Route servers

Peering with the route servers

The route servers use AS43369 and are:

  • rs1.minap.it: 185.1.114.252 2001:7f8:c5::1
  • rs2.minap.it: 185.1.114.253 2001:7f8:c5::2

Please configure peering sessions with both route servers.

The route servers are configured as passive BGP neighbors, so the members' routers must initiate the BGP sessions.

The route servers support the BGP ADD-PATH capability in send-only mode: neighbors negotiating it will receive all the paths available for a route. For more information about path hiding by route servers you may consult section 2.3 of RFC 7947.

Support for the GTSM (TTL security, RFC 5082) can be configured on request from each member.

Routing security

All route servers peers are prefix-filtered with IRR data and RPKI.

All received routes are subject to the following checks:

Is the originating AS part of the expansion of the peer's as-set?

  • No: reject.
  • Yes: what is the RPKI status of the prefix?
    • Valid: accept.
    • Invalid: reject.
    • Unknown: does the prefix have a corresponding route object in the IRRDB?
      • Yes: accept.
      • No: reject.

Routes with the ASN of a transit-free network in the path are rejected (peer locking). Additionally, regional peer locking is implemented by rejecting the AS numbers of some relevant italian networks which are not expected to receive transit by MINAP members.

Routes containing private use or martian prefixes or AS numbers are rejected.

Received routes must have the BGP neighbor IP as the next-hop and the BGP neighbor ASN as the first ASN in the path.

BGP communites

The usual traffic engineering communities are implemented:

  • 0:PEERASN or 43369:0:PEERASN: do not advertise to PEERASN.
  • 43369:PEERASN or 43369:1:PEERASN: advertise to PEERASN.
  • 0:43369 or 43369:0:0: do not advertise to any peer.
  • 43369:101:PEERASN: prepend 1x to PEERASN.
  • 43369:102:PEERASN: prepend 2x to PEERASN.
  • 43369:103:PEERASN: prepend 3x to PEERASN.

And also:

Routes are tagged with the Euro-IX standard BGP communities (beware: some are not exported to members and are only visible in the looking glass).

Mapping 32 bit ASNs

Peers with 32 bit ASNs can be filtered either by using large BGP communities, or by using standard communities and mapping the 32 bit peers ASN to a 16 bit ASN. E.g. routes to AS 201333 can be blocked by tagging them with the 43369:0:201333 large community or the 0:65040 standard community.

The current list of mappings is:

  • IPKom: AS 198013 to AS 65075.
  • Fastcon: AS 198399 to AS 65096.
  • Wavecom: AS 200497 to AS 65080.
  • Naquadria: AS 201333 to AS 65040.
  • JCOM: AS 201502 to AS 65083.
  • Next.it: AS 201950 to AS 65064.
  • GOLINE: AS 202032 to AS 65077.
  • Netoip.com: AS 202709 to AS 65092.
  • Bluwifi: AS 203180 to AS 65086.
  • Gate T1: AS 204326 to AS 65088.
  • Alfa Service: AS 209102 to AS 65079.

(The mapped community can be computed by adding 65024 to the last octet of the peer's IPv4 address.)

Technology

Both route servers use BIRD 2.x.

The configurations of the route servers are generated by rpsltool, a multi-vendor BGP configurations and filters generator. A lightly edited version of the configuration template used by MINAP is included in the rpsltool repository.