Route Server

MSK-IX / Internet Exchange / Route Server

Route Server

About RS
RS configuration info
How to start using RS?
RS routing policy
BGP community attributes
Control BGP Standard Community for 32-bit AS numbers
Protection against DDoS-attacks by blackholing
Bidirectional Forwarding Detection (BFD) protocol

About RS

The Route Server (RS) is a network service that simplifies peering between MSK-IX participants and allows them to reduce the number of individually administered peering sessions. The RS retransmits BGP announcements between the connected participants, thus peering with the RS means establishing peering relations with all the other MSK-IX participants connected to the RS.

Route Server service doesn't influence cross-network delays as the traffic between interfaces of participants is transferred directly.

Available on the common peering VLAN, the RS operates over IPv4 and IPv6 and supports 16bit and 32bit AS numbers.

RS configuration info

City	Route Server AS	AS-SET	IP-addresses of BGP-speakers*	Configuration update schedule**(local time)
Moscow	8631	AS-MSKROUTESERVER	195.208.208.100/21 2001:7f8:20:101::208:100/64	15:30-16:30 (local time) daily except Sat. and Sun.
Moscow	8631	AS-MSKROUTESERVER	195.208.215.100/21 2001:7f8:20:101::215:100/64	11:30-12:30 (local time) daily except Sat. and Sun.
St. Petersburg	43690	AS-SPBROUTESERVER	194.226.100.100/23 2001:7f8:20:201::100:100/64	17:00-18:00 (local time) daily except Sat. and Sun.
St. Petersburg	43690	AS-SPBROUTESERVER	194.226.102.100/23 2001:7f8:20:202::102:100/64	13:00-14:00 (local time) daily except Sat. and Sun.
Rostov-on-Don	48216	AS-RNDROUTESERVER	193.232.140.100/24 2001:7f8:20:501::140:100/64	17:00-18:00 (local time) daily except Sat. and Sun.
Rostov-on-Don	48216	AS-RNDROUTESERVER	193.232.140.200/24 2001:7f8:20:501::140:200/64	12:30-13:30 (local time) daily except Sat. and Sun.
Stavropol	57056	AS-STWROUTESERVER	194.85.177.100/25 2001:7f8:20:901::177:100/64	17:00-18:00 (local time) daily except Sat. and Sun.
Samara	47882	AS-SMRROUTESERVER	193.232.135.100/24 2001:7f8:20:601::135:100/64	17:00-18:00 (local time) daily except Sat. and Sun.
Samara	47882	AS-SMRROUTESERVER	193.232.135.200/24 2001:7f8:20:601::135:200/64	12:30-13:30 (local time) daily except Sat. and Sun.
Kazan	50706	AS-KZNROUTESERVER	194.190.119.100/24 2001:7f8:20:801::119:100/64	17:00-18:00 (local time) daily except Sat. and Sun.
Ekaterinburg	43213	AS-EKTROUTESERVER	194.85.107.100/24 2001:7f8:20:301::107:100/64	17:00-18:00 (local time) daily except Sat. and Sun.
Ekaterinburg	43213	AS-EKTROUTESERVER	194.85.107.200/24 2001:7f8:20:301::107:200/64	12:30-13:30 (local time) daily except Sat. and Sun.
Novosibirsk	42403	AS-NSKROUTESERVER	193.232.87.100/24 2001:7f8:20:401::87:100/64	17:00-18:00 (local time) daily except Sat. and Sun.
Novosibirsk	42403	AS-NSKROUTESERVER	193.232.87.200/24 2001:7f8:20:401::87:200/64	12:30-13:30 (local time) daily except Sat. and Sun.
Vladivostok	48531	AS-VLVROUTESERVER	193.232.136.100/24 2001:7f8:20:701::136:100/64	17:00-18:00 (local time) daily except Sat. and Sun.
Vladivostok	48531	AS-VLVROUTESERVER	193.232.136.200/24 2001:7f8:20:701::136:200/64	12:30-13:30 (local time) daily except Sat. and Sun.

