Physical connection

SPEED-IX offers the following physical connection possibilities:

  • 1 / 10Gb SFP / SFP + (SR / LR / ER / ZR);
  • 100/1000/10000 Mb (10GBaseT) RJ45;
  • 40Gb QSFP + with SR4 / LR4;
  • 100Gb QSFP28 + with SR4 / LR4;

Ethertypes and MAC addresses allowed

Only one MAC address per port connected to SPEED-IX peering VLAN is allowed.
The expected Ethernet frame types are as follows:

  • 0x0800 – IPv4
  • 0x0806 – ARP
  • 0x86dd – IPv6

Allowed Traffic

The following protocols are allowed at the data link level:

  • ARP
  • IPv6 ND
  • Traffic must be restricted to unicast traffic with the exception of ARP broadcast packets and IPv6ND multicast packets

Members should not send any link-local and other unauthorized protocol traffic to the ports, such as the following:

  • Proxy ARP
  • ICMP redirects
  • IEEE 802 Spanning Tree
  • Proprietary protocols from different manufacturers, especially discovery:
  • Discovery protocols: CDP, EDP, MDP
  • VLAN / trunking protocols: VTP, DTP
  • Internal routing protocol broadcasts (e.g. OSPF, ISIS, IGRP, EIGRP)
  • BOOTP/DHCP
  • ICMPv6 ND-RA

Interface configurations:

We recommend the following interface configurations for routers based on CISCO configurations:

no ip redirects
no ip proxy-arp
no ip directed-broadcast
no mop enabled
no cdp enable
udld port disable
no keepalive

For IPv6:

no ipv6 redirects
ipv6 nd suppressor

Prefix filtering

SpeedIX route servers drop prefixes for the following reasons:

  1. PREFIX LENGTH TOO LONG – the prefix length is longer than /24 for IPv4 prefixes and /48 for IPv6 prefix
  2. BOGON – prefix is bogon (see IPv4 bogons lists / IPv6 bogons list below)
  3. AS PATH TOO LONG – as-path with more than 64 AS numbers
  4. AS PATH TOO SHORT – must have at least one AS number in the as-path
  5. FIRST AS NOT PEER AS – first AS number in the as-path must be peer AS number
  6. NEXT HOP NOT PEER IP – next-hop IP address must be one of the member’s peer IP addresses
  7. IRRDB PREFIX FILTERED – no IRR record for prefix found
  8. IRRDB ORIGIN AS FILTERED – origin AS number is not included in as-set
  9. TRANSIT FREE ASN – AS number of known transit network is present in the as-path (see list below)

IPv4 bogons list:

  • 0.0.0.0/32 – Special Use IPv4 Addresses
  • 0.0.0.0/0 ge 25 le 32 – Filter small prefixes
  • 0.0.0.0/0 ge 7 – Requirements for Internet Hosts — Communication Layers 3.2.1.3
  • 10.0.0.0/8 le 32 – Address Allocation for Private Internets
  • 100.64.0.0/10 le 32  – IANA-Reserved IPv4 Prefix for Shared Address Space
  • 127.0.0.0/8 le 32 – Requirements for Internet Hosts — Communication Layers 3.2.1.3
  • 169.254.0.0/16 le 32 – Dynamic Configuration of IPv4 Link-Local Addresses
  • 172.16.0.0/12 le 32 – Address Allocation for Private Internets
  • 192.0.0.0/24 le 32 – Special-Purpose Address Registries
  • 192.0.2.0/24 le 32 – IPv4 Address Blocks Reserved for Documentation
  • 192.168.0.0/16 le 32 – Address Allocation for Private Internets
  • 198.18.0.0/15 le 32 – Benchmarking Methodology for Network Interconnect Devices
  • 198.51.100.0/24 le 32 – IPv4 Address Blocks Reserved for Documentation
  • 203.0.113.0/24 le 32 – IPv4 Address Blocks Reserved for Documentation
  • 224.0.0.0/4 le 32 – Host Extensions for IP Multicasting
  • 240.0.0.0/4 le 32 – Special-Purpose Address Registries

IPv6 bogons list:

