For peers, we use AS-SET based filtering. We do lookup for AS-SET at PeeringDB, unless another AS-SET is specified explicitly by the peer.

• We generate allowed prefix list, based on IRR (AS-SET). This list is updated every 3 hours.
• We generate allowed AS list, based on IRR (AS-SET). This list is also updated every 3 hours.
• We query PeeringDB API for Prefix limits and generate list for each peering ASN. Update interval is every 3 hours.

For every route received from a peer, we perform the following rejection checks:

• We reject bogon routes (RFC1918, documentation prefix, etc)
• We reject too long AS Paths (more than 50 ASN)
• We reject prefixes that have length outside of the allowed range. For IPv4 allowed range is 8 and 24. For IPv6 this is 16 and 48.
• We reject routes with INVALID RPKI status
• We reject routes with AS Path that is not in the allowed AS list
• We reject routes that are not in the allowed prefix list

All routes that pass the checks are accepted and advertised to our customers, other peers and upstreams. We add the following communities to accepted routes:

• (11967,30) - Peer route
• (11967,30, PEER_ASN) - Route from Peer with AS PEER_ASN
• (11967,GEO_REGION) - Route from Geo Region
• (11967,GEO_REGION,POP_ID) - Route from PoP
• (11967,179,ORIGINATING_ROUTER) - Route from Originating Router

 

For private peers, we intend to use AS-SET based filtering, but we are flexible and ready to negotiate filtering rules with the peer.

In any case, for every route received from a peer, we perform the following rejection checks:

• We reject bogon routes (RFC1918, documentation prefix, etc)
• We reject too long AS Paths (more than 50 ASN)
• We reject prefixes that have length outside of the allowed range. For IPv4 allowed range is 8 and 24. For IPv6 this is 16 and 48.
• We reject routes with INVALID RPKI status
• We reject routes with AS Path that is not in the allowed AS list
• We reject routes that are not in the allowed prefix list