CXC operates so-called route server systems according to RFC7947 to facilitate the exchange of BGP announcements between peers atCXC. Each peer needs only to set up a BGP connection to the route server in order to receive the BGP announcements of all other peers having a BGP connection with the route server.
CXC operates a minimum one route server at each of its clusters, other locations may have more than one route server for redundancy.
| Route Server | IPv4 Address | IPv6 Address |
|---|---|---|
| ASN | 133339 | 133339 |
| RS#1 Denpasar | 103.225.171.45 | 2400:9c80:0:171::171 |
| RS#2 Denpasar | 103.225.171.71 | 2400:9c80:0:171::71 |
| RS#1 Jakarta | 103.225.173.1 | 2400:9c80:0:173:0:1333:39:1 |
| RS#2 Jakarta | 103.225.173.129 | 2400:9c80:0:173:0:1333:39:2 |
Forwarding
CXC route servers are not in the forwarding path, and have IPv4 & IPv6 forward explicitly disabled.
CXC utilizes unique IPv4 and IPv6 addresses for the peering LAN:
| Prefix | Desciption |
|---|---|
| 103.225.171.0/24 | Peering LAN IPv4 Denpasar |
| 2400:9c80:0:171::/64 | Peering LAN IPv6 Denpasar |
| 103.225.173.0/24 | Peering LAN IPv4 Jakarta |
| 2400:9c80:0:173::/64 | Peering LAN IPv6 Jakarta |
CXC utilizes AS133339 for all multilateral BGP adjacencies. AS133339 Should never appear in the AS_PATH of routes received from the route servers.
CXC leverages BGP Communities to provide participants with the ability to control how their routes are announced to other multilateral participants.
The following communities will be appended to any route received on aCXC route server, and may be used for granular route filtering or other informational purposes:
| Description | Standart Communities | Extended Communities | Large Communities |
|---|---|---|---|
| Route Denpasar Cluster | 65100:0 | rt:65100:0 | 65100:0:0 |
| Route Jakarta Cluster | 65200:0 | rt:65200:0 | 65200:0:0 |
Standart Communities
| Community | Action |
|---|---|
| 65001:0 | Prepend advertising ASN 1 times to all participants |
| 65002:0 | Prepend advertising ASN 2 times to all participants |
| 65003:0 | Prepend advertising ASN 3 times to all participants |
| 65001:$PEER-AS | Prepend advertising ASN 1 times to participant with ASN $PEER-AS |
| 65002:$PEER-AS | Prepend advertising ASN 2 times to participant with ASN $PEER-AS |
| 65003:$PEER-AS | Prepend advertising ASN 3 times to participant with ASN $PEER-AS |
| 0:64999 | Don't export to all participant |
| 0:$PEER-AS | Don't export to participant with ASN $PEER-AS |
| 65515:$PEER-AS | Only export to participant with ASN $PEER-AS (this only work with 0:64999) |
Extended Communities
| Extended Community | Action |
|---|---|
| rt:65001:0 | Prepend advertising ASN 1 times to all participants |
| rt:65002:0 | Prepend advertising ASN 2 times to all participants |
| rt:65003:0 | Prepend advertising ASN 3 times to all participants |
| rt:65001:$PEER-AS | Prepend advertising ASN 1 times to participant with ASN $PEER-AS |
| rt:65002:$PEER-AS | Prepend advertising ASN 2 times to participant with ASN $PEER-AS |
| rt:65003:$PEER-AS | Prepend advertising ASN 3 times to participant with ASN $PEER-AS |
| rt:0:64999 | Don't export to all participant |
| rt:0:$PEER-AS | Don't export to participant with ASN $PEER-AS |
| rt:65515:$PEER-AS | Only export to participant with ASN $PEER-AS (this only work with rt:0:64999) |
Large Communities
| Large Community | Action |
|---|---|
| 65001:0:0 | Prepend advertising ASN 1 times to all participants |
| 65002:0:0 | Prepend advertising ASN 2 times to all participants |
| 65003:0:0 | Prepend advertising ASN 3 times to all participants |
| 65001:0:$PEER-AS | Prepend advertising ASN 1 times to participant with ASN $PEER-AS |
| 65002:0:$PEER-AS | Prepend advertising ASN 2 times to participant with ASN $PEER-AS |
| 65003:0:$PEER-AS | Prepend advertising ASN 3 times to participant with ASN $PEER-AS |
| 64999:0:0 | Don't export to all participant |
| 64999:0:$PEER-AS | Don't export to participant with ASN $PEER-AS |
| 65515:0:$PEER-AS | Only export to participant with ASN $PEER-AS (this only work with 64999:0:0) |
To mitigate DDoS attack, CXC provide a blackhole next-hop address for both IPv4 and IPv6 address-families. These next-hop addresses will resolves (via ARP/ND) to a predefined blackhole MAC address, which will be dropped by our switch port ingress filter where members are directly connected and thereby preventing DDoS traffic from reaching its destination. CXC blackholing (BH) service is available on our Route Servers (RS) and members are encouraged to participate. Please read more about our Blackholing Service here.
