Route Server

With the aim of simplifying the management of peering agreements and facilitating the setup of new members, in 2010 MIX has made available a route-server service on its peering LANs.

This mechanism, through a single BGP session, allows to configure and manage multiple BGP sessions with the other participants. This approach does not exclude the traditional setup of bilateral agreements: on the contrary, it is a useful integration.

Technical info

Every member of the route-server platform has its own list of prefixes that are considered valid for the BGP announcements. This list is obtained by querying the main IRRDB databases, using the Autonomous System Number of the member or, if necessary, a given as-set.

To this purpose, it is essential that every member keeps its records up-to-date: in particular, for every prefix that will be announced on the route-server, a corresponding route (or route6) object must exist on such databases, with the member ASN listed as the origin. Only those prefixes will be considered valid for that specific ASN. Once the BGP session is established, IP traffic will be exchanged transparently between pairs of neighbors on the peering LAN: the route-server IP address will never show up as a next-hop address, nor the route-server ASN will appear in the as-path. It is also necessary to configure no bgp enforce-first-as.

Finally, 32-bit ASNs are managed natively.

Addressing

On the main peering LAN

  • RS1 v4: 217.29.66.254
  • RS1 v6: 2001:7F8:B:100:1D1:A5D1:6004:254
  • RS2 v4: 217.29.66.253
  • RS2 v6: 2001:7F8:B:100:1D1:A5D1:6004:253
  • ASN: 61968

On the peering LAN of MIX-IT Palermo

  • RS v4: 185.1.186.253
  • RS v6: 2001:7f8:101:7::253
  • ASN: 61968

On the peering LAN of MIX-IT Bologna

  • RS v4: 185.1.231.253
  • RS v6: 2001:7f8:101:13::253
  • ASN: 61968

Sanity checks

Every prefix announced on route-servers are subject to some preliminary checks:

  • Prefix lengths allowed are /8 – /24 for IPv4 and /12 – /48 for IPv6
  • The first ASN in the as-path must be the one of the peering ASN
  • Routes that are well-known bogons or martians will be rejected
  • Routes with one or more private or invalid ASNs in their as-path will be rejected
  • Routes with one or more “transit free” ASNs in their as-path will be rejected

BGP Communities

All the route-servers handle well-known communities transparently, and allow to filter what is being announced by sending communities according to the following scheme

 

Function Standard Extended Large
Do not announce to any client 0:61968 rt:0:61968 61968:0:0
Announce to peer_as, even if tagged with the previous community

61968:peer_as

rt:61968:peer_as

61968:1:peer_as
Do not announce to peer_as 0:peer_as rt:0:peer_as 61968:0:peer_as
Prepend the announcing ASN once to peer_as 65511:peer_as rt:65511:peer_as 61968:101:peer_as
Prepend the announcing ASN twice to peer_as 65512:peer_as rt:65512:peer_as 61968:102:peer_as
Prepend the announcing ASN thrice to peer_as 65513:peer_as rt:65513:peer_as 61968:103:peer_as
Prepend the announcing ASN once to any 65501:61968 r:65501:61968 61968:101:0
Prepend the announcing ASN twice to any 65502:61968 rt:65502:61968 61968:102:0
Prepend the announcing ASN thrice to any 65503:61968 rt:65503:61968 61968:103:0
Add NO_EXPORT to peer_as 65281:peer_as rt:65281:peer_as 61968:65281:peer_as
Add NO_ADVERTISE to peer_as 65282:peer_as rt:65282:peer_as 61968:65282:peer_as

If no communities are sent, the default behavior is announcing to all the route-server participants.

RPKI support

On the route-servers origin validation via RPKI is enabled.

All INVALID prefixes are rejected.

Graceful BGP session shutdown

Route-servers honor the GRACEFUL_SHUTDOWN community (65535:0): routes tagged with this community have their LOCAL_PREF attribute lowered to 0.

“Never via route-servers” attribute

Routes with an AS_PATH containing one or more “never via route-servers” networks’ ASNs are rejected. The status of “never via route-servers” flag is obtained from PeeringDB.

Max prefix number

Route-server participants that explicitly set a max-prefix limit on the peering sessions are encouraged to set these limits according to what is published on the following PeeringDB page: https://peeringdb.com/net/13105

General info

Peering sessions on route-servers are configured as regular BGP sessions and allow, since day one, to exchange traffic with all the other members connected to the same platform. Route-servers only compute routing information, while the actual traffic exchange is clearly performed by the peering switches.