Route Servers at LINX
At Internet Exchanges (IXPs) like LINX, every member is provided with a direct Layer2 connection to all other members at the exchange. Across this Layer2 network, members will establish BGP peering sessions between each other, allowing them to exchange IP prefixes and subsequently allow traffic to be routed between them across their chosen LINX peering LAN. This is done by setting up bilateral peering session, which means that once members agree to peer, they configure their routers by establishing a BGP session between them. At large IXPs, (LINX has over 900 member ASNs available for peering) setting up these individual BGP sessions, and the required operational overhead can be a challenging and time-consuming task. The large number of BGP sessions can also lead to performance issues, especially in the case of members with lower bandwidth requirements, and as such often less powerful routers.
LINX maintains route servers at each of the Peering LANs allowing members to establish multilateral peering with other participants.
The Route Servers use both Quagga and BIRD distrubutions with the Gentoo Linux distribution.
The Solution - Multilateral Peering
To enable multilateral peering sessions, LINX provides route servers on each of each Peering LANs. Members who want to use the router server, only have to establish a single BGP session, (AS 8714). This will provide them direct access to the prefixes of any other member using this route server. Particularly for new members, the ease with which they can access many peers allows them to quickly see a return on their investment for joining the Internet Exchange. It also reduces the network management overhead again bringing value to the member. Members also use them for redundancy purposes.
Over 80% of LINX members peer on the route servers for this reason.
Best Practise & Prefix Validation
There are a few instances, which might prevent some members from using a route server. They may have an open peering policy but they like the ability to shut down a peering session if they develop an issue with a certain peer. Although it is easily possible to achieve this also on route servers, the complexity is higher compared to a simple shutdown of a direct peering session. When peering, members should follow best practice rules but this can be a complicated, time-consuming process and sometimes errors creep in. Incorrect routing information can cause connectivity problems, the most common of which is the advertising of invalid prefixes or leaking a full or partial routing table. With direct, bilateral sessions, it is easy to build prefix filters to prevent issues from propagating into the network. However, because of the volume of peers available at the route server, this becomes much harder for the individual member to manage.
LINX 107 Project
Ondrej Filip of Czech IXP, NIX.CZ, gave a short update on the BIRD route server project at LINX 107 in November 2019.
What is RPKI?
Resource Public Key Infrastructure (RPKI) is a framework designed to secure the Internet’s routing infrastructure. It is defined in RFC6480.
RPKI uses a cryptographic method of signing records that associate a BGP route announcements with the correct originating AS number.