DE-CIX New York Route Server Guide

Route Server Information

DE-CIX operates so-called route server systems (s. RFC7947 for a detailed description) to facilitate the exchange of BGP announcements between peers at DE-CIX. Each peer needs only to set up a BGP connection to the route server in order to receive the BGP announcements of all other peers having a BGP connection with the route server.

BGP Session Parameters

This section provides a brief overview of the BGP session parameters to connect to the route servers:

rs1206.130.10.252
2001:504:36::f63a:afc:1
rs2206.130.10.253
2001:504:36::f63a:afd:1
AS 63034
RIR macro (AS-SET) IPv4: AS-DECIX-NYC
IPv6: AS-DECIX-NYC-V6
Recommended prefix limit rs1/rs2 (your side):IPv4: 200,000
IPv6: 50,000

BGP Announcement Filtering

This section describes the filtering mechanism that can be used to filter BGP announcements.

Your Side

You can safely accept any BGP announcements received via the route servers as DE-CIX filters all incoming BGP announcements from all peers. The filtering mechanism is described in the Section "DE-CIX Side".

If you additionally want to filter on your side based on AS-SETs, you can do so by using one or more of the following AS-SETs registered in the RIPE database:

RIR macro (AS-SET)Purpose
AS-DECIX-NYCAS-SETs of all DE-CIX NYC customers (IPv4)
AS-DECIX-NYC-V6AS-SETs of all DE-CIX NYC customers (IPv6)
AS-DECIX-NYC-CONNECTEDASNs of all DE-CIX NYC customers 

DE-CIX Side

At DE-CIX, the route servers filter based on AS-path as well as IP prefixes. The BGP announcements a route server receives from a peer are checked against the AS-SET the peer provided beforehand. The AS-SET can be changed by contacting the DE-CIX customer service team.

Based on an AS-SET provided by a peer a BGP announcement is checked as follows:

  • The IP prefix is checked against martians (private and reserved IP prefixes as defined by RFC 1918, RFC 5735, and RFC 6598).
  • The IP prefix is checked to be registered in a RIR database by an AS as part of the recursively resolved AS-SET.
  • The origin AS is checked by resolving the AS-SET provided by the peer recursively.
  • The AS-path is checked against martians (private and reserved ASN numbers as defined by RFC5398, RFC6793, RFC6996, RFC7300, RFC7607).

The DE-CIX filters are updated every 4 hours. Don't forget to register your IP prefixes in the RIR database well in advance (at least 24h before announcing the first time).

Route Server Setup

The route servers at DE-CIX consists of two machines. The software utilized to provide the route server service is BIRD.

Even so that the route server system consists of two machines only one is required. However, every peer is requested to connect to both machines so that in case one machines is out of order (e.g. maintenance), the route server service can still be consumed.

If the conventional route server system receives a BGP announcement marked as a Blackhole, the NO-EXPORT community and the BLACKHOLE Community are added. This makes sure each BGP announcement marked as Blackhole can be easily filtered and does not spread widely in the Internet routing system.

Route Server Control

Operational BGP Communities can be used to control various functions of the route server. With this communities, you can:

  • control the redistribution of advertised prefixes
  • prepend your own AS up to three times
  • trigger the calculation of a new alternate path (if available) for your advertised prefixes before you start commencing a maintenance

More information can be found here.

Route Server Prefix Information

Informational BGP Communities are used to signal various information about redistributed prefixes. The DE-CIX route servers tag all prefixes with certain BGP Communities to indicate their origin. You can use this information to determine where a certain prefix has been injected into the DE-CIX switching platform. This gives you the possibility to filter routes learned from the route servers based on geographical location. 

More information can be found here.

Route Server Session Types

We offer two session types:

Standard/Public Session (default)

  • We re-distribute all your announcements to other peers while honoring the BGP Communities which allow you to restrict your announcements
  • We advertise all announcements from other peers to you while honoring the BGP Communities which allow others peers to restrict their announcements

Monitor Session

From an operational point of view, it is advised to set up BGP sessions to both route servers, even if you do not want to peer with (i.e. advertise prefixes to) the route servers. This helps DE-CIX staff to quickly monitor the availability of each peer.

Please note that you are required to set up BGP sessions with (but do not need to advertise prefixes to) the DE-CIX route servers to be able to claim credits for the GlobePEER service. Otherwise DE-CIX may not be able to comply with its SLA (DE-CIX GlobePEER Technical Service Description: III. IP LAYER CONFIGURATION (ISO/OSI LAYER 3) - Interface configuration).

If your decision not to establish BGP sessions with the route servers was made due to your peering policy, please contact us for establishing a monitoring only session. You do not have to advertise any prefixes and you will not receive any prefixes from us on that session.

Example Configurations