LINX Exchanges
SOFT Admin
SOFT Admin

LINX Route servers information

Route servers

LINX maintains route servers at each of the Peering LANs allowing members to establish multilateral peering with other participants.

Connect to the route servers

The Route Servers use the BIRD and OpenBGPd distributions with the Ubuntu Server Linux distribution.

Technical Details are as follows:

All route servers filter bogon address ranges.

Policy control

Policy control is done by use of BGP Standard Communities and BGP Large Communities. Members may tag their routes with the following to control policy via the route server.

The model is as follows:

If none of the above communities is present then the default behaviour is to advertise the prefix to all peers.

AS-Path prepending

Members can now manipulate the BGP AS_Path attribute through prepending multiple entries of an AS for prefixes they announce to the LINX Route-Servers. Members can action AS_Path prepending to deprioritize a route for an alternate path by tagging a specified community to their prefix or prefixes.

Members can either action AS-Path prepending to all members or to selective members.

The tables below show the standard and large communities to perform AS-Path prepending actions.

The table below shows the communities required to be tagged to announce prefixes with AS-prepending actioned to all members peering on the route-servers.

The table below shows the communities required to be tagged to announced prefixes with AS-prepending actioned to selective members peering on the route-servers.

The maximum number of AS-Path prepends allowed is three times. If members wish to have this increased, please contact [email protected]

Prefix validation

LINX is validating prefixes at ingress on all route servers. The validation is based on RPKI and IRR Object presence.

For RPKI validation we build a ROA table from IRR trust anchors and for IRR Object presence we build a list of valid origin ASN and prefixes based on route objects. Refines/more specifics of valid route objects are rejected.

We are looking for a valid AS-SET in the members PeeringDB record. If no valid AS-SET is found, we use the members ASN only, unless the member has provided us other information.

The results of the validation is reflected in communities which are being added at ingress:

  • 8714:65011 = Prefix is present in an AS's announced AS/AS-SET

  • 8714:65021 = Prefix is not present in an AS's announced AS/AS-SET

  • 8714:65010 = Prefix has valid Origin AS in AS-SET

  • 8714:65020 = Prefix has no valid Origin AS in AS-SET

  • 8714:65012 = Prefix is RPKI VALID

  • 8714:65022 = Prefix is RPKI INVALID

  • 8714:65023 = Prefix is RPKI UNKNOWN

The prefix validation will always occur, and members can check the communities being set to their prefixes, and as such see the result of the validation checks through the route server looking glass interface.

Prefixes will only be accepted on the following criteria where,

  1. Prefixes tagged with communities 8714:65010 (valid Origin AS in AS-SET) & 8714:65012  (RPKI VALID) or

  2. Prefixes tagged with communities 8714:65010 (valid Origin AS in AS-SET) & 8714:65011(Prefix is present in an AS's announced AS/AS-SET) & 8714:65023 (RPKI UNKNOWN).

All other prefixes will be filtered at egress.

Any member who prefers to receive an unfiltered set of prefixes can request to opt-out of the filtering by contact our NOC at [email protected].

Basic Remote-Triggered-Blackholing (RTBH) via the route servers

If you want to blackhole a certain IPv4 or IPv6 prefix by using the LINX route servers, then please the BLACKHOLE BGP Community (65535:666).

Please do not set the NO-EXPORT or NO-ADVERTISE community on your BGP announcement with the BLACKHOLE BGP Community as this tells the LINX route servers not to re-distribute this announcement. The route servers will add the NO_EXPORT community.

Looking glass

Looking Glass for route-servers is now accessible.

Vendor Issues

Corrupt AS path & malformed AS-Path issues

Some members who use Cisco, Brocade and Huawei devices to peer with may encounter issues in establishing peering sessions and may see notifications of invalid or corrupt AS path and Malformed AS-path in their device logs. Something similar to:


Sep 1 08:40:40.498 UTC: %BGP-5-ADJCHANGE: neighbor 195.66.225.230 Up
Sep 1 08:40:41.506 UTC: %BGP-5-ADJCHANGE: neighbor 195.66.225.230 Down BGP Notification sent
Sep 1 08:40:41.506 UTC: %BGP-3-NOTIFICATION: sent to neighbor 195.66.225.230 3/11 (invalid corrupt AS path) 11 bytes 40020802 033C3424 580097

This issue is caused where the peering device does not like to receive updates from the route-server where the first AS in the path is not the route-server AS.

To work around this please use one of the vendor specific commands in your router configuration.

Cisco/Quagga/Brocade/Arista

router bgp <ASN>
no bgp enforce-first-as

Huawei

bgp <ASN>
undo check-first-as

If members are having trouble peering with the route servers please contact support.

For more information on Route Server statistics, please look at Route Server Graphs

Route server peers at LINX

NB: This page only lists established sessions