Route Server

Route Server Operation and Community Usage


Prefix Filter Updates

Automatically and continuously, according to the following schedule:

  • Every 15 minutes – data is retrieved from IRR databases.
  • Every 4 hours – each Route Server is updated.
  • 2-hour offset between servers – RS0 is updated first, and the same data is pushed to RS1 two hours later.

Route Servers' addresses

  • RS0: 193.25.180.255/23, 2001:7F8:63::FF/64
  • RS1: 193.25.181.0/23, 2001:7F8:63::FFFF/64

ASN: AS31210

AS-SET for filter generation: AS-DTEL-IX

BGP communities

Description Basic
RFC 1997
Extended
RFC 4360
Large
RFC 8092
Do not re-announce to any peer (highest priority) 0:31210 rt:0:31210 large:31210:0:31210
Do not re-announce to a peer with a 16-bit ASN 0:X rt:0:X large:31210:0:X
Do not re-announce to a peer with a 32-bit ASN rt:0:X large:31210:0:X
Re-announce only to a peer with a 16-bit ASN 31210:X rt:31210:X large:31210:31210:X
Re-announce only to a peer with a 32-bit ASN rt:31210:X large:31210:31210:X
Announce to all peers (default, lowest priority) 31210:31210 rt:31210:31210 large:31210:31210:31210
Prepend your own ASN to the AS-path X times towards ASN Y.
1 <= X <= 3
large:31210:6500X:Y
Prepend your own ASN to the AS-path X times towards all peers.
1 <= X <= 3
large:31210:6500X:31210
Blackhole for IPv4 /32 or IPv6 /64 prefix 65535:666
Simple Remote Triggered Firewall
The Simple RTBH mechanism allows a participant to drop all traffic towards a specific host within their network at the DTEL-IX edge.
Only /32 (IPv4) and /56 or more specific (IPv6) routes are accepted.

To activate blackholing, both of the following communities must be set:
  • 65535:666 — standard BLACKHOLE community according to RFC 7999
  • 31210:X or target:31210:X, where X is the ASN of the peer whose traffic should be dropped
If X = 31210, traffic will be blackholed from all peers.
Note: RTBH works only if both communities are applied at the same time: 65535:666 and 31210:31210.
Advanced Remote Triggered Firewall
The Advanced RTBH feature allows not only dropping traffic but also redirecting it to the DTEL-IX Firewall, specifying which type of traffic should be filtered or rate-limited.
It uses the same base community structure as Simple RTBH, with an additional extended community that defines the traffic type:
Traffic Type Drop Community Shape Community
All UDP traffic target:31210:1017000000 target:31210:1117000000
UDP, Src Port 53 (DNS) target:31210:1017000005 target:31210:1117000005
UDP, Src Port 123 (NTP) target:31210:1017000010 target:31210:1117000010
UDP, Src Port 389 (LDAP) target:31210:1017000050 target:31210:1117000050
UDP, Src Port 1900 (SSDP) target:31210:1017000100 target:31210:1117000100

Drop Community — drops all packets matching the specified rule.
Shape Community — rate-limits matching traffic to 5 Mbps.

Informational Communities
Route received from a peer with a 16-bit ASN 31210:X ro:31210:X large:31210:31210:X
Route received from a peer with a 32-bit ASN ro:31210:X large:31210:31210:X
Prefix Geotag (X – continent code, Y – ISO 3166-1 country code)
  • 1 – Africa
  • 2 – Oceania
  • 3 – Asia / Pacific
  • 4 – Antarctica
  • 5 – Europe
  • 6 – Latin and South America
  • 7 – North America
  • 8 – Anonymous proxies
  • 9 – Satellite providers
  • 0 – Unknown region
6500X:10YYY

Route Server Operating Features

  • Does not announce default routes, private networks, or private ASNs.
  • Shares the full routing table with all connected clients and allows flexible policy control using specific BGP attributes (see details below).
  • When receiving routes from a client, the Route Server sets the next-hop to the original router that announced them and redistributes those routes to other participants as-is.

Therefore, only routing information is exchanged via the Route Server, while the actual traffic flows directly between participants.

The most up-to-date description is always available via whois

  • Detailed information about DTEL-IX members that exchange routing information via the Route Server can be obtained from the RIPE database by querying the description of AS31210 (RS):

    whois -h whois.ripe.net as31210

Prefix Filtering Rules

When building inbound prefix filters, the whois.radb.net database is queried, and the Route Server applies filtering to received announcements based on the following principles:

  • Announcements of private networks are not accepted.
  • Announcements from private ASNs are not accepted.
  • Default route announcements are not accepted.
  • Announcements from AS XXX are accepted only if the origin value belongs to an allowed AS range.
  • Announcements from AS XXX are accepted only if the originating ASes are explicitly listed in the routing policy of AS XXX as being exported to AS31210.

Basic Route Servers' functionality

 

  • Prefix-list generation based on connected autonomous systems and IRR filtering.
  • Support for both IPv4 and IPv6.
  • RPKI support.
  • BFD support.
  • Blacklist for ASNs and prefixes.
  • Prefix-to-geo mapping support.
  • Simple Remote Triggered Blackhole (RTBH) for DDoS mitigation.
  • Advanced Remote Triggered Blackhole with redirection to the DTEL-IX firewall for more granular DDoS filtering.
  • Flowspec support with redirection to the DTEL-IX firewall.

Full List of Standards Supported by the Route Servers

  • RFC 1997 – BGP Communities Attribute
  • RFC 4360 – BGP Extended Communities
  • RFC 4384 – BGP Communities для геолокації
  • RFC 4893 / RFC 6793 – 32-бітні ASN
  • RFC 7947 – Internet Exchange Route Servers
  • RFC 7999 – BLACKHOLE community
  • RFC 8092 – BGP Large Communities
  • draft-hilliard-ix-bgp-route-server-operations

 

 

Choose the BE MOBILE data-park for colocation, and the DTEL-IX will take care of communication services and cross-connects.

Contact us

Ask a Question
DTEL-IX contacts:

Phone

+38 044 300 2233

E-mail:

BE MOBILE contacts:

Phone:

+38 044 494 35 05

E-mail:

Web site:

https://bemobile.ua/