Notes:

* In cities with two addresses of BGP-speakers the RS hardware consists of two redundant servers located at different locations.

** Configuration updates include checks and updates of information in the IRR, updates or the routing policy filters, application of changes to the configuration of the RS. The procedure takes from several minutes to one hour.

How to start using RS?

All participants using the RS must comply with the Technological Requirements.

To start using the RS, a participant must perform the following steps to establish a BGP peering session with Route Server autonomous system (see configuration table upper):

Add peering with Route Server AS to the routing policy description of your AS. The routing policy description must be maintained in RIPE, ARIN, or RADB Internet Routing Registry (IRR).
Send application from authorized contact address to noc@ix.ru containing the ID of the organization, the AS number and the IP address of the border router (IPv4 and/or IPv6).
Configure BGP-sessions with both instances of the RS.
Disable first-as check in your BGP configuration by issuing no bgp enforce-first-as command (or it's counterparts for your vendor).

Information about MSK-IX participants peering with the RS may be retrieved at Customer Portal MSK-IX.

Information about RS routing policy may be retrieved from the RIPE database (see https://www.ripe.net or whois -h whois.ripe.net as[Route Server AS]).

Use the RS Looking Glass to view and debug BGP announcements to the RS.

RS routing policy

The RS exchanges the routing information with connected participants via BGP4 protocol as described in RFC4271. By default, the RS announces the best of all routes received from its peers. The Next-Hop attribute contains the IP-address of the host from RS received the announcement. The AS_PATH attribute is passed unchanged. Thus, the traffic is exchanged between RS peers directly.

RS is processing the BGP routes on the following rules:

RS does not accept routes of private networks, default route and networks with special purpose (RFC6890).
RS does not accept routes of private AS and AS with special purpose (RFC5398, RFC6996, RFC7300, RFC7607).
RS does not accept routes for networks where the value "origin" of the object "route/route6" in the database IRR does not match with the starting AS number in the AS_PATH attribute.
RS does not accept routes for networks for which the number of the last added AS in the AS_PATH attribute does not match the AS number of the participant established BGP session.
RS performs RPKI check (RFC6480) for the given route and mark result with special BGP community.
1. Routes with RPKI_VALID status are accepted if "origin" AS number contains within AS-SET of this BGP peer policy (see paragraph 6).
2. Routes with RPKI_INVALID status are rejected.
3. Routes with RPKI_UNKNOWN status are processed according rules below.
RS accepts the route if it has corresponding "route/route6" object that exists in IRR DB. This route object's AS number (or AS-SET) must be described in BGP peer "aut-num" object export/mp-export policy for route server AS number. The route and IRR DB route object sizes must be equal except paragraph 7.
RS accepts routes if they has corresponding aggregate route (route with smaller netmask) in IRR DB. These accepted routes are marked with BGP community (RSAS:65500). The aggregate route meets same requirements as in 6 paragraph.

BGP community attributes

RSAS means Route Server AS number in your city.

Route Server supports two groups of BGP community attributes: basic and extra. Basic communities are applied in the table order. The processing priority of BGP Community: Large > Standard.

Basic

Action	BGP Standard Community (RFC1997)	BGP Large Community (RFC8092)
Block announcement of prefix to AS [peer-as]	0:peer-as	RSAS:0:peer-as
Announce prefix to AS [peer-as]	RSAS:peer-as	RSAS:1:peer-as
Block announcement of prefix to all participants	0:RSAS	RSAS:0:0
Announce prefix to all participants	RSAS:RSAS	RSAS:1:0
Blackhole community (blocking of incoming traffic)	65535:666	--
Prepend once when announcing this prefix to AS [peer-as]	1:peer-as	RSAS:101:peer-as
Prepend twice when announcing this prefix to AS [peer-as]	2:peer-as	RSAS:102:peer-as
Prepend three times when announcing this prefix to AS [peer-as]	3:peer-as	RSAS:103:peer-as
Geolocation specific BGP community to identify the city of interconnection (inserted automatically at RS side)	11:City	RSAS:1911:City

