LINX Exchanges
SOFT Admin
SOFT Admin

JEDix route server information

Overview

LINX/JEDix maintains route servers at each peering LAN, allowing members to establish multilateral peerings with other participants on JEDix. By establishing a single peering with a route server, routes can be shared with a large number of LINX members without configuring separate peerings with each LINX member.

Current route server statistics can be found here:Ā Route Server Graphs

JEDix route server list

All LINX route servers are using the BIRD distribution and are configured with ASNĀ 209421

All route servers filter bogon address ranges.

JEDix route server list

Policy control is done by use of BGP Standard Communities and BGP Large Communities. Members may tag their routes with the following to control policy via the route server. The model is as follows:

If none of the above communities is present, then the default behaviour is to advertise the prefix to all peers.

AS-Path prepending

Members can tag their prefixes with the following communities, causing the JEDix route server to prepend ASNs to the prefix when advertising it to either all or selected members.

The following communities will cause the JEDix route server to prepend ASNs to the prefix for all members peering on the route server.

The following communities will cause the JEDix route server to prepend ASNs to the prefix for the member with ASN $peer on the route server.

If you want to prepend more than three ASNs, please contact [email protected]

Prefix validation

LINX is validating prefixes at ingress on all route servers. The validation is based on RPKI and IRR Object presence.

For RPKI validation we build a ROA table from IRR trust anchors and for IRR Object presence we build a list of valid origin ASN and prefixes based on route objects. Refines/more specifics of valid route objects are rejected.

We are looking for a valid AS-SET in the members PeeringDB record. If no valid AS-SET is found, we use the members ASN only, unless the member has provided us other information.

The results of the validation is reflected in communities which are being added at ingress:

  • 209421:1001:1 = Prefix is present in an AS's announced AS/AS-SET

  • 209421:1001:6 = Prefix is not present in an AS's announced AS/AS-SET

  • 209421:1001:2 = Prefix has valid Origin AS in AS-SET

  • 209421:1001:5 = Prefix has no valid Origin AS in AS-SET

  • 209421:1000:1 = Prefix is RPKI VALID

  • 209421:1000:4 = Prefix is RPKI INVALID

  • 209421:1000:2 = Prefix is RPKI UNKNOWN

The prefix validation will always occur, and members can check the communities being set to their prefixes, and as such see the result of the validation checks through the route server looking glass interface.

Prefixes will only be accepted on the following criteria where,

  1. Prefixes tagged with communities 209421:1001:2 (valid Origin AS in AS-SET) & 209421:1000:1 (RPKI VALID) or

  2. Prefixes tagged with communities 209421:1001:2 (valid Origin AS in AS-SET) & 209421:1001:1 (Prefix is present in an AS's announced AS/AS-SET) & 209421:1000:2 (RPKI UNKNOWN).

All other prefixes will be filtered at egress.

Any member who prefers to receive an unfiltered set of prefixes can request to opt-out of the filtering by contact our NOC at [email protected].

Vendor issues

Corrupt AS path & malformed AS-Path issues

Some members who use Cisco, Brocade and Huawei devices to peer with may encounter issues in establishing peering sessions and may see notifications of invalid or corrupt AS path and Malformed AS-path in their device logs. Something similar to:

Sep 1 08:40:40.498 UTC: %BGP-5-ADJCHANGE: neighbor 195.66.225.230 Up Sep 1 08:40:41.506 UTC: %BGP-5-ADJCHANGE: neighbor 195.66.225.230 Down BGP Notification sentSep 1 08:40:41.506 UTC: %BGP-3-NOTIFICATION: sent to neighbor 195.66.225.230 3/11 (invalid corrupt AS path) 11 bytes 40020802 033C3424 580097

This issue is caused where the peering device does not like to receive updates from the route-server where the first AS in the path is not the route-server AS.

To work around this please use one of the vendor specific commands in your router configuration.

Cisco/Quagga/Brocade/Arista

router bgp <ASN>
no bgp enforce-first-as


Huawei

bgp <ASN>
undo check-first-as

If members are having trouble peering with the route servers please contact support.