Peering Policy & Communities
Route Server Policy
NELL-IX operates transparent route servers with RPKI validation and IRR filtering at each location.
BGP Communities
Use BGP communities to control route announcements and implement selective peering policies.
| Community | Action | Description |
|---|---|---|
| 11859:0:PEER-AS | Do Not Announce | Prevent announcement to specific peer |
| 11859:1:PEER-AS | Announce Only | Announce to specific peer only |
| 11859:100:Y | Prepend | Prepend Y times (1-3) to all peers |
| 11859:101:PEER-AS | Prepend Once | Prepend once to specific peer |
| 11859:102:PEER-AS | Prepend Twice | Prepend twice to specific peer |
| 11859:103:PEER-AS | Prepend 3x | Prepend three times to specific peer |
| 11859:666 | Blackhole | Remotely triggered blackhole (RTBH) |
Informational Communities
The route servers will tag routes with informational communities to help you understand route origins:
| Community | Meaning |
|---|---|
| 11859:1000 | Learned from route server client |
| 11859:1100 | RPKI Valid |
| 11859:1101 | RPKI Unknown |
| 11859:1102 | RPKI Invalid (filtered) |
Route Server Policies
RPKI Validation
- RPKI Invalid routes are rejected
- Valid and Unknown routes accepted
- Validation status tagged with communities
IRR Filtering
- Prefixes validated against IRR databases
- Supports RIPE, RADB, ARIN, APNIC
- Keep your AS-SET updated
Prefix Filtering
- Bogons and martians filtered
- Default routes rejected
- Too-specific prefixes filtered (IPv4 >/24, IPv6 >/48)
AS Path Validation
- AS path preserved (transparent RS)
- Maximum path length: 64 hops
- Private ASNs stripped
Configuration Examples
Cisco IOS / IOS-XE
! Configure route server session
router bgp YOUR-ASN
neighbor RS-IPv4 remote-as 11859
neighbor RS-IPv4 description NELL-IX Route Server
!
address-family ipv4
neighbor RS-IPv4 activate
neighbor RS-IPv4 route-map TO-RS out
neighbor RS-IPv4 prefix-list YOUR-PREFIXES out
neighbor RS-IPv4 maximum-prefix 100
exit-address-family
!
! Example: Don't announce to AS64496
route-map TO-RS permit 10
match ip address prefix-list DONT-ANNOUNCE-TO-64496
set community 11859:0:64496
!
route-map TO-RS permit 20
match ip address prefix-list YOUR-PREFIXESJuniper JunOS
protocols {
bgp {
group RS-IPV4 {
type external;
peer-as 11859;
neighbor RS-IPv4-ADDRESS {
description "NELL-IX Route Server";
import RS-IN;
export RS-OUT;
family inet {
unicast {
prefix-limit {
maximum 100;
}
}
}
}
}
}
}
policy-options {
policy-statement RS-OUT {
term dont-announce-to-64496 {
from {
route-filter YOUR-PREFIX/24 exact;
}
then {
community add no-export-64496;
accept;
}
}
term announce-prefixes {
from {
protocol static;
protocol direct;
}
then accept;
}
term reject-all {
then reject;
}
}
community no-export-64496 members 11859:0:64496;
}Arista EOS
router bgp YOUR-ASN
neighbor RS-IPv4 remote-as 11859
neighbor RS-IPv4 description NELL-IX Route Server
neighbor RS-IPv4 maximum-routes 100
!
address-family ipv4
neighbor RS-IPv4 activate
neighbor RS-IPv4 route-map TO-RS out
!
route-map TO-RS permit 10
match ip address prefix-list YOUR-PREFIXES
!
ip prefix-list YOUR-PREFIXES
seq 10 permit YOUR-PREFIX/24BIRD 2.x
protocol bgp RS_IPV4 {
description "NELL-IX Route Server IPv4";
local as YOUR_ASN;
neighbor RS-IPv4-ADDRESS as 11859;
ipv4 {
import filter {
accept;
};
export filter {
if net ~ YOUR_PREFIXES then {
# Example: Don't announce to AS64496
if net = YOUR_SPECIFIC_PREFIX then {
bgp_community.add((11859,0,64496));
}
accept;
}
reject;
};
};
}FRRouting (FRR)
router bgp YOUR-ASN
neighbor RS-IPv4 remote-as 11859
neighbor RS-IPv4 description NELL-IX Route Server
!
address-family ipv4 unicast
neighbor RS-IPv4 activate
neighbor RS-IPv4 route-map TO-RS out
neighbor RS-IPv4 prefix-list YOUR-PREFIXES out
neighbor RS-IPv4 maximum-prefix 100
exit-address-family
!
route-map TO-RS permit 10
match ip address prefix-list YOUR-PREFIXES
!
ip prefix-list YOUR-PREFIXES seq 5 permit YOUR-PREFIX/24Need Help?
Our NOC team can assist with route server configuration and troubleshooting.