Extra

Action	BGP Standard Community (RFC1997)
Aggregate for this prefix exists in IRR DB⁵	RSAS:65500
Announce prefix with no-export attribute	RSAS:65281
RPKI_VALID (inserted automatically at RS side)	RSAS:65510
RPKI_UNKNOWN (inserted automatically at RS side)	RSAS:65511
RPKI_INVALID (inserted automatically at RS side)	RSAS:65512
Set local-preference 0	RSAS:0
Set local-preference 50	RSAS:50
Set local-preference 100	RSAS:100

Notes:

In case of either no BGP community attribute is set or its format does not fit to the requirements above, prefix is accepted and announced throughout all participants.
The Looking Glass displays prefixes announced to the RS and basic BGP communities. For extra BGP communities, only the result of their application is shown.
When announcing via RS, all MSK-IX control communities are cleared, all the other community attributes are passed transparently.
By default all announcements are assigned with local-preference 100.
BGP community RSAS:65500 is used to mark prefixes which have aggregate route/route6 object (route with lower CIDR) and do not have corresponding route/route6 objects in IRR DB.
- IPv4: The BGP community is used for prefixes less or equal than /24 CIDR. Prefixes with CIDR from /25 to /32 are not marked and these prefixes are allowed if corresponding route objects exist in IRR DB.
- IPv6: The BGP community is used for prefixes less or equal than /48 CIDR. Prefixes with CIDR from /49 to /128 are not marked and these prefixes are allowed if corresponding route6 objects exist in IRR DB.
Prefixes with set no-export attribute (65535:65281) are announced to all participants w/o modification.

Control BGP Standard Community for 32-bit AS numbers

Skip this section in case of control BGP Large Communities.

