[ixpmanager] Allow a peer with the same AS number as the route-servers

Barry O'Donovan (INEX) barry.odonovan at inex.ie
Sat Apr 5 10:19:03 IST 2025 


Hi Vladislav,

>I plan so experiment with allowing some kind of "Remote IX" service 
>(basically a Bird router with legs on both IXP vlans and some community 
>rules) and seems i will run into the same issue that i need to have a 
>separate ASN from the ASN i already have allocated/sponsored for IXP.mk 
>route server…


I’m not sure I understand the question and topology here to be honest 
Vladislav - perhaps more details would help?



What I can say generally is that the IXP community as a whole has put 
many years of effort into defining route servers, designing secure route 
server configurations, and building up such trust amongst our members 
that many prefer to use route servers over bilateral sessions for 
general peering because of the security and stability they provide.



Doing other things with your route servers and ASNs will run contrary to 
that work and established best current practices and possibly reflect 
badly on any IXP that strays from those expectations.  I.e. This isn’t 
about being IXP Manager compatible - IXP Manager looks to teach and 
implement already established best practices.



For me, there are some hard rules which include:




The route server ASN should be used only for the route server and 
nothing else.
Route servers should never route traffic.

I'm not sure if that helps answer the question.

   - Barry



>
>Do I comprehend the RFC and your explanation correctly or I'm starting 
>to get "old and sloppy" ...
>While here any good ideas on how to approach this and make it 
>"ixpmanager compatible" ???
>
>
>Thanks from everyone in advance for ideas and help...
>
>
>--
>V.B
>FCC
>
>
>--------------------------------------------------------------------------------
>From: ixpmanager <ixpmanager-bounces at inex.ie> on behalf of Barry 
>O'Donovan (INEX) via ixpmanager <ixpmanager at inex.ie>
>Sent: Saturday, April 5, 2025 9:53 AM
>To: INEX IXP Manager Users Mailing List <ixpmanager at inex.ie>; INEX IXP 
>Manager Mailing List <ixpmanager at inex.ie>
>Cc: Barry O'Donovan (INEX) <barry.odonovan at inex.ie>
>Subject: Re: [ixpmanager] Allow a peer with the same AS number as the 
>route-servers
>
>
>
>Hi Tom,
>
>An ASN, among other things, defines a specific routing policy, and in 
>the case of route servers, that’s multilateral peering as defined by 
>rfc7947.
>
>The route server configuration explicitly prevents the same peer ASN 
>peering with them. This is very much on purpose.
>
>In your case, there’d be the additional issue of your routes 
>potentially having no ASN or, inexplicitly and unexpectedly, having the 
>route server ASN suddenly appear on your members' routing tables. 
>Remember - route server ASNs are transparent.
>
>When I last looked, ASNs from LACNIC had a once-off allocation fee. The 
>best thing to do here is to register a new ASN for the IXP’s own 
>management systems. This is what most IXPs do, including INEX.
>
>  - Barry
>
>
>
>------ Original Message ------
>From "Tom Lima via ixpmanager" <ixpmanager at inex.ie>
>To ixpmanager at inex.ie
>Cc "Tom Lima" <tom at infnoc.net>
>Date 05/04/2025 06:41:35
>Subject [ixpmanager] Allow a peer with the same AS number as the 
>route-servers
>
>>Hello everyone,
>>
>>
>>
>>I would like to know how I can modify/add so I can allow a peer with 
>>the same ASN as the route server ASNs.
>>
>>
>>
>>Reason is our IXP doesn't have separate ASNs for management and 
>>Route-Servers, and I need to announce the ASN other prefixes that 
>>provides a few tools to the users (Looking Glass, Graphs, etc).
>>
>>
>>
>>We do have a /23 prefix, which a /24 is allocated to the IXP Exchange 
>>VLAN, and the other /24 is for management purposes. We do need to 
>>announce that /24 management address using the same ASN that run the 
>>route-server service.
>>
>>
>>
>>I tried adding a Internal User and Peer with the AS, but 
>>IXPManager/Bird doesn't create the BGP sessions for that peer.
>>
>>
>>
>>Let me know what I need to edit to allow this behavior.
>>
>>
>>
>>Best regards
>>
>>--
>>
>>
>>
>>Tom Lima
>>Network Engineeer Consultant
>>
>>tom at infnoc.net
>>WhatsApp: +55 (41) 2018-2165
>>
>><https://www.facebook.com/Infnoc.net>
>><https://www.linkedin.com/company/infnoc/>
>><https://www.instagram.com/infnoc/>
>>
>>www.infnoc.net <https://www.infnoc.net>
>>--------------------------------------------------------------------------------
>>Essa mensagem pode conter conteúdo confidencial, não copie ou divulgue 
>>o conteúdo.
>>
>>Este mensaje puede contener contenido confidencial, no copie ni 
>>divulgue el contenido.
>>
>>This message may contain confidential content, do not copy or disclose 
>>the content.
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.inex.ie/pipermail/ixpmanager/attachments/20250405/5d96573d/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: infnoc.png
Type: image/png
Size: 106075 bytes
Desc: infnoc.png
URL: <https://www.inex.ie/pipermail/ixpmanager/attachments/20250405/5d96573d/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fb.png
Type: image/png
Size: 334 bytes
Desc: fb.png
URL: <https://www.inex.ie/pipermail/ixpmanager/attachments/20250405/5d96573d/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ln.png
Type: image/png
Size: 282 bytes
Desc: ln.png
URL: <https://www.inex.ie/pipermail/ixpmanager/attachments/20250405/5d96573d/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: it.png
Type: image/png
Size: 448 bytes
Desc: it.png
URL: <https://www.inex.ie/pipermail/ixpmanager/attachments/20250405/5d96573d/attachment-0007.png>

More information about the ixpmanager mailing list