UAE-IX route server guide

Route Server Information

UAE-IX operates so-called route server systems (s. RFC7947 for a detailed description) to facilitate the exchange of BGP announcements between peers at UAE-IX. Each peer needs only to set up a BGP connection to the route server in order to receive the BGP announcements of all other peers having a BGP connection with the route server.

BGP Session Parameters

This section provides a brief overview of the BGP session parameters to connect to the route servers:

rs1185.1.8.250
2001:7f8:73::efbe:fa:1
rs2185.1.8.251
2001:7f8:73::efbe:fb:1
rsbh1185.1.8.252
2001:7f8:73::efbe:fc:1
AS61374
RIR macro (AS-SET)IPv4: AS-UAEIX
IPv6: AS-UAEIX-V6
Recommended prefix limit rs1/rs2 (your side)  IPv4: 200,000
IPv6: 25,000
noc-mailsupport@uae-ix.net
peer-mailpeering@uae-ix.net


BGP Announcement Filtering

This section describes the filtering mechanism that can be used to filter BGP announcements.

Your Side

You can safely accept any BGP announcements received via the route servers as UAE-IX filters all incoming BGP announcements from all peers. The filtering mechanism is described in the Section "UAE-IX Side".

If you additionally want to filter on your side based on AS-SETs, you can do so by using one or more of the following AS-SETs registered in the RIPE database:

RIR macro (AS-SET)Purpose
AS-UAEIXAS-SETs off all UAE-IX DXB customers (IPv4)
AS-UAEIX-V6AS-SETs off all UAE-IX DXB customers (IPv6)
AS-UAEIX-CONNECTED ASNs of all UAE-IX DXB customers


UAE-IX Side

At UAE-IX, the route servers filter based on AS-path as well as IP prefixes. The BGP announcements a route server receives from a peer are checked against the AS-SET the peer provided beforehand. The AS-SET can be changed by contacting the UAE-IX customer service team (support@uae-ix.net).

Based on an AS-SET provided by a peer an BGP announcement is checked as follows:

  • The IP prefix is checked against martians (private and reserved IP prefixes as defined by RFC1918RFC5735, and RFC6598).
  • The IP prefix is checked to be registered in a RIR database by an AS as part of the recursively resolved AS-SET.
  • The origin AS is checked by resolving the AS-SET provided by the peer recursively.
  • The AS-path is checked against martians (private and reserved ASN numbers as defined by RFC7607RFC6793RFC5398RFC6996RFC7300RFC5398).

The UAE-IX filters are updated every 4 hours. Don't forget to register your IP prefixes in the RIR database well in advance (at least 24h before announcing the first time).

Route Server Setup

The route servers at UAE-IX consists of two machines. The software utilized to provide the route server service is BIRD.

Even so that the route server system consists of two machines only one is required. However, every peer is requested to connect to both machines so that in case one machine is out of order (e.g. maintenance), the route server service can still be used.

Route Server Control

Please note that if the $PEERAS is a four byte AS number you have to use the BGP Extended or Large Communities.

Control of Re-distribution

You can control which BGP announcements you send to the route servers are redistributed to other peers. In fact, you can also control which peer / AS receives which BGP announcements you send to the route servers. For this, BGP CommunitiesBGP Extended Communities and BGP Large Communities can be used.

The following BGP Communities are supported:

ActionBGP Standard Community (RFC 1997)  BGP Extended Community (RFC 4360)  BGP Large Community (RFC 8092)
Redistribute to all (default)61374:61374rt:61374:6137461374:1:0
Do not redistribute0:61374rt:0:6137461374:0:0
Redistribute to $PEERAS
(in combination with 0:61374)

61374:$PEER-ASrt:61374:$PEER-AS61374:1:$PEERAS
Do not Redistribute to $PEERAS  0:$PEER-ASrt:0:$PEER-AS61374:0:PEERAS


The route servers remove the aforementioned BGP Communities and BGP Extended Communities from a BGP announcement before re-distributing it. The well-known BGP Communities NO-EXPORT (65535:65281) and NO-ADVERTISE (65535:65282) are also honored meaning that a BGP announcement marked by one of these communities is not re-distributed to any peer. If you want the route server system to add a NO-EXPORT or NO-ADVERTISE community for a given BGP announcement before re-distributing, you have to add the community (61374:65281) or (61374:65282) respectively.

