Route Servers
SFMIX offers route servers to facilitate multilateral peering. Utilizing a single BGP session (or ideally two for redundancy and reliability), a route server filters, aggregates, and passes on all other route server participant routes. The main intention here is to enable immediate use of the Internet Exchange, without having to negotiate and configure sessions with each individual participant network.
Direct/bilateral peering sessions are still encouraged; using the route servers service is purely optional.
The configuration for these route servers is generated with arouteserver.
SFMIX uses two distinct software stacks for resilience in the face of 0-day vulnerabilities or bugs in the routing software.
One stack uses BIRD running on Linux, using Routinator on Linux as a source for RPKI ROA VRPs.
One stack uses OpenBGPD running on OpenBSD, using rpki-client on OpenBSD as a source for RPKI ROA VRPs.
Detailed arouteserver configuration summary information is available:
To help debug why routes may be getting filtered or accepted, use the SFMIX Route Browser, which is based on the Alice Looking Glass.
As much as possible, SFMIX Route Servers strive to implement the Euro-IX standardized Large BGP Communities for IXPs
Routing Security
The Route Servers will filter announcements from participant networks based on RPKI, IRR entries, as well as enforcing a maximum prefix count (from PeeringDB, falling back to a hard maximum)
RPKI Unknown routes are currently allowed through the route servers (as there are still many networks that do not or can not publish RPKI ROAs), but RPKI Invalid routes are filtered and not propagated.
As part of the regular generation of our Route Server configuration, SFMIX publishes an IRR as-set object with ARIN to facilitate participants building IRR-based filters for their SFMIX route server sessions.
The as-set name is called “AS-SFMIX-RS”
Connection Information
| Service | ASN | IPv4 | IPv6 |
|---|---|---|---|
| Route Server #1 (BIRD v2/Linux) |
63055 | 206.197.187.253 | 2001:504:30::ba06:3055:1 |
| Route Server #2 (OpenBGPD / OpenBSD) |
63055 | 206.197.187.254 | 2001:504:30::ba06:3055:2 |
BGP Communities for Propagation Control
The following BGP community values may be utilized for traffic engineering purposes, controlling how your prefixes are propagated to other participant networks
| Standard Community String | Large Community String | Function |
|---|---|---|
| 0:63055 | 63055:0:0 | Do not announce to any peers (unless otherwise tagged) |
| 63055:[Peer ASN] | 63055:1:[Peer ASN] | Announce to [Peer ASN] (Even if tagged with the previous community) |
| 0:[Peer ASN] | 63055:0:[Peer ASN] | Do not announce to [Peer ASN] |
| 65511:[Peer ASN] | 63055:101:[Peer ASN] | Prepend the announcing ASN to [Peer ASN] – Once (1) |
| 65511:[Peer ASN] | 63055:101:[Peer ASN] | Prepend the announcing ASN to [Peer ASN] – Once (1) |
| 65512:[Peer ASN] | 63055:102:[Peer ASN] | Prepend the announcing ASN to [Peer ASN] – Twice (2) |
| 65513:[Peer ASN] | 63055:103:[Peer ASN] | Prepend the announcing ASN to [Peer ASN] – Thrice (3) |
| 65501:63055 | 63055:101:0 | Prepend the announcing ASN to all peers – Once (1) |
| 65502:63055 | 63055:102:0 | Prepend the announcing ASN to all peers – Twice (2) |
| 65503:63055 | 63055:103:0 | Prepend the announcing ASN to all peers – Thrice (3) |
| 63055:65281 | 63055:65281:65281 | Add the Well-Known NO_EXPORT Community to all peers |
| 65281:[Peer ASN] | 63055:65281:[Peer ASN] | Add the Well-Known NO_EXPORT Community to [Peer ASN] |
| 65282:[Peer ASN] | 63055:65282:[Peer ASN] | Add the Well-Known NO_ADVERTISE Community to [Peer ASN] |
BGP Communities for Informational Metadata
These BGP communities are used as additional metadata about where routes were learned from, or attributes about the participant network.
More information on the colocation locations and site codes are available on our Locations page.
| Large Community String | Meaning |
|---|---|
| 63055:1900:0 | Participant Type: Infrastructure |
| 63055:1900:1 | Participant Type: Member |
| 63055:1900:2 | Participant Type: Exempt |
| 63055:1984:0 | Route learned at Location: sfo01 (365 Main) |
| 63055:1984:1 | Route learned at Location: sfo02 (200 Paul) |
| 63055:1984:2 | Route learned at Location: fmt01 (HE.net FMT2) |
| 63055:1984:3 | Route learned at Location: sjc01 (11 Great Oaks) |
| 63055:1984:4 | Route learned at Location: scl01 (QTS SJC1) |
| 63055:1984:5 | Route learned at Location: scl02 (CoreSite SV4) |
| 63055:1984:6 | Route learned at Location: scl04 (OpenColo) |
BGP Communities to Explain Filtration
Rather than completely drop and discard filtered routes, they are instead tagged internally to the Route Server, and filtered out from being redistributed to other participant networks.
In this way, the routing information in the route server can be used to debug and diagnose why participant network routes are being filtered out or passed through.
| Standard Community String | Large Community String | Meaning |
|---|---|---|
| 64512:11 | 63055:64512:11 | Prefix is included in client’s IRR AS-SET |
| 64512:10 | 63055:64512:10 | Prefix is NOT included in client’s IRR AS-SET |
| 64512:21 | 63055:64512:21 | Origin ASN isincluded in client’s IRR AS-SET |
| 64512:20 | 63055:64512:20 | Origin ASN is NOT included in client’s IRR AS-SET |
| 64512:31 | 63055:64512:31 | Prefix is matched by an RPKI ROA for the authorized origin ASN |
| 64512:41 | 63055:64512:41 | Prefix is authorized solely because of a client allow list entry |
| 64512:51 | 63055:1000:1 | RPKI Origin Validation: Valid |
| 64512:52 | 63055:1000:2 | RPKI Origin Validation: Unknown |
| 64512:53 | 63055:1000:4 | RPKI Origin Validation: Invalid |
| 64512:50 | 63055:1000:3 | RPKI Origin Validation not performed |
| 65520:0 | 63055:65520:0 | Generic rejection |
| 65520:1 | 63055:65520:1 | Invalid AS_PATH length |
| 65520:2 | 63055:65520:2 | Prefix is a bogon |
| 65520:3 | 63055:65520:3 | Prefix is in global block list |
| 65520:4 | 63055:65520:4 | Invalid Address Family Identifier (AFI) |
| 65520:5 | 63055:65520:5 | Invalid NEXT_HOP |
| 65520:6 | 63055:65520:6 | Invalid left-most ASN |
| 65520:7 | 63055:65520:7 | Invalid ASN in AS_PATH |
| 65520:8 | 63055:65520:8 | Transit-free ASN in AS_PATH |
| 65520:9 | 63055:65520:9 | Origin ASN not in IRRDB AS-SETs |
| 65520:10 | 63055:65520:10 | IPv6 Prefix is not in Global Unicast address space |
| 65520:11 | 63055:65520:11 | Prefix is in client blacklist |
| 65520:12 | 63055:65520:12 | Prefix is not in IRRDB AS-SETs |
| 65520:13 | 63055:65520:13 | Invalid Prefix Length |
| 65520:14 | 63055:65520:14 | RPKI Invalid |
| 65520:15 | 63055:65520:15 | An ASN in the AS_PATH is marked as “Never via Route Servers” in PeeringDB |
| 65520:65535 | 63055:65520:65535 | Unknown rejection reason |