BGP Cookbook for Connecting to HFXIX
- Public Autonomous System Number (ASN) as issued by ARIN. See the application form at https://www.arin.net/resources/request/asn.html
- Edge router capable of running BGP4+. The memory requirements for peering with HFXIX are modest since there are only a few routes. However peering with an ISP may require handling over 500,000 routes and can be a memory hog if you do not use default routing. If you need more info, please ask.
This router configuration is for Cisco. It can be adapted for JunOS, Quagga, BIRD, and others. Fields that are in red italics are ones that must be customized for each client.
Configure your router port. The actual IP addresses will be assigned to you by HFXIX. The lines that start “ipv6 nd” are there to make sure the router port does not advertise itself to IXP peers with IPv6 autoconfig router advertisements. Different router models may use slightly different syntax (e.g. “ipv6 nd prefix default no-advertise” and “ipv6 nd ra suppress”).
Define a filter list called “My_IPv4_routes_out” (or whatever you want to call it) for locally sourced IPv4 routes, and do the same for IPv6. This is a useful filter for all your BGP peers since it prevents accidentally advertising one to the other and making you a transit between them.
Start the BGP configuration by identifying your own ASN. Both 16 bit and 32 bit ASNs are usable. An IXP such as HFXIX will not add its own ASN to BGP announcements, so the second line is required for the IXP announcements to be accepted.
Define the neighbors and set a password. The IP numbers in this example are the correct ones to use, but the password has to be coordinated with HFXIX technical staff.
Same thing for IPv6.
Still working under the “router bgp” clause, activate the IPv4 protocol and apply the prefix filter. The route map “HFXIX_community_out” and the filter-list “55” are also used to control route distribution (see “Filter ISP Routes” below).
Your upstream ISP might be peering at HFXIX. If so they will have their own policy about exchanging traffic with you via HFXIX. You can control whether you exchange BGP routes with them with the statements in green italics in this and the following sections.
…and activate the IPv6 sessions
Filter ISP Routes
Configurations from here down are optional depending on your arrangements with your upstream ISP.
You may not want to peer with your ISP via this connection, and your ISP may not want you to either. HFXIX can provide other mechanisms to easily set up an ISP peer, but for the sake of this configuration we may want to filter them out. Statements in green italics in this and the previous sections will do the filtering.
Add a community string to your advertisements to prevent them from being sent to your ISP. For the sake of this example we have assumed you have two ISPs with AS numbers 999 and 12345. This community string says “do not advertise me to ASN 999 or ASN 12345, but do advertise me to everyone else”. See http://hfxix.ca/tech-notes/
You may also want to filter out incoming routes from your ISP via HFXIX if there are any (the ISP is likely already doing some filtering). In that case you should filter all incoming routes that have your ISP’s ASN as the first entry. We do that by defining an as-path access list that matches your ISP’s ASN as the first entry using a regular expression (regexp). The regexp in the example below says “filter out any AS path that starts with ASN 999 (note: not 9990 or 99923 etc.) or ASN 12345 and may include zero or more ASNs after that, but allow all others”.
For information on regular expressions, especially as they apply to BGP strings, see http://www.cisco.com/c/en/us/td/docs/ios/12_2/termserv/configuration/guide/ftersv_c/tcfaapre.html