24 February 2020

New routing security feature in cooperation with PeeringDB

An AS might choose not to peer with route servers for whatever reason (e.g. a Tier 1 network), so if this AS shows up at a route server it is clearly a route leak or misconfiguration.

Routing security is an essential topic at DE-CIX, and in order to increase the routing security in general – and specifically at the DE-CIX route servers – we have proposed and discussed with the community a new feature for PeeringDB called "Never via route servers".

If a network registered with PeeringDB checks this box (in the section "Protocols Supported"), the DE-CIX route servers will honor this statement by filtering out any route containing the network's ASN. This feature is live at PeeringDB since 22 January, and some networks are already making use of this feature. 

This new routing security feature is live at all DE-CIX route servers globally. If you have any questions, please do not hesitate to contact us.

  • DE-CIX Route Server Guides
  • RPKI at the DE-CIX route servers