Route Server Description

Route Server Operation and Community Usage

🧰 Prefix Filter Updates

Automatically and continuously according to the following schedule:

  • Every 15 minutes — data is retrieved from IRR databases;
  • Every 4 hours — each Route Server is updated;
  • 2-hour offset between servers — RS0 is updated first, and the same data is pushed to RS1 two hours later.
Route Servers' addresses:
  • RS0: 193.25.180.255/23, 2001:7F8:63::FF/64;
  • RS1: 193.25.181.0/23, 2001:7F8:63::FFFF/64

ASN: AS31210

AS-SET for filter generation:

  • IPv4: AS-DTEL-IX
  • IPv6: AS-DTEL-IX-V6
📊 BGP Communities
Description Basic
RFC 1997		 Extended
RFC 4360		 Large
RFC 8092
Do not re-announce to any peer (highest priority) 0:31210 rt:0:31210 large:31210:0:31210
Do not re-announce to a peer with a 16-bit ASN 0:X rt:0:X large:31210:0:X
Do not re-announce to a peer with a 32-bit ASN rt:0:X large:31210:0:X
Re-announce only to a peer with a 16-bit ASN 31210:X rt:31210:X large:31210:31210:X
Re-announce only to a peer with a 32-bit ASN rt:31210:X large:31210:31210:X
Announce to all peers (default, lowest priority) 31210:31210 rt:31210:31210 large:31210:31210:31210
Prepend your own ASN to the AS-path X times towards ASN Y.
1 <= X <= 3		 large:31210:6500X:Y
Prepend your own ASN to the AS-path X times towards all peers.
1 <= X <= 3		 large:31210:6500X:31210
Blackhole for IPv4 /32 or IPv6 /64 prefix 65535:666

Simple Remote Triggered Firewall

The Simple RTBH mechanism allows a participant to drop all traffic towards a specific host within their network at the DTEL-IX edge.
Only /32 (IPv4) or /56 and more specific (IPv6) routes are accepted.

To activate blackholing, both of the following communities must be set:

  • 65535:666 — standard BLACKHOLE community according to RFC 7999
  • 31210:X or target:31210:X, where X is the ASN of the peer whose traffic should be dropped
If X = 31210, traffic will be blackholed from all peers.
Note: RTBH works only if both communities are applied at the same time: 65535:666 and 31210:31210.

Advanced Remote Triggered Firewall

The Advanced RTBH feature allows not only dropping traffic but also redirecting it to the DTEL-IX Firewall, specifying which type of traffic should be filtered or rate-limited.

It uses the same base community structure as Simple RTBH, with an additional extended community that defines the traffic type:

Traffic Type Drop Community Shape Community
All UDP traffic target:31210:1017000000 target:31210:1117000000
UDP, Src Port 53 (DNS) target:31210:1017000005 target:31210:1117000005
UDP, Src Port 123 (NTP) target:31210:1017000010 target:31210:1117000010
UDP, Src Port 389 (LDAP) target:31210:1017000050 target:31210:1117000050
UDP, Src Port 1900 (SSDP) target:31210:1017000100 target:31210:1117000100

Drop Community — drops all packets matching the specified rule.

Shape Community — rate-limits matching traffic to 5 Mbps.

Informational Communities

Route received from a peer with a 16-bit ASN 31210:X ro:31210:X large:31210:31210:X
Route received from a peer with a 32-bit ASN ro:31210:X large:31210:31210:X
Prefix Geotag (X – continent code, Y – ISO 3166-1 country code)
  • 1 – Africa
  • 2 – Oceania
  • 3 – Asia / Pacific
  • 4 – Antarctica
  • 5 – Europe
  • 6 – Latin and South America
  • 7 – North America
  • 8 – Anonymous proxies
  • 9 – Satellite providers
  • 0 – Unknown region
 6500X:10YYY
Route Server Operating Features
  • Does not announce default routes, private networks, or private ASNs;
  • Shares the full routing table with all connected clients and allows flexible policy control using specific BGP attributes (see details below);
  • When receiving routes from a client, the Route Server sets the next-hop to the original router that announced them and redistributes those routes to other participants as-is.

Therefore, only routing information is exchanged via the Route Server, while the actual traffic flows directly between participants.

The most up-to-date description is always available via whois

Detailed information about DTEL-IX members that exchange routing information via the Route Server can be obtained from the RIPE database by querying the description of AS31210 (RS):

whois -h whois.ripe.net as31210

Prefix Filtering Rules

When building inbound prefix filters, the whois.radb.net database is queried, and the Route Server applies filtering to received announcements based on the following principles:

  • Announcements of private networks are not accepted;
  • Announcements from private ASNs are not accepted;
  • Default route announcements are not accepted;
  • Announcements from AS XXX are accepted only if the origin value belongs to an allowed AS range;
  • Announcements from AS XXX are accepted only if the originating ASes are explicitly listed in the routing policy of AS XXX as being exported to AS31210.

Basic Route Servers' functionality
  • Prefix-list generation based on connected autonomous systems and IRR filtering;
  • Support for both IPv4 and IPv6;
  • RPKI support;
  • BFD support;
  • Blacklist for ASNs and prefixes;
  • Prefix-to-geo mapping support;
  • Simple Remote Triggered Blackhole (RTBH) for DDoS mitigation;
  • Advanced Remote Triggered Blackhole with redirection to the DTEL-IX firewall for more granular DDoS filtering;
  • Flowspec support with redirection to the DTEL-IX firewall.
Full List of Standards Supported by the Route Servers
  • RFC 1997 – BGP Communities Attribute
  • RFC 4360 – BGP Extended Communities
  • RFC 4384 – BGP Communities for BGP-Mapping
  • RFC 4893 / RFC 6793 – 32-bit ASNs
  • RFC 7947 – Internet Exchange Route Servers
  • RFC 7999 – BLACKHOLE community
  • RFC 8092 – BGP Large Communities
  • draft-hilliard-ix-bgp-route-server-operations