  • ::/0 – Default
  • ::/96 – IPv4-compatible IPv6 address – deprecated by RFC4291
  • ::/128 – Unspecified address
  • ::1/128 – Local host loopback address
  • ::ffff:0.0.0.0/96 le 128 – IPv4-mapped addresses
  • ::224.0.0.0/100 le 128 – Compatible address (IPv4 format)
  • ::127.0.0.0/104 le 128 – Compatible address (IPv4 format)
  • ::0.0.0.0/104 le 128 – Compatible address (IPv4 format)
  • ::255.0.0.0/104 le 128 – Compatible address (IPv4 format)
  • 0000::/8 le 128 – Pool used for unspecified, loopback and embedded IPv4 addresses
  • 0200::/7 le 128 – OSI NSAP-mapped prefix set (RFC4548) – deprecated by RFC4048
  • 3ffe::/16 le 128 – Former 6bone, now decommissioned
  • 2001:db8::/32 le 128 – Reserved by IANA for special purposes and documentation
  • 2002:e000::/20 le 128 – Invalid 6to4 packets (IPv4 multicast)
  • 2002:7f00::/24 le 128 – Invalid 6to4 packets (IPv4 loopback)
  • 2002:0000::/24 le 128 – Invalid 6to4 packets (IPv4 default)
  • 2002:ff00::/24 le 128 – Invalid 6to4 packets
  • 2002:0a00::/24 le 128 – Invalid 6to4 packets (IPv4 private 10.0.0.0/8 network)
  • 2002:ac10::/28 le 128 – Invalid 6to4 packets (IPv4 private 172.16.0.0/12 network)
  • 2002:c0a8::/32 le 128 – Invalid 6to4 packets (IPv4 private 192.168.0.0/16 network)
  • fc00::/7 le 128 – Unicast Unique Local Addresses (ULA) – RFC 4193
  • fe80::/10 le 128 – Link-local Unicast
  • fec0::/10 le 128 – Site-local Unicast – deprecated by RFC 3879 (replaced by ULA)
  • ff00::/8 le 128 – Multicast
  • ::/0 ge 49 le 128 – Filter small prefixes

Known transit networks:

  • AS174 – Cogent
  • AS209 – Qwest (HE carries this on IXPs IPv6 (Jul 12 2018))
  • AS701 – UUNET
  • AS702 – UUNET
  • AS1239 – Sprint
  • AS1299 – Telia
  • AS2914 – NTT Communications
  • AS3257 – GTT Backbone
  • AS3320 – Deutsche Telekom AG (DTAG)
  • AS3356 – Level3
  • AS3549 – Level3
  • AS3561 – Savvis / CenturyLink
  • AS4134 – Chinanet
  • AS5511 – Orange opentransit
  • AS6453 – Tata Communications
  • AS6762 – Seabone / Telecom Italia
  • AS7018 – AT&T

BGP peering connection

Addressing SPEED-IX

The IPv4 and IPv6 addressing space assigned to SPEED-IX should not be advertised outside the SPEED-IX infrastructure.

BGP SPEED-IX
ASn: 41441
IRR Record: AS-IX or AS-SPEED-IX

SPEED-IX RS1
IPv4: 185.1.222.255
IPv6: 2001:7F8:B7::A504:1441:1

SPEED-IX RS2
IPv4: 185.1.223.0
IPv6: 2001:7F8:B7::A504:1441:2

Note: you need to disable the first-as-check mechanism on your BGP router (most vendors have it enabled by default) as the route server does not insert its own AS number into the as-path attribute of prefix announcements (equivalent Cisco command “no bgp enforce-first-as“).

 

Below follows a sample configuration for Cisco routers to announce a prefix to the route servers:

!
router bgp your-asn
 bgp always-compare-med
 no bgp enforce-first-as
 bgp log-neighbor-changes
 neighbor SPEED-IX-RS peer-group
 neighbor SPEED-IX-RS remote-as 41441
 neighbor SPEED-IX-RS version 4
 neighbor SPEED-IX-RS transport connection-mode active

 neighbor SPEED-IX-RS-6 peer-group
 neighbor SPEED-IX-RS-6 remote-as 41441
 neighbor SPEED-IX-RS-6 version 4
 neighbor SPEED-IX-RS-6 transport connection-mode active

 neighbor 185.1.222.255 peer-group SPEED-IX-RS
 neighbor 185.1.222.255 description rs1.speed-ix.net
 neighbor 185.1.223.0 peer-group SPEED-IX-RS
 neighbor 185.1.223.0 description rs2.speed-ix.net
 neighbor 2001:7F8:B7::A504:1441:1 peer-group SPEED-IX-RS-6
 neighbor 2001:7F8:B7::A504:1441:1 description rs1.speed-ix.net
 neighbor 2001:7F8:B7::A504:1441:2 peer-group SPEED-IX-RS-6
 neighbor 2001:7F8:B7::A504:1441:2 description rs2.speed-ix.net
!
  address-family ipv4
  neighbor SPEED-IX-RS activate
  neighbor SPEED-IX-RS next-hop-self
  neighbor SPEED-IX-RS soft-reconfiguration inbound
  neighbor SPEED-IX-RS route-map TO-SPEED-IX-RS out
  no auto-summary
  no synchronization
  neighbor 185.1.222.255 peer-group SPEED-IX-RS
  neighbor 185.1.223.0 peer-group SPEED-IX-RS
  network 192.168.110.0 mask 255.255.255.0
  network 192.168.111.0 mask 255.255.255.0
  network 192.168.112.0 mask 255.255.255.0
 exit-address-family
!
  address-family ipv6
  neighbor SPEED-IX-RS-6 activate
  neighbor SPEED-IX-RS-6 next-hop-self
  neighbor SPEED-IX-RS-6 soft-reconfiguration inbound
  neighbor SPEED-IX-RS-6 route-map TO-SPEED-IX-RS out
  neighbor 2001:7F8:B7::A504:1441:1 peer-group SPEED-IX-RS-6
  neighbor 2001:7F8:B7::A504:1441:2 peer-group SPEED-IX-RS-6

