Route Server
About RS
The Route Server (RS) is a network service that simplifies peering between MSK-IX participants and allows them to reduce the number of individually administered peering sessions. The RS retransmits BGP announcements between the connected participants, thus peering with the RS means establishing peering relations with all the other MSK-IX participants connected to the RS.
Route Server service doesn't influence cross-network delays as the traffic between interfaces of participants is transferred directly.
Available on the common peering VLAN, the RS operates over IPv4 and IPv6 and supports 16bit and 32bit AS numbers.
RS configuration info
| City | Route Server AS | AS-SET | IP-addresses of BGP-speakers* | Configuration update schedule** (local time) |
| Moscow | 8631 | AS-MSKROUTESERVER | 195.208.208.100/21 2001:7F8:20:101::208:100/64 |
15:30-16:30 (local time) daily except Sat. and Sun. |
| 195.208.215.100/21 2001:7F8:20:101::215:100/64 |
11:30-12:30 (local time) daily except Sat. and Sun. |
|||
| St.-Petersburg | 43690 | AS-SPBROUTESERVER | 194.226.100.100/23 2001:7f8:20:201::100:100/64 |
17:00-18:00 (local time) daily except Sat. and Sun. |
| 194.226.102.100/23 2001:7f8:20:202::102:100/64 |
13:00-14:00 (local time) daily except Sat. and Sun. |
|||
| Rostov-on-Don | 48216 | AS-RNDROUTESERVER | 193.232.140.100/24 2001:7f8:20:501::140:100/64 |
17:00-18:00 (local time) daily except Sat. and Sun. |
| 193.232.140.200/24 2001:7f8:20:501::140:200/64 |
12:30-13:30 (local time) daily except Sat. and Sun. |
|||
| Stavropol | 57056 | AS-STWROUTESERVER | 194.85.177.100/25 2001:7f8:20:901::177:100/64 |
17:00-18:00 (local time) daily except Sat. and Sun. |
| Samara | 47882 | AS-SMRROUTESERVER | 193.232.135.100/24 2001:7f8:20:601::135:100/64 |
17:00-18:00 (local time) daily except Sat. and Sun. |
| 193.232.135.200/24 2001:7f8:20:601::135:200/64 |
12:30-13:30 (local time) daily except Sat. and Sun. |
|||
| Kazan | 50706 | AS-KZNROUTESERVER | 194.190.119.100/24 2001:7f8:20:801::119:100/64 |
17:00-18:00 (local time) daily except Sat. and Sun. |
| Ekaterinburg | 43213 | AS-EKTROUTESERVER | 194.85.107.100/24 2001:7f8:20:301::107:100/64 |
17:00-18:00 (local time) daily except Sat. and Sun. |
| 194.85.107.200/24 2001:7f8:20:301::107:200/64 |
12:30-13:30 (local time) daily except Sat. and Sun. |
|||
| Novosibirsk | 42403 | AS-NSKROUTESERVER | 193.232.87.100/24 2001:7f8:20:401::87:100/64 |
17:00-18:00 (local time) daily except Sat. and Sun. |
| 193.232.87.200/24 2001:7f8:20:401::87:200/64 |
12:30-13:30 (local time) daily except Sat. and Sun. |
|||
| Vladivostok | 48531 | AS-VLVROUTESERVER | 193.232.136.100/24 2001:7f8:20:701::136:100/64 |
17:00-18:00 (local time) daily except Sat. and Sun. |
| 193.232.136.200/24 2001:7f8:20:701::136:200/64 |
12:30-13:30 (local time) daily except Sat. and Sun. |
Notes:
* In cities with two addresses of BGP-speakers the RS hardware consists of two redundant servers located at different locations.
** Configuration updates include checks and updates of information in the IRR, updates or the routing policy filters, application of changes to the configuration of the RS. The procedure takes from several minutes to one hour.
How to start using RS?
All participants using the RS must comply with the Technological Requirements.
To start using the RS, a participant must perform the following steps to establish a BGP peering session with Route Server autonomous system (see configuration table upper):
- Add peering with Route Server AS to the routing policy description of your AS. The routing policy description must be maintained in RIPE, ARIN, or RADB Internet Routing Registry (IRR).
- Send application from authorized contact address to noc@ix.ru containing the ID of the organization, the AS number and the IP address of the border router (IPv4 and/or IPv6).
- Configure BGP-sessions with both instances of the RS.