More than one of the aforementioned BGP Communities and BGP Extended Communities can be added to a single BGP announcement. UAE-IX recommends not to add more than 50 of these communities as it makes handling complex and error-prone. If you need to do this, please contact Customer Service (support@uae-ix.net). The following table lists the evaluation order of the different BGP Communities and BGP Extended Communities which helps to build complex filter rules. In case two or more BGP (extended) Communities are contradicting the community with the lowest evaluation order wins.

Evaluation order  Community
1.NO-EXPORT (65535:65281)
NO-ADVERTISE (65535:65282)
2.0:$PEER-AS
rt:0:$PEER-AS
3.61374:$PEER-AS
rt:61374:$PEER-AS
4.0:61374
5.61374:61374


All BGP Communities and BGP Extended Communities that are not listed above are not touched by the route servers and transparently re-distributed. For backwards compatibility, routes with no community at all are distributed to all peers as well.

You can obtain a list of BGP announcements received from a peer by entering the peer's IP address in "neighbor info" tab of the UAE-IX looking glass.

The following section contains examples showing how the different BGP Communities and BGP Extended Communities can be used.

Examples

Example 1

BGP announcements marked with the following communities are only re-distributed to AS64501 and AS64502:

  • (0:61374)
  • (61374:64501)
  • (61374:64502)

Example 2

BGP announcements marked with the following communities are re-distributed to all peers / ASNs except AS64501 and AS64502:

  • (0:64501)
  • (0:64502)
  • (61374:61374)

Example 3

BGP announcements tagged with the following communities are only re-distributed to AS65550 (4 Byte ASN) and AS64501 (2 Byte ASN):

  • (0:61374)
  • (rt:61374:65550) or (ro:61374:21345)
  • (61374:64501)

Path Prepending

You can use BGP communities to prepend your own ASN up to three times. This can be done to all other peers or selective to only certain peers.

BGP Standard Communities:
Prepend your ASN to all peers once: 65001:0
Prepend your ASN to all peers twice: 65002:0
Prepend your ASN to all peers three times: 65003:0
Prepend your ASN to $PEERAS once: 65001:$PEERAS
Prepend your ASN to $PEERAS twice: 65002:$PEERAS
Prepend your ASN to $PEERAS three times: 65003:$PEERAS

BGP Extended Communities:
Prepend your ASN to $PEERAS once: rt:65001:$PEERAS
Prepend your ASN to $PEERAS twice: rt:65002:$PEERAS
Prepend your ASN to $PEERAS three times: rt:65003:$PEERAS

BGP Large Communities:
Prepend your ASN to all peers once: 61374:101:0
Prepend your ASN to all peers twice: 61374:102:0
Prepend your ASN to all peers three times: 61374:103:0

Prepend your ASN to $PEERAS once: 61374:101:$PEERAS
Prepend your ASN to $PEERAS twice: 61374:102:$PEERAS
Prepend your ASN to $PEERAS three times: 61374:103:$PEERAS

Route Server Session Types

We offer two session types:

Standard/Public Session (default)

  • We re-distribute all your announcements to other peers while honoring the BGP Communities which allow you to restrict your announcements
  • We advertise all announcements from other peers to you while honoring the BGP Communities which allow others peers to restrict their announcements

Monitor Session

From an operational point of view, it is advised to set up BGP sessions to both route servers, even if you do not wan't to peer with (i.e. advertise prefixes to) the route servers. This helps UAE-IX staff to quickly monitor the availability of each peer.

Please note that you are required to set up BGP sessions with (but don't need to advertise prefixes to) the UAE-IX route servers to be able to claim credits for the GlobePEER service. Otherwise, UAE-IX may not be able to comply with it's SLA (please see UAE-IX Technical Policy and SLA).

If your decision not to establish BGP sessions with the route servers was made due to your peering policy, please contact us for establishing a monitoring only session. You don’t have to advertise any prefixes and you won’t receive any prefixes from us on that session.