  network 2001:DB8:10::/64
  network 2001:DB8:11::/64
  network 2001:DB8:12::/64
 exit-address-family
!
ip prefix-list TO-SPEED-IX-RS seq 10 permit 192.168.110.0/24
ip prefix-list TO-SPEED-IX-RS seq 20 permit 192.168.111.0/24
ip prefix-list TO-SPEED-IX-RS seq 30 permit 192.168.112.0/24
!
ipv6 prefix-list TO-SPEED-IX-RS seq 10 permit 2001:DB8:10::/64
ipv6 prefix-list TO-SPEED-IX-RS seq 20 permit 2001:DB8:11::/64
ipv6 prefix-list TO-SPEED-IX-RS seq 30 permit 2001:DB8:12::/64
!
route-map TO-SPEED-IX-RS permit 10
 match ip address prefix-list TO-SPEED-IX-RS
!
end

Below is a similar example for Juniper routers:

[edit]
user@junix# show protocols bgp
group IPV4-SPEED-IX-RS {
  type external;
  description "SPEED-IX Route Servers";
  family inet {
     unicast;
  }
  export TO-SPEED-IX-RS;
  peer-as 41441;
  neighbor 185.1.222.255 {
     description rs1.speed-ix.net;
  }
  neighbor 185.1.223.0 {
     description rs2.speed-ix.net;
  }
}

[edit]
user@junix# show policy-options policy-statement TO-SPEED-IX-RS
term unicast-export {
  from {
     rib inet.0;
     prefix-list to-speed-ix-announce;
  }
  then accept;
}
term end {
  then reject;
}

[edit]
user@junix# show policy-options prefix-list to-dpeed-ix-announce
192.168.110.0/24;

Below is a similar example for Huawei routers:

bgp your-asn
 undo check-first-as
 group SPEED-IX-RS external
 peer SPEED-IX-RS as-number 41441
 peer SPEED-IX-RS description *** SPEED-IX Route Servers ***
 peer 185.1.222.255 as-number 41441
 peer 185.1.222.255 group SPEED-IX-RS
 peer 185.1.223.0 as-number 41441
 peer 185.1.223.0 group SPEED-IX-RS
 peer 2001:7F8:B7::A504:1441:1 as-number 41441
 peer 2001:7F8:B7::A504:1441:1 group SPEED-IX-RS
 peer 2001:7F8:B7::A504:1441:2 as-number 41441
 peer 2001:7F8:B7::A504:1441:2 group SPEED-IX-RS
 #
 ipv4-family unicast
  network 192.168.110.0 255.255.255.0   
  network 192.168.111.0 255.255.255.0   
  network 192.168.112.0 255.255.255.0
  peer SPEED-IX-RS enable
  peer SPEED-IX-RS route-policy EBGP_SPEED-IX_OUT export
  peer SPEED-IX-RS advertise-community both
  peer SPEED-IX-RS advertise-ext-community both
  peer 185.1.222.255 enable
  peer 185.1.222.255 group SPEED-IX-RS
  peer 185.1.223.0 enable
  peer 185.1.223.0 group SPEED-IX-RS
 #
 ipv6-family unicast 
  network 2001:DB8:10:: 64   
  network 2001:DB8:11:: 64
  network 2001:DB8:12:: 64
  peer SPEED-IX-RS enable
  peer SPEED-IX-RS route-policy 6EBGP_SPEED-IX_OUT export
  peer SPEED-IX-RS advertise-community both
  peer SPEED-IX-RS advertise-ext-community both
  peer 2001:7F8:B7::A504:1441:1 enable
  peer 2001:7F8:B7::A504:1441:1 group SPEED-IX-RS
  peer 2001:7F8:B7::A504:1441:2 enable
  peer 2001:7F8:B7::A504:1441:2 group SPEED-IX-RS
#
route-policy EBGP_SPEED-IX_OUT permit node 10
 if-match ip-prefix TO-SPEED-IX-RS
#
route-policy 6EBGP_SPEED-IX_OUT permit node 10
 if-match ipv6 address prefix-list 6TO-SPEED-IX-RS
# 
ip prefix-list TO-SPEED-IX-RS index 10 permit 192.168.110.0 24
ip prefix-list TO-SPEED-IX-RS index 20 permit 192.168.111.0 24
ip prefix-list TO-SPEED-IX-RS index 30 permit 192.168.112.0 24
#
ip ipv6-prefix 6TO-SPEED-IX-RS index 10 permit 2001:DB8:10:: 64
ip ipv6-prefix 6TO-SPEED-IX-RS index 20 permit 2001:DB8:11:: 64
ip ipv6-prefix 6TO-SPEED-IX-RS index 30 permit 2001:DB8:12:: 64
#
commit