Service Description

Route Servers

ECIX offers networks connected to our Peering VLANs the opportunity to peer via our route servers. These offer peers the possibility to filter based on their IRRdb entries. Therefore, peering with the route servers does not eliminate the possibility of maintaining your peering policy.

Introduction

Normally, you need to maintain separate BGP sessions to each of your peers' routers. With a route server you can replace all, or a subset, of these sessions with just one session towards each route server.

The goal of the route server project is to facilitate the implementation of peering arrangements and lower the barrier of entry for new participants on the peering platform.

The route servers do not partake in the forwarding path, so they do not forward any traffic. Also, peering with a route server does not mean you are obliged to accept routes from all other route server participants.

Looking glass

The ECIX looking glass shows you all current routes on our Route Servers and is reachable at https://lg.ecix.net.
Click here for more information about ECIX's Looking Glass, Alice-LG,

Why use the Route Servers?

Let's make the answer easy: to simplify the setup for as many peers as possible on the ECIX network. With the large amount of connected parties on the ECIX platform, managing all your BGP sessions can be a full-time task. The goal of the route servers is to simplify this task. With only two BGP sessions per route server per Peering VLAN, you can connect to all the networks on the route servers. When a new party connects to the route servers, you can automatically exchange prefixes (depending on your filters).

Manage only your most important peers, let the route server do the rest

You probably want to exchange as much traffic as possible through the exchange, but setting up a peering takes time and effort. So only set up peering sessions with your most important peers. Let the route server do the rest.

Send and receive routes from day one

Once you connect to the route servers you will start exchanging routes immediately. The route servers are a good way to get started on the exchange.

Maintain your peering policy

The route servers have built in filters that allow you to maintain your peering policies. For more information, please read the filtering topic.

Route Server details

Berlin (ECIX-BER)

rs1.ber.ecix.net

ASN: 9033
IPv4: 194.9.117.253
IPv6: 2001:7f8:8:5:0:2349:0:fd
Platform: BIRD

rs2.ber.ecix.net

ASN: 9033
IPv4: 194.9.117.254
IPv6: 2001:7f8:8:5:0:2349:0:fe
Platform: BIRD

Dusseldorf (ECIX-DUS)

rs1.dus.ecix.net

ASN: 9033
IPv4: 194.146.118.253
IPv6: 2001:7f8:8::2349:0:fd
Platform: BIRD

rs2.dus.ecix.net

ASN: 9033
IPv4: 194.146.118.254
IPv6: 2001:7f8:8::2349:0:fe
Platform: BIRD

Hamburg (ECIX-HAM)

rs1.ham.ecix.net

ASN: 9033
IPv4: 193.42.155.253
IPv6: 2001:7f8:8:10:0:2349:0:fd
Platform: BIRD

rs2.ham.ecix.net

ASN: 9033
IPv4: 193.42.155.254
IPv6: 2001:7f8:8:10:0:2349:0:fe
Platform: BIRD

Frankfurt (ECIX-FRA)

rs1.fra.ecix.net

ASN: 9033
IPv4: 62.69.147.253
IPv6: 2001:7f8:8:20:0:2349:0:fd
Platform: BIRD

rs2.fra.ecix.net

ASN: 9033
IPv4: 62.69.147.254
IPv6: 2001:7f8:8:20:0:2349:0:fe
Platform: BIRD

Munich (INXS/ECIX-MUC)

rs1.muc.ecix.net

ASN: 9033
IPv4: 194.59.190.253
IPv6: 2001:7f8:2c:1000:0:2349:0:fd
Platform: BIRD

rs2.muc.ecix.net

ASN: 9033
IPv4: 194.59.190.254
IPv6: 2001:7f8:2c:1000:0:2349:0:fe
Platform: BIRD

Rules

When peering with the route servers ECIX mandates that routers are set up to connect to both route servers and advertise the same amount and length of prefixes for resilience.

Please note that the route servers are set to passive mode and will never initiate a BGP session. You should make sure that your equipment does so, i.e. connects to our TCP port 179 and that your inbound filtering/ACL rules permit establishing sessions with the route servers.

