Route server filtering
Sanity check of incoming prefixes
Our route servers are performing prefix filtering for all member BGP sessions that are being established with our Route Servers:
- Filtering includes blocking RFC1918 ranges, bogons, martian prefixes, and default route.
- We are also filtering more specific prefixes of which prefix length is higher than "/24" for IPv4 and higher than "/48" for IPv6.
- Filter prefixes with no AS path or > 64 ASNs in AS path.
- Ensure peer AS is the same as the first AS in the prefix’s AS path.
- Preventing next-hop hijacking. This occurs when a participant advertises a prefix with a next hop IP other than their own.
- We are filtering known transit networks, using this guide https://bgpfilterguide.nlnog.net/guides/no_transit_leaks/
IRRDB filtering
We are ensuring that the origin AS is in the set of ASNs from member AS-SET.
RPKI:
- Valid is accepted.
- Invalid is dropped.
- Unknown being reverted to standard IRRDB prefix filtering.