitable smwtable"<br />
! Date & Time !! Name !! Type<br />
|-<br />
| 2024-07-24 - 20:00-22:00 || MADTIXX || DJ<br />
|-<br />
| 2024-07-25 - 20:00-20:00 || 24Hrs of AI generated hardstyle-mongolian throatsinging-polka-reggae fusion mahem &brvbar; TBA || AI &brvbar; TBA<br />
|-<br />
| 2024-07-26 - 20:00-22:00 || Aluburkaseinbruder|| DJ<br />
|-<br />
| 2024-07-26 - 22:00-0:00 || l33tc0re || DJ<br />
|-<br />
| 2024-07-27 - 22:00-0:00 || MADTIXX || DJ<br />
|-<br />
|}</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=BGP_Workshop&diff=1170BGP Workshop2024-07-15T11:35:39Z<p>R3boot: </p>
<hr />
<div>=== Introduction ===<br />
Ever wondered how to use the protocol that binds the internet together? Are you looking for a way to dynamically manage routing on a diverse network? This workshop will help you understand the basics of BGP, by performing a number of tasks with BGP on a small-scale. We will work with the following subjects:<br />
<br />
* Routing theory<br />
* Setting up a peering<br />
* Route leaks<br />
* Aggregation<br />
* Hijacking<br />
* DDoS migitation (s/RTBH)<br />
<br />
Assumed is that you have an understanding of Linux and the basics of networking (what is an ip, what is a subnet, what is a router, what is a switch).<br />
<br />
'''IMPORTANT! You need to register for this workshop (see below), since it requires planning and preparation in advance.<br />
'''<br />
=== Requirements ===<br />
In order to participate in this workshop, you need to have the following:<br />
<br />
* A working Debian system (either virtualized or bare-metal)<br />
* A direct connection to the network (no nat, no routed connections)<br />
<br />
=== Planning ===<br />
Due to the amount of configuration needed multiplied by the number of participants, there might be more then one workshop, or the workshop will be split up into a single talk and multiple workshop parts.<br />
<br />
=== Registration ===<br />
Every participant of the workshop will receive a temporarily and private AS number and two private networks. During the workshop, we will create an "Internet" with these details. In order to register, ping r3boot on IRC or send an email to r3boot at r3blog dot nl, and I will add you to the list below:<br />
<br />
{|<br />
! style="text-align: left; width: 10%"| Neighbor<br />
! style="text-align: left; width: 10%"| IP<br />
! style="text-align: left; width: 10%"| AS<br />
! style="text-align: left; width: 15%"| Prefix<br />
! style="text-align: left; width: 15%"| Subnet 1<br />
! style="text-align: left; width: 15%"| Subnet 2<br />
|-<br />
| r3boot<br />
|<br />
| 65001<br />
| 192.168.0.0/23<br />
| 192.168.0.0/24<br />
| 192.168.1.0/24<br />
|-<br />
|}<br />
<br />
=== Router requirements ===<br />
TBA</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=User:R3boot&diff=1169User:R3boot2024-07-15T11:33:37Z<p>R3boot: Created page with "DevSecOps/SRE by day, hacker by night Interests: * UNIX * networking * 3d design / printing * NURDspace * Nature * Hiking"</p>
<hr />
<div>DevSecOps/SRE by day, hacker by night<br />
<br />
Interests:<br />
<br />
* UNIX<br />
* networking<br />
* 3d design / printing<br />
* NURDspace<br />
* Nature<br />
* Hiking</div>R3boothttps://wiki.haxogreen.lu/2024/w/index.php?title=BGP_Workshop&diff=1167BGP Workshop2024-07-15T11:26:45Z<p>R3boot: Created page with "=== Introduction === Ever wondered how to use the protocol that binds the internet together? Are you looking for a way to dynamically manage routing on a diverse network? This workshop will help you understand the basics of BGP, by performing a number of tasks with BGP on a small-scale. We will work with the following subjects: * Routing theory * Setting up a peering * Route leaks * Aggregation * Hijacking * DDoS migitation (s/RTBH) Assumed is that you have an understa..."</p>
<hr />
<div>=== Introduction ===<br />
Ever wondered how to use the protocol that binds the internet together? Are you looking for a way to dynamically manage routing on a diverse network? This workshop will help you understand the basics of BGP, by performing a number of tasks with BGP on a small-scale. We will work with the following subjects:<br />
<br />
* Routing theory<br />
* Setting up a peering<br />
* Route leaks<br />
* Aggregation<br />
* Hijacking<br />
* DDoS migitation (s/RTBH)<br />
<br />
Assumed is that you have an understanding of Linux and the basics of networking (what is an ip, what is a subnet, what is a router, what is a switch).<br />
<br />
=== Requirements ===<br />
In order to participate in this workshop, you need to have the following:<br />
<br />
* A working Debian system (either virtualized or bare-metal)<br />
* A direct connection to the network (no nat, no routed connections)<br />
<br />
=== Planning ===<br />
Due to the amount of configuration needed multiplied by the number of participants, there might be more then one workshop, or the workshop will be split up into a single talk and multiple workshop parts.<br />
<br />
=== Registration ===<br />
Every participant of the workshop will receive a temporarily and private AS number and two private networks. During the workshop, we will create an "Internet" with these details. In order to register, ping r3boot on IRC or send an email to r3boot at r3blog dot nl, and I will add you to the list below:<br />
<br />
{|<br />
! style="text-align: left; width: 10%"| Neighbor<br />
! style="text-align: left; width: 10%"| IP<br />
! style="text-align: left; width: 10%"| AS<br />
! style="text-align: left; width: 15%"| Prefix<br />
! style="text-align: left; width: 15%"| Subnet 1<br />
! style="text-align: left; width: 15%"| Subnet 2<br />
|-<br />
| r3boot<br />
|<br />
| 65001<br />
| 192.168.0.0/23<br />
| 192.168.0.0/24<br />
| 192.168.1.0/24<br />
|-<br />
|}<br />
<br />
=== Router requirements ===<br />
TBA</div>R3boot