Route Server Peer Policies and Filtering

At ECIX you can choose between 4 different peering policies which affect what filters are applied to your peering session.

Open

Advertise routes to ALL other peers on the route server.

Fairly-open

Advertise routes to ALL other peers EXCEPT the specified ASses.

Selective

Advertise routes to NO peers EXCEPT the specified ASses.

Restrictive

Advertise routes to NO other peers.

Specifying your policy level and the exception AS list

You can specify your own policy level and your exception peer list using the following BGP communities, and in addition to the communities you can use our customer portal which will set the communities on the route server on the route advertisements:

Traditional BGP communities

(65000:0) do not announce this route to any ASN
(65000:ASN) do not announce this route to ASN
(64960:ASN) do announce this route to ASN if (65000:0) is set

(65001:0) prepend peer AS 1 time to all
(65001:ASN) prepend peer AS 1 time to ASN
(65002:0) prepend peer AS 2 times to all
(65002:ASN) prepend peer AS 2 times to ASN
(65003:0) prepend peer AS 3 times to all
(65003:ASN) prepend peer AS 3 times to ASN

(65020:ms) do NOT send this route to peers with RTT >= ms
(65021:ms) prepend 1x this route to peers with RTT >= ms
(65022:ms) prepend 2x this route to peers with RTT >= ms
(65023:ms) prepend 3x this route to peers with RTT >= ms
(65030:ms) do NOT send this route to peers with RTT <= ms
(65031:ms) prepend 1x this route to peers with RTT <= ms
(65032:ms) prepend 2x this route to peers with RTT <= ms
(65033:ms) prepend 3x this route to peers with RTT <= ms

Large BGP Communities

We also support the new Large BGP communities [RFC8092]which are able to support 4B ASNs.
More information on Large BGP communities can be found at: http://largebgpcommunities.net/

(9033:65000:ASN) do not announce this route to ASN
(9033:65000:0) do not announce this route to any ASN
(9033:64960:ASN) do announce this route to ASN if (65000:0) is set

(9033:65001:0) prepend peer AS 1 time to all
(9033:65001:ASN) prepend peer AS 1 time to ASN
(9033:65002:0) prepend peer AS 2 times to all
(9033:65002:ASN) prepend peer AS 2 times to ASN
(9033:65003:0) prepend peer AS 3 times to all
(9033:65003:ASN) prepend peer AS 3 times to ASN

(9033:65020:ms) do NOT send this route to peers with RTT >= ms
(9033:65021:ms) prepend 1x this route to peers with RTT >= ms
(9033:65022:ms) prepend 2x this route to peers with RTT >= ms
(9033:65023:ms) prepend 3x this route to peers with RTT >= ms
(9033:65030:ms) do NOT send this route to peers with RTT <= ms
(9033:65031:ms) prepend 1x this route to peers with RTT <= ms
(9033:65032:ms) prepend 2x this route to peers with RTT <= ms
(9033:65033:ms) prepend 3x this route to peers with RTT <= ms

In order to pick up the change in member's peering policy set via the portal, the ECIX route servers detect policy changes every hour starting at midnight Berlin time. If you wish to have your filters updated right away or encounter any problems, then please contact the ECIX NOC. The ECIX NOC can apply the new configuration for the route server to reflect your new policy. Policies set via BGP communities on the route advertisements are reflected immediately.

Communities set by the route servers

To all imported routes ECIX adds the following communitities:

  (9033:{{peering VLAN}}{{rs#}})
  (65011:ms) = RTT in ms.
  (65010:class) = RTT class 

The following community is a trace community which shows which Route Server served this route:

  (9033:{{peering VLAN}}{{rs#}})

For example, rs1.ber.ecix.net who is in the ECIX-BER peering VLAN which uses tag 305 will add community:

  (9033:3051)

ECIX also tags all routes with a community containing the the Route Server's lowest detected RTT for a peer in ms to the route.
This community is:

  (65011:ms) = RTT in ms.