To use BGP communities with 32-bit AS numbers, set peer-as values as listed in

Participants	AS number, if exists	Community	City
Icewood LLC	201119	64865	Ekaterinburg
Tinkoff Mobile	202498	64985	Ekaterinburg
Cortel Limited liability company	205063	64802	Ekaterinburg
Obshchestvo s ogranichennoj otvetstvennost'yu «Cifrovye Seti Urala»	209307	64817	Ekaterinburg
EdgeCenter	210756	64912	Ekaterinburg
Okko	211609	64893	Ekaterinburg
JSC «MSK-IX»	205022	64839	Kazan
EdgeCenter	210756	64907	Kazan
Huawei Technologies Co. Ltd.	136907	64814	Moscow
Global Secure Layer, GSL Networks	137409	64982	Moscow
Kaopu Cloud HK Limited	138915	64935	Moscow
BaishanCloud	139057	64897	Moscow
Apple Communication Ltd.	139901	64941	Moscow
DE-CIX Academy	196610	64813	Moscow
NetOne Rus	196695	64712	Moscow
Laizer	196742	64973	Moscow
ISP WEBA Networks	196750	64771	Moscow
Azertelecom LLC	196925	64765	Moscow
JSC «R-Pharm»	197062	64711	Moscow
TeleMaks	197204	64761	Moscow
LinkTelecom NN	197275	64972	Moscow
RS-Media Ltd	197309	64983	Moscow
«DoubleGIS» Ltd.	197482	64963	Moscow
SkyNet LTD	197826	64709	Moscow
SPB TV Telecom LLC	197888	64722	Moscow
Federal State Unitary Enterprise «Morsziazsputnik»	197969	64875	Moscow
SIACOM JSC	198150	64976	Moscow
Joint Stock Company «Ul-com Media»	198297	64931	Moscow
limited liability company «INKO-Telecom	198367	64918	Moscow
LLC «United Networks»	198539	64885	Moscow
LTD BeGet	198610	64751	Moscow
JSC AVANT	199020	64988	Moscow
Limited Liability Company «Telecom-Birja»	199599	64734	Moscow
LLC «Okey-Telecom»	199669	64787	Moscow
Stack Groupp	200044	64824	Moscow
Yandex.Cloud LLC	200350	64815	Moscow
OOO Hosting Vashego Uspeha	200487	64756	Moscow
LIFESTREAM LTD	200976	64783	Moscow
Icewood LLC	201119	64860	Moscow
Tvoy Telecom, LLC	201211	64848	Moscow
waveperm	201302	64986	Moscow
LLC «Servicepipe»	201706	64847	Moscow
Miranda-Media LIMITED	201776	64821	Moscow
«MaximaTelecom» JSC	202173	64743	Moscow
Sky Telecom	202486	64838	Moscow
Intercom	202838	64867	Moscow
Chernyshov A.A.	202984	64905	Moscow
ShowJet LLC	204271	64880	Moscow
bstk	204297	64965	Moscow
«Technical Center of Internet» Limited Liability Company	204582	64831	Moscow
Company Buster	204600	64789	Moscow
CDNetworks	204720	64830	Moscow
JSC «MSK-IX»	205022	64810	Moscow
Cortel Limited liability company	205063	64801	Moscow
DE-CIX R&D	205530	64828	Moscow
Tinkoff Mobile	205638	64962	Moscow
Freedom	206011	64950	Moscow
medsi	206295	64825	Moscow
T1Cloud	206805	64971	Moscow
ugletelecom	206810	64924	Moscow
fastcom	206846	64868	Moscow
RUCOMTECH LLC	207133	64785	Moscow
G&G Telecom Co. Ltd.	207239	64981	Moscow
Limited Liability Company Floral alliance	207561	64851	Moscow
HOSTLINE, UAB	207785	64846	Moscow
LLC «LTDNET»	208129	64914	Moscow
O2xygen Ltd	208349	64923	Moscow
Cloud technologies Ltd	208677	64895	Moscow
Mossvyaz	208912	64827	Moscow
AO «Kaspersky Lab»	209030	64822	Moscow
«China Mobile International (Russia)» LLC	209141	64843	Moscow
Obshchestvo s ogranichennoj otvetstvennost'yu «Cifrovye Seti Urala»	209307	64966	Moscow
Tricolor LTD	209739	64837	Moscow
goldapple	210443	64960	Moscow
EdgeCenter	210756	64922	Moscow
DoorHan	211000	64894	Moscow
Telegram Messenger Inc	211157	64892	Moscow
Okko	211609	64888	Moscow
Alibaba.com (RU)	211914	64958	Moscow
Port 179 Ltd	212232	64957	Moscow
Kinescope	212236	64913	Moscow
Start.Ru, LLC	213075	64921	Moscow
UPIX NETWORKS INTERNATIONAL LLC	266925	64862	Moscow
Icewood LLC	201119	64864	Novosibirsk
Tinkoff Mobile	202498	64978	Novosibirsk
Fiber Telecom LTD	203784	64807	Novosibirsk
CDNetworks	204720	64849	Novosibirsk
Cortel Limited liability company	205063	64797	Novosibirsk
HOSTLINE, UAB	207785	64886	Novosibirsk
Obshchestvo s ogranichennoj otvetstvennost'yu «Cifrovye Seti Urala»	209307	64968	Novosibirsk
EdgeCenter	210756	64911	Novosibirsk
Okko	211609	64890	Novosibirsk
Icewood LLC	201119	64979	Rostov-on-Don
CDNetworks	204720	64866	Rostov-on-Don
EdgeCenter	210756	64908	Rostov-on-Don
Okko	211609	64975	Rostov-on-Don
CDNetworks	204720	64829	Samara
EdgeCenter	210756	64909	Samara
Okko	211609	64889	Samara
BaishanCloud	139057	64896	St. Petersburg
ISP WEBA Networks	196750	64763	St. Petersburg
LTD BeGet	198610	64750	St. Petersburg
RetnNet	198947	64805	St. Petersburg
LLC «Okey-Telecom»	199669	64788	St. Petersburg
AtomData Ltd	199860	64964	St. Petersburg
OOO Hosting Vashego Uspeha	200487	64755	St. Petersburg
Icewood LLC	201119	64861	St. Petersburg
Company Buster	204600	64790	St. Petersburg
Cortel Limited liability company	205063	64800	St. Petersburg
medsi	206295	64826	St. Petersburg
G&G Telecom Co. Ltd.	207239	64980	St. Petersburg
HOSTLINE, UAB	207785	64877	St. Petersburg
Obshchestvo s ogranichennoj otvetstvennost'yu «Cifrovye Seti Urala»	209307	64967	St. Petersburg
EdgeCenter	210756	64910	St. Petersburg
Okko	211609	64887	St. Petersburg
Individual entrepreneur Filicheva Natalya Sergeyevna	196949	64752	Vladivostok
EdgeCenter	210756	64906	Vladivostok

