CHIX operates two route servers with the following configuration:

RS1RS2
ASN: 212100ASN: 212100
IPv4: 185.1.59.254IPv4: 185.1.59.253
IPv6: 2001:7f8:cc:333::254IPv6: 2001:7f8:cc:333::253
System: FreeBSD + Bird 2.0.7System: OpenBSD + OpenBGPd

The configuration is generated using Arouteserver and data taken from PeeringDB (https://www.peeringdb.com/ix/2365). If you are a member and would like to peer with the Route Servers, you need to check the “Route Server” box there.

BGP sessions default configuration

  • Passive sessions are configured toward neighbors.
  • GTSM (Generalized TTL Security Mechanism – RFC5082) is disabled on sessions toward the neighbors.
  • ADD-PATH capability (RFC7911) is not negotiated by default.

Route server general behaviour

Default filtering policy

NEXT_HOP attribute

  • The route server verifies that the NEXT_HOP attribute of routes received from a client matches the IP address of the client itself .

AS_PATH attribute

  • Routes whose AS_PATH is longer than 32 ASNs are rejected.
  • The left-most ASN in the AS_PATH of any route announced to the route server must be the ASN of the announcing client.
  • Routes whose AS_PATH contains private or invalid ASNs are rejected.
  • Routes with an AS_PATH containing one or more “never via route-servers” networks‘ ASNs are rejected. List of “never via route-servers” networks’ ASNs is generated from PeeringDB.

IRRDBs prefix/origin ASN enforcement

  • Origin ASN validity is enforced. Routes whose origin ASN is not authorized by the client’s AS-SET are rejected.
  • Announced prefixes validity is enforced. Routes whose prefix is not part of the client’s AS-SET are rejected.
  • Route validity state is signalled to route server clients using the following BGP communities:
Validity StateStandardExtendedLarge
Prefix is included in client’s AS-SETNoneNone212100:65530:1
Prefix is NOT included in client’s AS-SETNoneNone212100:65530:2
Origin ASN is included in client’s AS-SETNoneNone212100:65530:3
Origin ASN is NOT included in client’s AS-SETNoneNone212100:65530:4
Prefix matched by a RPKI ROA for the authorized origin ASNNoneNone212100:65530:5
Prefix matched by an entry of the ARIN Whois DB dumpNoneNone212100:65530:6
Prefix matched by an entry of the NIC.BR Whois DB dumpNoneNone212100:65530:7
Route authorized soley because of a client white list entryNoneNone212100:65530:8

RPKI BGP Prefix Origin Validation

RPKI ROAs

Min/max prefix length

  • Only prefixes whose length is in the following range are accepted by the route server:
    • IPv4: 8-24
    • IPv6: 12-48

Rejected prefixes

  • Bogon prefixes are rejected;
  • IPv6 prefixes are accepted only if part of the IPv6 Global Unicast space 2000::/3.

Announcement control via BGP communities

  • Routes tagged with the NO_EXPORT or NO_ADVERTISE communities received by the route server are propagated to other clients with those communities unaltered.
FunctionStandardExtendedLarge
Do not announce to any clientNoneNone212100:0:212100
Announce to peer, even if tagged with the previous communityNoneNone212100:1:peer_as
Do not announce to peer0:peer_asNone212100:0:peer_as
Prepend the announcing ASN once to peerNoneNone212100:65511:peer_as
Prepend the announcing ASN twice to peerNoneNone212100:65512:peer_as
Prepend the announcing ASN thrice to peerNoneNone212100:65513:peer_as
Prepend the announcing ASN once to anyNoneNone212100:65501:212100
Prepend the announcing ASN twice to anyNoneNone212100:65502:212100
Prepend the announcing ASN thrice to anyNoneNone212100:65503:212100

Reject reasons

  • The following values are used to identify the reason for which routes are rejected. This is mostly used for troubleshooting, internal reporting purposes or in the route server log files.
IDReason
0Generic code: the route must be treated as rejected
1Invalid AS_PATH length
2Prefix is bogon
3Prefix is in global blacklist
4Invalid AFI
5Invalid NEXT_HOP
6Invalid left-most ASN
7Invalid ASN in AS_PATH
8Transit-free ASN in AS_PATH
9Origin ASN not in IRRDB AS-SETs
10IPv6 prefix not in global unicast space
11Prefix is in client blacklist
12Prefix not in IRRDB AS-SETs
13Invalid prefix length
14RPKI INVALID route
15Never via route-servers ASN in AS_PATH
65535Unknown