Stuttgart-IX operates two Route Server, to allow peers to exchange routes without setting up bilateral BGP Sessions. Anyone Peering with the Route Server will receive all routes of all other route server peers, unless overwritten by a control community.

BGP Session Parameters

Please set up a BGP session to both Route Servers.

RouteServer IPv4 IPv6 ASN Max. Prefix IPv4 Max. Prefix IPv6 IRRDB 2001:7f8:56::1 41139 20000 5000 AS-STUTTGARTIX-RS 2001:7f8:56::2 41139 20000 5000 AS-STUTTGARTIX-RS

BGP Communities

Control Communitites

You can use the following Large Communities to control the Route Servers behavior:

Large Community Description
41139:0:0 Don’t announce to any AS (overwrite with 41139:1:PEERAS)
41139:0:PEERAS Do not advertise to PEERAS
41139:1:PEERAS Advertise to PEERAS (in combination with 41139:0:0)
41139:101:PEERAS Prepend PEERAS 1x
41139:102:PEERAS Prepend PEERAS 2x
41139:103:PEERAS Prepend PEERAS 3x

For compatibility with older routers following communities are supported:

Community Description
0:PEERAS Do not advertise to PEERAS
41139:PEERAS Advertise to PEERAS
0:41139 Do not advertise (overwrite with 41139:PEERAS)

Informational Communitites

To assist in debugging the route server will set the following large communities when filtering routes, you can see them in our Looking Glass.

Large Community Description
41139:1101:1 Prefix is too long
41139:1101:2 Prefix is too short
41139:1101:3 The prefix mustn’t be routed in the internet (Bogon)
41139:1101:4 The ASN mustn’t be routed in the internet (Bogon)
41139:1101:5 The AS-Path is too long
41139:1101:6 The AS-Path is too short
41139:1101:7 First AS in AS-Path isnt’ the PEER-AS
41139:1101:8 Next-hop doesn’t match peer IP
41139:1101:9 Prefix not in the peers AS-SET
41139:1101:10 Origin AS is not in the peers AS-SET
41139:1101:11 Prefix is not in origin AS
41139:1101:12 RPKI Unknown
41139:1101:13 RPKI Invalid
41139:1101:14 A trasnit free AS was found in the AS-Path
41139:1101:15 Too many BGP Communities
41139:1000:1 RPKI valid
41139:1000:2 RPKI Unknown
41139:1000:3 RPKI not checked
41139:1001:1 IRRDB valid
41139:1001:2 IRRDB not checked
41139:1001:3 Prefix doesn’t exist in IRRDB, but a less specific does
41139:1001:1000 IRRDB filtered loose
41139:1001:1001 IRRDB filtered strict
41139:1001:1002 IRRDB prefix is empty
41139:1001:200 same as next-hop

Filter Mechanism

Stuttgart-IX takes routing security serious, you can find a list of steps taken below:

1. Filter too small prefixes

Routes more specific than a /24 IPv4 or /48 IPv6 will be rejected.

2. Filter Martians and Bogons

Prefixes that are not intented for routing in the internet will be rejected, see NLNOG BGP Filter Guide.

3. AS-Path Validation

Routes with no AS-Path or more than 64 ASNs in the AS-Path will be rejected.
Routes where the first AS in the AS-Path doesn’t math the Peers AS will be rejected.

4. Next Hop Validation

Routes whose next-hop don’t match the peers IP will be rejected.

5. Known Transit Networks

Routes whose AS-Path contain a known transit network will be rejected, see NLNOG BGP Filter Guide

6. IRRDB AS-Set verification

Routes whose Origin-AS is not included in the Peers AS-Set will be rejected.

7. RPKI Validation

Routes with a published ROA will be validated by the route server.
If the RPKI ROA Status is invalid the route will be rejected. If the RPKI ROA Status is unknwown the route will be filtered according to IRRDB You can find more information on RPKI in the RPKI guid of RIPE NCC or in the RPKI FAQ of NLNetLabs.

7.1 IRRDB Filtering

Routes with RPKI ROA Status unknown will be filtered according to the respective IRRDB, only routes with a valid route or route6 object will be accepted, others will be rejected.
The IRRDB-Data will be refreshed every 6 hours by the route server.