- Disable first-as check in your BGP configuration by issuing
no bgp enforce-first-as command (or it's counterparts for your vendor).
Information about MSK-IX participants peering with the RS may be retrieved at Customer Portal MSK-IX.
Information about RS routing policy may be retrieved from the RIPE database (see https://www.ripe.net or whois -h whois.ripe.net as[Route Server AS]).
Use the RS Looking Glass to view and debug BGP announcements to the RS.
RS routing policy
The RS exchanges the routing information with connected participants via BGP4 protocol as described in RFC4271. By default, the RS announces the best of all routes received from its peers. The Next-Hop attribute contains the IP-address of the host from RS received the announcement. The AS_PATH attribute is passed unchanged. Thus, the traffic is exchanged between RS peers directly.
RS is processing the BGP routes on the following rules:
- RS does not accept routes of private networks, default route and networks with special purpose (RFC6890).
- RS does not accept routes of private AS and AS with special purpose (RFC5398, RFC6996, RFC7300, RFC7607).
- RS does not accept routes for networks where the value "origin" of the object "route/route6" in the database IRR does not match with the starting AS number in the AS_PATH attribute.
- RS does not accept routes for networks for which the number of the last added AS in the AS_PATH attribute does not match the AS number of the participant established BGP session.
RS performs RPKI check (RFC6480) for the given route and mark result with special BGP community.
- Routes with RPKI_VALID status are accepted if "origin" AS number contains within AS-SET of this BGP peer policy (see paragraph 6).
- Routes with RPKI_INVALID status are rejected.
- Routes with RPKI_UNKNOWN status are processed according rules below.
- RS accepts the route if it has corresponding "route/route6" object that exists in IRR DB. This route object's AS number (or AS-SET) must be described in BGP peer "aut-num" object export/mp-export policy for route server AS number. The route and IRR DB route object sizes must be equal except paragraph 7.
- RS accepts routes if they has corresponding aggregate route (route with smaller netmask) in IRR DB. These accepted routes are marked with BGP community (RSAS:65500). The aggregate route meets same requirements as in 6 paragraph.
BGP community attributes
RSAS means Route Server AS number in your city.
Route Server supports two groups of BGP community attributes: basic and extra. Basic communities are applied in the table order. The processing priority of BGP Community: Large > Standard.
| 8631 | Moscow |
| 42403 | Novosibirsk |
| 43213 | Ekaterinburg |
| 43690 | St.-Petersburg |
| 47882 | Samara |
| 48216 | Rostov-on-Don |
| 48531 | Vladivostok |
| 50706 | Kazan |
| 57056 | Stavropol |
| 0 | Undefined |
| 8631 | Moscow |
| 42403 | Novosibirsk |
| 43213 | Ekaterinburg |
| 43690 | St.-Petersburg |
| 47882 | Samara |
| 48216 | Rostov-on-Don |
| 48531 | Vladivostok |
| 50706 | Kazan |
| 57056 | Stavropol |
Basic
| Action | BGP Standard Community (RFC1997) | BGP Large Community (RFC8092) |
| Block announcement of prefix to AS [peer-as] | 0:peer-as | RSAS:0:peer-as |
| Announce prefix to AS [peer-as] | RSAS:peer-as | RSAS:1:peer-as |
| Block announcement of prefix to all participants | 0:RSAS | RSAS:0:0 |
| Announce prefix to all participants | RSAS:RSAS | RSAS:1:0 |
| Blackhole community (blocking of incoming traffic) | 65535:666 | -- |
| Prepend once when announcing this prefix to AS [peer-as] | 1:peer-as | RSAS:101:peer-as |
| Prepend twice when announcing this prefix to AS [peer-as] | 2:peer-as | RSAS:102:peer-as |
| Prepend three times when announcing this prefix to AS [peer-as] | 3:peer-as | RSAS:103:peer-as |
| Geolocation specific BGP community to identify the city of interconnection (inserted automatically at RS side) |
11:City | RSAS:1911:City |
Extra
| Action | BGP Standard Community (RFC1997) |
| Aggregate for this prefix exists in IRR DB5 | RSAS:65500 |
| Announce prefix with no-export attribute | RSAS:65281 |
| RPKI_VALID (inserted automatically at RS side) | RSAS:65510 |
| RPKI_UNKNOWN (inserted automatically at RS side) | RSAS:65511 |
| RPKI_INVALID (inserted automatically at RS side) | RSAS:65512 |
| Set local-preference 0 | RSAS:0 |
| Set local-preference 50 | RSAS:50 |
| Set local-preference 100 | RSAS:100 |
Notes:
- In case of either no BGP community attribute is set or its format does not fit to the requirements above, prefix is accepted and announced throughout all participants.
