Public
Child pages
  • BGP Route Servers
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 38 Next »

Bi-lateral peering is considered best practice !

While the Route Server service is made available as a convenience, it is strongly recommended that, in addition to any sessions you plan to establish with the BGP Route Servers, you still maintain direct bi-lateral peering sessions with peers that you feel are important to your network! BGP Route Servers should be used to pickup smaller peers only, and not as a replacement for your discrete peering policy!

There are two BGP route servers on each peering LAN.  It is recommended to always peer with both BGP Route Servers at a location, as sessions to both servers ensure that there is no disruption to your routing should it be necessary to performance maintenance.

 

 

INXASNHostnameTypeIPv4IPv6
JINX37700routeserver1.jinx.net.zaBIRD196.223.14.12001:43f8:1f0::1
routeserver2.jinx.net.zaBIRD196.223.14.22001:43f8:1f0::2
CINX37701routeserver1.cinx.net.zaBIRD196.223.22.12001:43f8:1f1::1
routeserver2.cinx.net.zaBIRD196.223.22.22001:43f8:1f1::2
DINX37699routeserver1.dinx.net.zaBIRD196.223.30.12001:43f8:1f2::1
routeserver2.dinx.net.zaBIRD196.223.30.22001:43f8:1f2::2

BGP next-as

Ensure that if you do plan on peering with the BGP Route Servers, you understand that the BGP-RS does not attach its ASN to outbound BGP messages.

Please implement the IOS "no bgp enforce-next-as" (or IOS-XR "enforce-first-as disable"), or appropriate equivalent, for your platform.

Max-prefix

We recommend that you set the BGP max-prefix to the BGP-RS to 100,000 prefixes for IPv4 and 50,000 prefixes for IPv6

BGP Communities for policy control

A simple set of BGP communities are made available for rudimentary policy control.  These will be expanded on, as the BGP Route Server service is improved. 

AS-Path Stripping

The BGP route servers do not add their own ASN in the advertised path, so if you're constructing filtering, do not use the BGP route servers ASN!

CommunityActionExplanation
37700:65281add no-exportadds the well known no-export community to all routes sent to peers
37700:65282add no-advertiseadds the well known no-advertise community to all routes sent to peers
0:peer-asdeny to peer-asblock announcement of route to peer-as
0:37700block allblock announcement of route to all peers
37700:peer-asallow to peer-asannounce prefix to specific peer-as (in conjunction with block all)
37700:37700allow allannounce prefix to all peers (implicit default)

Remember to use the correct ASN

Note: The above communities example applies to peers using the JINX route servers. The appropriate ASN for each INX, should be substituted when using the BGP route servers, at other INXes.

Prefixes filtered by the Route Server service

For the overall safety and security of our participants, we actively filter the following prefixes at the Route Servers.  That is, advertisements from peers, containing the following networks, will be stripped, and not onward announced.

IPv4 prefixes filtered by the BGP-RS (RFC6890)
martians = [ 
 10.0.0.0/8+,
 100.64.0.0/10+,
 127.0.0.0/8+,
 169.254.0.0/16+, 
 172.16.0.0/12+, 
 192.0.0.0/24,
 192.0.2.0/24,
 192.168.0.0/16+,
 198.18.0.0/24,
 198.51.100.0/24,
 203.0.113.0/24,
 224.0.0.0/4+, 
 240.0.0.0/4+, 
 0.0.0.0/32-, 
 0.0.0.0/0{25,32}, 
 0.0.0.0/0{0,7} 
];
IPv6 prefixes filtered by the BGP-RS
martians = [ 
    0000::/8{8,128},        # loopback, unspecified, v4-mapped
    0064:ff9b::/96{96,128}, # IPv4-IPv6 Translat. [RFC6052]
    0100::/8{8,128},        # reserved for Discard-Only Address Block [RFC6666]
    0200::/7{7,128},        # Reserved by IETF [RFC4048]
    0400::/6{6,128},        # Reserved by IETF [RFC4291]
    0800::/5{5,128},        # Reserved by IETF [RFC4291]
    1000::/4{4,128},        # Reserved by IETF [RFC4291]
    2001::/32{33,128},      # Teredo prefix [RFC4380]
    2001:0002::/48{48,128}, # Benchmarking [RFC5180]
    2001:0003::/32{32,128}, # Automatic Multicast Tunneling [RFC7450]
    2001:10::/28{28,128},   # Deprecated ORCHID [RFC4843]
    2001:20::/28{28,128},   # ORCHIDv2 [RFC7343]
    2001:db8::/32{32,128},  # documentation purpose [RFC3849]
    2002::/16{17,128},      # 6to4 prefix [RFC3068]
    3ffe::/16{16,128},      # used for the 6bone but was returned [RFC5156]
    4000::/3{3,128},        # Reserved by IETF [RFC4291]
    5f00::/8{8,128},        # used for the 6bone but was returned [RFC5156]
    6000::/3{3,128},        # Reserved by IETF [RFC4291]
    8000::/3{3,128},        # Reserved by IETF [RFC4291]
    a000::/3{3,128},        # Reserved by IETF [RFC4291]
    c000::/3{3,128},        # Reserved by IETF [RFC4291]
    e000::/4{4,128},        # Reserved by IETF [RFC4291]
    f000::/5{5,128},        # Reserved by IETF [RFC4291]
    f800::/6{6,128},        # Reserved by IETF [RFC4291]
    fc00::/7{7,128},        # Unique Local Unicast [RFC4193]
    fe80::/10{10,128},      # Link Local Unicast [RFC4291]
    fec0::/10{10,128},      # Reserved by IETF [RFC3879]
    ff00::/8{8,128}         # Multicast [RFC4291]
  ];

 

 

 

  • No labels