Protection against DDoS-attacks by blackholing

MSK-IX offers the Blackholing mechanism of protection from DDoS-attacks to all participants using RS. The mechanism allows the participant at the time of the attack to completely filter out incoming traffic directed to the attacked network prefix.

Traffic filtering is performed by rewriting BGP next-hop IP address on unique Blackhole filter interface for the affected network prefix within BGP-announcements of the participant. RS automatically rewrite next-hop for the participant with set Blackhole community 65535:666. Once the participant removes the Blackhole community attribute from its BGP-announcements traffic flow to the affected prefix is automatically resumed.

Notes:

Attribute 65535:666 for Blackhole Community is used according to RFC 7999.
IPv4 only: RS accepts networks with attribute 65535:666 and network size ranging from /25 through /32. It is recommended to use the /32 by default.
IPv6 only: RS accepts networks with attribute 65535:666 and network size ranging from /49 through /128. It is recommended to use the /128 by default.
It is recommended to accept RS announcements of networks with set attribute 65535:666 and size varying from /25 through /32 (ipv4) and size varying from /49 through /128 (ipv6) for all participants using RS.
In accordance with the policy of regional Internet registries RIR (RIPE, RADB and so on), Blackhole community can be set up only for networks that have already been announced to the participant. RS accepts announcements from networks with set BGP community 65535:666 provided such networks have already been announced by the participant without attribute 65535:666.

The parameters of Blackhole filter interface

City	IPv4	IPv6	MAC-address	BGP community
Moscow	195.208.208.6	2001:7f8:20:101::208:6	00:66:00:66:00:66	65535:666
St. Petersburg	194.226.100.6		00:66:00:66:00:66	65535:666
Rostov-on-Don	193.232.140.6		00:66:00:66:00:66	65535:666
Stavropol	194.85.177.6		00:66:00:66:00:66	65535:666
Samara	193.232.135.6		00:66:00:66:00:66	65535:666
Kazan	194.190.119.6		00:66:00:66:00:66	65535:666
Ekaterinburg	194.85.107.6		00:66:00:66:00:66	65535:666
Novosibirsk	193.232.87.6		00:66:00:66:00:66	65535:666
Vladivostok	193.232.136.6		00:66:00:66:00:66	65535:666

Bidirectional Forwarding Detection (BFD) protocol

The Bidirectional Forwarding Detection (BFD) protocol is designed to ensure rapid detection of link failures in networks and reroute traffic to an alternate path. The protocol is supported by all MSK-IX Route Servers.

To enable BFD protocol support for BGP session with the Route Server, send a request to noc@ix.ru from the address of your organization's technical or administrative representative.

BFD protocol timers and configurations (default values)*

BFD protocol IP addresses	equal with BGP session config
Protocol and port	UDP, port 3784
Min Rx interval	1000 ms
Min Tx interval	1000 ms
Idle Tx interval	1000 ms
Multiplier	5

Notes:

* If you wish to use other BFD timers, please consult with MSK-IX technical representatives .

If your device supports a BFD timer with a maximum of 999 ms, you can use it. In this case, there will be no errors or conflicts.

Information on BFD sessions with the Route Server is available at Looking Glass MSK-IX under Summary and Neighbor Info.

←Back to list