- The Looking Glass displays prefixes announced to the RS and basic BGP communities. For extra BGP communities, only the result of their application is shown.
- When announcing via RS, all MSK-IX control communities are cleared, all the other community attributes are passed transparently.
- By default all announcements are assigned with local-preference 100.
- BGP community RSAS:65500 is used to mark prefixes which have aggregate route/route6 object (route with lower CIDR) and do not have corresponding route/route6 objects in IRR DB.
- IPv4: The BGP community is used for prefixes less or equal than /24 CIDR. Prefixes with CIDR from /25 to /32 are not marked and these prefixes are allowed if corresponding route objects exist in IRR DB.
- IPv6: The BGP community is used for prefixes less or equal than /48 CIDR. Prefixes with CIDR from /49 to /128 are not marked and these prefixes are allowed if corresponding route6 objects exist in IRR DB.
- Prefixes with set no-export attribute (65535:65281) are announced to all participants w/o modification.
Control BGP Standard Community for 32-bit AS numbers
Skip this section in case of control BGP Large Communities.
To use BGP communities with 32-bit AS numbers, set peer-as values as listed in the following table:
Protection against DDoS-attacks by blackholing
MSK-IX offers the Blackholing mechanism of protection from DDoS-attacks to all participants using RS. The mechanism allows the participant at the time of the attack to completely filter out incoming traffic directed to the attacked network prefix.
Traffic filtering is performed by rewriting BGP next-hop IP address on unique Blackhole filter interface for the affected network prefix within BGP-announcements of the participant. RS automatically rewrite next-hop for the participant with set Blackhole community 65535:666. Once the participant removes the Blackhole community attribute from its BGP-announcements traffic flow to the affected prefix is automatically resumed.
Notes:
- Attribute 65535:666 for Blackhole Community is used according to RFC 7999.
- IPv4 only: RS accepts networks with attribute 65535:666 and network size ranging from /25 through /32. It is recommended to use the /32 by default.
- IPv6 only: RS accepts networks with attribute 65535:666 and network size ranging from /49 through /128. It is recommended to use the /128 by default.
- It is recommended to accept RS announcements of networks with set attribute 65535:666 and size varying from /25 through /32 (ipv4) and size varying from /49 through /128 (ipv6) for all participants using RS.
- In accordance with the policy of regional Internet registries RIR (RIPE, RADB and so on), Blackhole community can be set up only for networks that have already been announced to the participant. RS accepts announcements from networks with set BGP community 65535:666 provided such networks have already been announced by the participant without attribute 65535:666.
The parameters of Blackhole filter interface
| City | IPv4 | IPv6 | MAC-address | BGP community |
| Moscow | 195.208.208.6 | 2001:7f8:20:101::208:6 | 0066.0066.0066 | 65535:666 |
| St.-Petersburg | 194.226.100.6 194.226.102.6 |
- | ||
| Rostov-on-Don | 193.232.140.6 | - | ||
| Stavropol | 194.85.177.6 | - | ||
| Samara | 193.232.135.6 | - | ||
| Kazan | 194.190.119.6 | - | ||
| Ekaterinburg | 194.85.107.6 | - | ||
| Novosibirsk | 193.232.87.6 | - | ||
| Vladivostok | 193.232.136.6 | - |
Bidirectional Forwarding Detection (BFD) protocol
The Bidirectional Forwarding Detection (BFD) protocol is designed to ensure rapid detection of link failures in networks and reroute traffic to an alternate path. The protocol is supported by all MSK-IX Route Servers.
To enable BFD protocol support for BGP session with the Route Server, send a request to noc@ix.ru from the address of your organization's technical or administrative representative.
BFD protocol timers and configurations (default values)*
| BFD protocol IP addresses | equal with BGP session config |
| Protocol and port | UDP, port 3784 |
| Min Rx interval | 1000 ms |
| Min Tx interval | 1000 ms |
| Idle Tx interval | 1000 ms |
| Multiplier | 5 |
Notes:
* If you wish to use other BFD timers, please consult with MSK-IX technical representatives .
Information on BFD sessions with the Route Server is available at Looking Glass MSK-IX under Summary and Neighbor Info.