The RTT shall be rounded up to the nearest whole ms, for example, 0.1 ms shall be represented as 1 ms.
Any RTT above 98 ms shall be represented as 99 ms.
65011:0 will mean that the Route Server could not get any RTT data for the peer.

Every route the Route Servers sends out shall now be tagged with an RTT class, this is meant to simplify the filtering process for our peers in regards to RTT as there are now only 4 values
instead of 100 as for the actual RTT ms community.

   (65010:0) = unknown
   (65010:1) > 0 ms & < 5 ms
   (65010:2) > 5 ms & < 20 ms
   (65010:3) > 20 ms

Import Filters

The ECIX route servers implement the following import filters for prefixes received from members.

  1. Filter out IP bogon prefixes:
    IPv4 bogon prefixes:
    0.0.0.0/0, 
    0.0.0.0/8+, 
    10.0.0.0/8+, 
    100.64.0.0/10, 
    127.0.0.0/8, 
    192.168.0.0/16+, 
    169.254.0.0/16+, 
    192.0.2.0/24+, 
    172.16.0.0/12+, 
    224.0.0.0/3+, 
    198.51.100.0/24+, 
    198.18.0.0/15+, 
    203.0.113.0/24+, 
    224.0.0.0/4,
    240.0.0.0/4

    IPv6 bogon prefixes:

    0000::/8+,
    0100::/8+,
    0200::/7+,
    0400::/6+,
    0800::/5+,
    1000::/4+,
    4000::/3+,
    6000::/3+,
    8000::/3+,
    A000::/3+,
    C000::/3+,
    E000::/4+,
    F000::/5+,
    F800::/6+,
    FC00::/7+,
    FE00::/9+,
    FE80::/10+,
    FEC0::/10+,
    FF00::/8+ 
  2. Do not accept networks smaller than /24 for IPv4 and /64 for IPv6
  3. Do not accept routes with ASN bogons anywhere in the AS-Path:
    ASN-Bogons:
    0,
    23456,
    64496..131071,
    4200000000..4294967295
  4. Do not accept routes with an AS-Path longer then 64 hops
  5. The first AS in the AS_path MUST belong to the advertising peer
  6. Do not accept any prefixes belonging to the ECIX peering networks:
    Ipv4:
    194.146.118.0/24,
    194.9.117.0/24,
    193.42.155.0/24,
    62.69.144.0/23,
    62.69.146.0/23,
    194.59.190.0/24

    IPv6:

    2001:7F8:8::/64,
    2001:7f8:8:5::/64,
    2001:7f8:8:10::/64,
    2001:7f8:8:15::/64,
    2001:7f8:8:20::/64,
    2001:7f8:8:25::/64,
    2001:7f8:2c:1000::/64
  7. The next hop address MUST belong to the advertising peer
  8. The last AS in the AS_path MUST belong to one of the ASses assigned to your own AS-SET
  9. The advertised prefix MUST belong one of the ASses assigned to your AS-SET

ECIX uses IRR-based filtering for its import filters using the following IRR-databases:
-ripe
-radb
-altdb
-arin
-afrinic
-apnic
-level3

ECIX Route Server Objects

Relevant objects for participating peers in the Route Server project are grouped into these AS-SETs:

  • AS-ECIX-BER
  • AS-ECIX-HAM
  • AS-ECIX-DUS
  • AS-ECIX-FRA
  • AS-ECIX-MUC

Max-Prefix Advisory

We advise a max-prefix of 80000 for IPv4 and 30000 for IPv6.

Deployment

Here we provide some examples from various vendors which show you how you can establish a session with our route servers.

