• Skip to primary navigation
  • Skip to main content
SFMIX

SFMIX

San Francisco Metropolitan Internet Exchange

  • About
    • What is SFMIX?
    • The Team
    • Documentation
  • Connect
    • Connection Guide
    • Locations
  • Services
    • Route Servers
    • Looking Glass
    • Statistics
  • Participants
  • Sponsors
  • Contact

Route Servers

Route Servers


SFMIX offers route servers to facilitate multilateral peering. Utilizing a single BGP session (or ideally two for redundancy and reliability), a route server filters, aggregates, and passes on all other route server participant routes. The main intention here is to enable immediate use of the Internet Exchange, without having to negotiate and configure sessions with each individual participant network.

Direct/bilateral peering sessions are still encouraged; using the route servers service is purely optional.

The configuration for these route servers is generated with arouteserver.

SFMIX uses two distinct software stacks for resilience in the face of 0-day vulnerabilities or bugs in the routing software.
One stack uses BIRD running on Linux, using Routinator on Linux as a source for RPKI ROA VRPs.
One stack uses OpenBGPD running on OpenBSD, using rpki-client on OpenBSD as a source for RPKI ROA VRPs.

Detailed arouteserver configuration summary information is available:

  • BIRD/Linux Configuration Summary
  • OpenBGPD/OpenBSD Configuration Summary

To help debug why routes may be getting filtered or accepted, use the SFMIX Route Browser, which is based on the Alice Looking Glass.

As much as possible, SFMIX Route Servers strive to implement the Euro-IX standardized Large BGP Communities for IXPs

Routing Security

The Route Servers will filter announcements from participant networks based on RPKI, IRR entries, as well as enforcing a maximum prefix count (from PeeringDB, falling back to a hard maximum)
RPKI Unknown routes are currently allowed through the route servers (as there are still many networks that do not or can not publish RPKI ROAs), but RPKI Invalid routes are filtered and not propagated.

As part of the regular generation of our Route Server configuration, SFMIX publishes an IRR as-set object with ARIN to facilitate participants building IRR-based filters for their SFMIX route server sessions.
The as-set name is called “AS-SFMIX-RS”

Connection Information

Service ASN IPv4 IPv6
Route Server #1
(BIRD v2/Linux)
63055 206.197.187.253 2001:504:30::ba06:3055:1
Route Server #2
(OpenBGPD / OpenBSD)
63055 206.197.187.254 2001:504:30::ba06:3055:2

BGP Communities for Propagation Control

The following BGP community values may be utilized for traffic engineering purposes, controlling how your prefixes are propagated to other participant networks

Standard Community String Large Community String Function
0:63055 63055:0:0 Do not announce to any peers (unless otherwise tagged)
63055:[Peer ASN] 63055:1:[Peer ASN] Announce to [Peer ASN] (Even if tagged with the previous community)
0:[Peer ASN] 63055:0:[Peer ASN] Do not announce to [Peer ASN]
65511:[Peer ASN] 63055:101:[Peer ASN] Prepend the announcing ASN to [Peer ASN] – Once (1)
65511:[Peer ASN] 63055:101:[Peer ASN] Prepend the announcing ASN to [Peer ASN] – Once (1)
65512:[Peer ASN] 63055:102:[Peer ASN] Prepend the announcing ASN to [Peer ASN] – Twice (2)
65513:[Peer ASN] 63055:103:[Peer ASN] Prepend the announcing ASN to [Peer ASN] – Thrice (3)
65501:63055 63055:101:0 Prepend the announcing ASN to all peers – Once (1)
65502:63055 63055:102:0 Prepend the announcing ASN to all peers – Twice (2)
65503:63055 63055:103:0 Prepend the announcing ASN to all peers – Thrice (3)
63055:65281 63055:65281:65281 Add the Well-Known NO_EXPORT Community to all peers
65281:[Peer ASN] 63055:65281:[Peer ASN] Add the Well-Known NO_EXPORT Community to [Peer ASN]
65282:[Peer ASN] 63055:65282:[Peer ASN] Add the Well-Known NO_ADVERTISE Community to [Peer ASN]

BGP Communities for Informational Metadata

These BGP communities are used as additional metadata about where routes were learned from, or attributes about the participant network.

More information on the colocation locations and site codes are available on our Locations page.

Large Community String Meaning
63055:1900:0 Participant Type: Infrastructure
63055:1900:1 Participant Type: Member
63055:1900:2 Participant Type: Exempt
63055:1984:0 Route learned at Location: sfo01 (365 Main)
63055:1984:1 Route learned at Location: sfo02 (200 Paul)
63055:1984:2 Route learned at Location: fmt01 (HE.net FMT2)
63055:1984:3 Route learned at Location: sjc01 (11 Great Oaks)
63055:1984:4 Route learned at Location: scl01 (QTS SJC1)
63055:1984:5 Route learned at Location: scl02 (CoreSite SV4)
63055:1984:6 Route learned at Location: scl04 (OpenColo)

BGP Communities to Explain Filtration

Rather than completely drop and discard filtered routes, they are instead tagged internally to the Route Server, and filtered out from being redistributed to other participant networks.
In this way, the routing information in the route server can be used to debug and diagnose why participant network routes are being filtered out or passed through.

Standard Community String Large Community String Meaning
64512:11 63055:64512:11 Prefix is included in client’s IRR AS-SET
64512:10 63055:64512:10 Prefix is NOT included in client’s IRR AS-SET
64512:21 63055:64512:21 Origin ASN isincluded in client’s IRR AS-SET
64512:20 63055:64512:20 Origin ASN is NOT included in client’s IRR AS-SET
64512:31 63055:64512:31 Prefix is matched by an RPKI ROA for the authorized origin ASN
64512:41 63055:64512:41 Prefix is authorized solely because of a client allow list entry
64512:51 63055:1000:1 RPKI Origin Validation: Valid
64512:52 63055:1000:2 RPKI Origin Validation: Unknown
64512:53 63055:1000:4 RPKI Origin Validation: Invalid
64512:50 63055:1000:3 RPKI Origin Validation not performed
65520:0 63055:65520:0 Generic rejection
65520:1 63055:65520:1 Invalid AS_PATH length
65520:2 63055:65520:2 Prefix is a bogon
65520:3 63055:65520:3 Prefix is in global block list
65520:4 63055:65520:4 Invalid Address Family Identifier (AFI)
65520:5 63055:65520:5 Invalid NEXT_HOP
65520:6 63055:65520:6 Invalid left-most ASN
65520:7 63055:65520:7 Invalid ASN in AS_PATH
65520:8 63055:65520:8 Transit-free ASN in AS_PATH
65520:9 63055:65520:9 Origin ASN not in IRRDB AS-SETs
65520:10 63055:65520:10 IPv6 Prefix is not in Global Unicast address space
65520:11 63055:65520:11 Prefix is in client blacklist
65520:12 63055:65520:12 Prefix is not in IRRDB AS-SETs
65520:13 63055:65520:13 Invalid Prefix Length
65520:14 63055:65520:14 RPKI Invalid
65520:15 63055:65520:15 An ASN in the AS_PATH is marked as “Never via Route Servers” in PeeringDB
65520:65535 63055:65520:65535 Unknown rejection reason

SFMIX

© 2025 Copyright San Francisco Metropolitan Internet Exchange