MIX uses BIRD (Bird Internet Routing Deamon) running on Ubuntu LTS 18.04 for its route servers. BIRD is wisely used at the internet exchange for route server clusters and has been found to be reliable in production.
To use the service, you will need to configure a BGP peering session to below Internet address:
|Route Server 1||Route Server 2|
|IPv4 Address||IPv6 Address||IPv4 Address||IPv6 Address|
|LAN 1 (Production)||220.127.116.11||2001:deb:4000::1||18.104.22.168||2001:deb:4000::2|
|LAN 2 (Testing)||22.214.171.124||2001:deb:4000::1||126.96.36.199||2001:deb:4000::2|
Below are the sample Cisco IOS router configuration to peer with our router servers:
router bgp (your AS) bgp deterministic-med bgp log-neighbor-changes no bgp enforce-first-as no bgp default ipv4-unicast neighbor MIX-RS-v4 peer-group neighbor MIX-RS-v4 remote-as 37971 neighbor MIX-RS-v4 description MIX-RS-IPv4 neighbor MIX-RS-v6 peer-group neighbor MIX-RS-v6 remote-as 37971 neighbor MIX-RS-v6 description MIX-RS-IPv6 neighbor 188.8.131.52 remote-as 37971 neighbor 184.108.40.206 peer-group MIX-RS-v4 neighbor 220.127.116.11 description RS1 neighbor 18.104.22.168 remote-as 37971 neighbor 22.214.171.124 peer-group MIX-RS-v4 neighbor 126.96.36.199 description RS2 neighbor 2002:deb:4000::1 remote-as 37971 neighbor 2002:deb:4000::1 peer-group MIX-RS-v6 neighbor 2002:deb:4000::1 description RS1 neighbor 2002:deb:4000::2 remote-as 37971 neighbor 2002:deb:4000::2 peer-group MIX-RS-v6 neighbor 2002:deb:4000::2 description RS2 ! address-family ipv4 neighbor 188.8.131.52 activate neighbor 184.108.40.206 activate neighbor MIX-RS-v4 send-community both neighbor MIX-RS-v4 next-hop-self neighbor MIX-RS-v4 remove-private-as neighbor MIX-RS-v4 maximum-prefix 10000 exit-address-family ! address-family ipv6 neighbor 2002:deb:4000::1 activate neighbor 2002:deb:4000::2 activate neighbor MIX-RS-v6 send-community both neighbor MIX-RS-v6 next-hop-self neighbor MIX-RS-v6 remove-private-as neighbor MIX-RS-v6 maximum-prefix 1000 exit-address-family !
You can find MIX’s looking glass for all route server instances here.
MIX’s Route Server filtering policy is defined in the source code for IXP Manager on github. This is a summary of what it does.
- Drop small prefixes – longer than /24 for ipv4 and longer than /48 for ipv6.
- Drop all well-known martians and bogons.
- Ensure that there is at least 1 ASN and less than 64 ASNs in the AS path.
- Ensure that the peer AS is the same as the first AS in the AS path.
- Drop any prefix where the next-hop IP address is not the same as the peer IP address. This prevents prefix hijacking.
- Drop any prefix with a transit network ASN in the AS path.
- Ensure that origin AS is in set of ASNs from the client’s IRRDB AS-SET.
- If the prefix is evaluated as RPKI valid, accept.
- If the prefix is evaluated as RPKI invalid, drop.
- If the prefix is evaluated as RPKI unknown, revert to standard IRRDB prefix filtering.
RFC 1997 Pass-Through
RFC1997 defines some well-known communities including NO_EXPORT. MIX’s route servers do not interpret these well-known communities but passes them through.