Cisco

Below follows a sample configuration for Cisco routers to announce a prefix to the route servers:

!
router bgp [your-asn]
bgp always-compare-med
no bgp enforce-first-as
bgp log-neighbor-changes
neighbor ECIX-BER-RS peer-group
neighbor ECIX-BER-RS remote-as 9033
neighbor ECIX-BER-RS version 4
neighbor ECIX-BER-RS transport connection-mode active
neighbor ECIX-BER-RS-6 peer-group
neighbor ECIX-BER-RS-6 remote-as 9033
neighbor ECIX-BER-RS-6 version 4
neighbor ECIX-BER-RS-6 transport connection-mode active
neighbor 194.9.117.253 peer-group ECIX-BER-RS
neighbor 194.9.117.253 description rs1.ber.ecix.net
neighbor 194.9.117.254 peer-group ECIX-BER-RS
neighbor 194.9.117.254 description rs2.ber.ecix.net
neighbor 2001:7f8:8:5:0:2349:0:fd peer-group ECIX-BER-RS-6
neighbor 2001:7f8:8:5:0:2349:0:fd description rs1.ber.ecix.net
neighbor 2001:7f8:8:5:0:2349:0:fe peer-group ECIX-BER-RS-6
neighbor 2001:7f8:8:5:0:2349:0:fe description rs2.ber.ecix.net
!        
address-family ipv4
no neighbor ECIX-BER-RS-6 activate
neighbor ECIX-BER-RS activate
neighbor ECIX-BER-RS next-hop-self
neighbor ECIX-BER-RS soft-reconfiguration inbound
neighbor ECIX-BER-RS route-map TO-RS out
no auto-summary
no synchronization
neighbor 194.9.117.253 peer-group ECIX-BER-RS
neighbor 194.9.117.254 peer-group ECIX-BER-RS
network 192.168.110.0 mask 255.255.255.0
network 192.168.111.0 mask 255.255.255.0
network 192.168.112.0 mask 255.255.255.0
exit-address-family
!
address-family ipv6
neighbor ECIX-BER-RS-6 activate
neighbor ECIX-BER-RS-6 next-hop-self
neighbor ECIX-BER-RS-6 soft-reconfiguration inbound
neighbor ECIX-BER-RS-6 route-map TO-RS out
neighbor 2001:7f8:8:5:0:2349:0:fd peer-group ECIX-BER-RS-6
neighbor 2001:7f8:8:5:0:2349:0:fe peer-group ECIX-BER-RS-6
network 2001:DB8:10::/64
network 2001:DB8:11::/64
network 2001:DB8:12::/64
exit-address-family
!
ip as-path access-list 12 permit ^$
!
ip prefix-list TO-RS seq 10 permit 192.168.110.0/24
ip prefix-list TO-RS seq 20 permit 192.168.111.0/24
ip prefix-list TO-RS seq 30 permit 192.168.112.0/24
!
ipv6 prefix-list TO-RS seq 10 permit 2001:DB8:10::/64
ipv6 prefix-list TO-RS seq 20 permit 2001:DB8:11::/64
ipv6 prefix-list TO-RS seq 30 permit 2001:DB8:12::/64
!
route-map TO-RS permit 10
match ip address prefix-list TO-RS
!

Note that for recent IOS versions (e.g. 12.0(26)S and 12.2(25)S and up, where this has become the - hidden - default) you will have to specify "no bgp enforce-first-as (IOS, IOS-XE) / bgp enforce-first-as disable (IOS-XR)" as the route server does not insert its own ASN into the AS_path of relayed prefix announcements. Zebra and Quagga suffer from the same problem since somewhere in 0.91.

Juniper

Below is a similar example for Juniper routers:

[edit]
user@junix# show protocols bgp 
group IPV4-RS {
    type external;
    description "Route Servers";
    family inet {
        unicast;
    }
    export TO-RS;
    peer-as 9033;
    neighbor 194.9.117.253 {
        description rs1.ber.ecix.net;
    }
    neighbor 194.9.117.254 {
        description rs2.ber.ecix.net;
    }
}

[edit]
user@junix# show policy-options policy-statement TO-RS 
term unicast-export {
    from {
        rib inet.0;
        prefix-list to-announce;
    }
    then accept;
}
term end {
    then reject;
}

[edit]
user@junix# show policy-options prefix-list to-announce 
10.25.1.0/24;