Stuttgart-IX operates two Route Server, to allow peers to exchange routes without setting up bilateral BGP Sessions. Anyone Peering with the Route Server will receive all routes of all other route server peers, unless overwritten by a control community.
BGP Session Parameters
Please set up a BGP session to both Route Servers.
|RouteServer||IPv4||IPv6||ASN||Max. Prefix IPv4||Max. Prefix IPv6||IRRDB|
You can use the following Large Communities to control the Route Servers behavior:
|41139:0:0||Don’t announce to any AS (overwrite with 41139:1:PEERAS)|
|41139:0:PEERAS||Do not advertise to PEERAS|
|41139:1:PEERAS||Advertise to PEERAS (in combination with 41139:0:0)|
|41139:101:PEERAS||Prepend PEERAS 1x|
|41139:102:PEERAS||Prepend PEERAS 2x|
|41139:103:PEERAS||Prepend PEERAS 3x|
For compatibility with older routers following communities are supported:
|0:PEERAS||Do not advertise to PEERAS|
|41139:PEERAS||Advertise to PEERAS|
|0:41139||Do not advertise (overwrite with 41139:PEERAS)|
To assist in debugging the route server will set the following large communities when filtering routes, you can see them in our Looking Glass.
|41139:1101:1||Prefix is too long|
|41139:1101:2||Prefix is too short|
|41139:1101:3||The prefix mustn’t be routed in the internet (Bogon)|
|41139:1101:4||The ASN mustn’t be routed in the internet (Bogon)|
|41139:1101:5||The AS-Path is too long|
|41139:1101:6||The AS-Path is too short|
|41139:1101:7||First AS in AS-Path isnt’ the PEER-AS|
|41139:1101:8||Next-hop doesn’t match peer IP|
|41139:1101:9||Prefix not in the peers AS-SET|
|41139:1101:10||Origin AS is not in the peers AS-SET|
|41139:1101:11||Prefix is not in origin AS|
|41139:1101:14||A trasnit free AS was found in the AS-Path|
|41139:1101:15||Too many BGP Communities|
|41139:1000:3||RPKI not checked|
|41139:1001:2||IRRDB not checked|
|41139:1001:3||Prefix doesn’t exist in IRRDB, but a less specific does|
|41139:1001:1000||IRRDB filtered loose|
|41139:1001:1001||IRRDB filtered strict|
|41139:1001:1002||IRRDB prefix is empty|
|41139:1001:200||same as next-hop|
Stuttgart-IX takes routing security serious, you can find a list of steps taken below:
1. Filter too small prefixes
Routes more specific than a /24 IPv4 or /48 IPv6 will be rejected.
2. Filter Martians and Bogons
Prefixes that are not intented for routing in the internet will be rejected, see NLNOG BGP Filter Guide.
3. AS-Path Validation
Routes with no AS-Path or more than 64 ASNs in the AS-Path will be rejected.
Routes where the first AS in the AS-Path doesn’t math the Peers AS will be rejected.
4. Next Hop Validation
Routes whose next-hop don’t match the peers IP will be rejected.
5. Known Transit Networks
Routes whose AS-Path contain a known transit network will be rejected, see NLNOG BGP Filter Guide
6. IRRDB AS-Set verification
Routes whose Origin-AS is not included in the Peers AS-Set will be rejected.
7. RPKI Validation
Routes with a published ROA will be validated by the route server.
If the RPKI ROA Status is
invalid the route will be rejected.
If the RPKI ROA Status is
unknwown the route will be filtered according to IRRDB
You can find more information on RPKI in the RPKI guid of RIPE NCC or in the RPKI FAQ of NLNetLabs.
7.1 IRRDB Filtering
Routes with RPKI ROA Status
unknown will be filtered according to the respective IRRDB, only routes with a valid
route6 object will be accepted, others will be rejected.
The IRRDB-Data will be refreshed every 6 hours by the route server.