TABLE OF CONTENTS
=================
* Popular BGP communities
* Generic information
* Selective blackhole / discard communities
* Selective local preference modifications
* Selective no export
* Various Action Communities
* Informational communities
* Targeted Action Communities
Popular BGP communities
========================
DDoS Mitigation:
5580:663 - discard traffic received on routers farther than 1000
kilometer away from the origin
Anycast optimisation:
5580:193 - set local preference to 90 in POPs farther than 1000
kilometer from origin
Advanced Anycast optimisation:
5580:556 - do not export the prefix outside a 1000 kilometer radius
(Warning! global reachability must be taken into consideration when
using selective no_export)
Generic information
===================
The BGP Community feature-set described in this document is version 2014-1.
Some features might not be activated for customers connected prior to January
2014. Customers can always request an expedited upgrade to the latest
feature-set through ipnoc@hibernianetworks.com.
Questions or BGP Community feature requests can be directed to:
ipteam@hibernianetworks.com
A note about how 'distance' is intended throughout this document:
The distance between AS 5580 network devices as calculated with a
Haversine formula with the GPS coordinates of devices as input. The
Haversine formula is an equation giving great-circle distances
between two points on a sphere from their longitudes and latitudes.
Actual length of datapath or optical paths is not taken into
consideration, nor is a peering partner's home country a factor.
Distance solely relates to distance between AS 5580 network devices.
Selective blackhole / discard communities
=========================================
Some analysis regarding the effectiveness of selective blackholing can be
found here: http://noc.as5580.net/~job/selective_blackholing/
5580:663 - outside 1000 kilometer radius: discard traffic
This community is designed based on the theory that most prefixes
(and content) have a geographical significance which decreases as
distance between the sender and receiver of traffic increases. Most
often big DDoS attacks are sourced world-wide, but most legitimate
visitors come from within a certain radius. In other words: a Dutch
shop owner's website, will expect visitors mostly from the
Netherlands.
Conventional blackhole communities such as 5580:666 will trigger a
discard mechanism network-wide, discarding any and all packets
everywhere, but in context of the above described phenomenon one
might consider the conventional :666 community a shotgun approach.
For some it might be a wiser choice in certain scenarios to consider
a trade-off: increasing the chance that legitimate sources can
access the content, but accepting that some DDoS traffic will get
through. To enable customers to make such trade-offs a variety of
selective blackhole communities exist. Depending on the type of
attack, the bandwidth a customer has available and the significance
of the target one can make a choice.
When a target is under attack one could try the various selective
blackhole communities until operations are no longer at risk before
deciding to trigger a network-wide discard with 5580:666.
5580:664 - outside this country: discard traffic
Depending on the size country of origin for the prefix this is a very
wide or very narrow scope to apply the selective blackhole.
5580:661 - outside this region: discard traffic
A region is a square in a virtual 3 x 3 grid overlaid on top of the
continent of origin. Usefulness depends on the location of the POP
in which the prefix is received (a POP might be located close to the
border of a region, in that case the 5580:662 community might be a
better fit)
5580:662 - outside 2500 kilometer radius: discard traffic
In terms of purpose it mimics the 5580:663 community, except a
radius of 2500 kilometer around the POP of origin applies. Outside
this 2500 km radius traffic is discarded.
5580:660 - outside this continent: discard traffic
Very wide scope: majority of traffic (legitimate or otherwise) will
NOT be discarded.
5580:665 - outside this metro: discard traffic
Very narrow scope: majority of traffic (legitimate or otherwise)
WILL be discarded.
5580:666 - discard traffic anywhere everywhere
Conventional remotely triggered blackhole community. Traffic
received anywhere on the network for the prefix to which 5580:666 is
attached will be discarded.
Selective local preference modifications
========================================
5580:190 - outside origin metro: lower the local preference to 90
When a prefix is received from a customer in Amsterdam within the
Amsterdam metro area, the prefix will be assigned the default
customer local preference (600 or 650). However, outside the
Amsterdam metro (London, New York, etc) the local preference for the
prefix is set to 90. LP 90 is the lowest local-preference used in AS
5580.
This community is ideal for customers offering Anycast Services such
as DNS and are connected to AS 5580 in many different metro areas.
Because the prefix is made less attractive, but not discarded
outside the metro, different metro's essentially serve as backup for
each other. The prefix will only be announced towards eBGP peers if
AS5580 is not receiving the prefix from eBGP peers. This property
works particularly well when an Anycast service provider utilises
multiple upstreams.
Affects: All POPs globally - except the POPs in the metro in which
the customer prefix is received.
5580:191 - outside origin country: lower the local preference to 90
When a prefix is received from a customer in the Netherlands within
the Netherlands, the prefix will be assigned the default customer
local preference (600 or 650). However, outside the Netherlands
(Belgium, North America, UK, etc) the local preference for the
prefix is set to 90. LP 90 is the lowest local-preference used in AS
5580.
This community is ideal for customers offering Anycast Services such
as DNS and are connected to AS 5580 in many different countries.
Because the prefix is made less attractive, but not discarded
outside the scope of the country, interconnections in different
countries essentially serve as backup for each other. The prefix
will only be announced towards eBGP peers if AS5580 is not receiving
the prefix from eBGP peers. This property works particularly well
when an Anycast service provider utilises multiple upstreams.
Affects: All POPs globally - except the POPs in the country in which
the customer prefix is received.
5580:192 - outside origin region: lower the local preference to 90
A region is a square in a virtual 3 x 3 grid overlaid on top of the
continent of origin. Usefulness depends on the location of the POP
in which the prefix is received (a POP might be located close to the
border of a region, in that case the 5580:191 community might be a
better fit).
When a prefix is received from a customer in the West Europe within
West Europe, the prefix will be assigned the default customer local
preference (600 or 650). However, outside the Netherlands (Belgium,
North America, UK, etc) the local preference for the prefix is set
to 90. LP 90 is the lowest local-preference used in AS 5580.
This community is ideal for customers offering Anycast Services such
as DNS and are connected to AS 5580 in many different countries.
Because the prefix is made less attractive, but not discarded
outside the scope of the country, interconnections in different
countries essentially serve as backup for each other. The prefix
will only be announced towards eBGP peers if AS5580 is not receiving
the prefix from eBGP peers. This property works particularly well
when an Anycast service provider utilises multiple upstreams.
Affects: All POPs globally - except the POPs in the region in which
the customer prefix is received.
5580:193 - set local preference to 90 in POPs more than 1000 kilometer
from origin
When a prefix is received from a customer in Amsterdam within a
radius of 1000 kilometer around Amsterdam, the prefix will be
assigned the default customer local preference (600 or 650).
However, outside that 1000 kilometer radius the local preference for
the prefix is set to 90. LP 90 is the lowest local-preference used
in AS 5580.
A simple Haversine formula is used to calculate distance between
POPs and assess whether the threshold is crossed. Please note that
no regard is given to actual length of optical paths between POPs.
Affects: All POPs globally - except POPs within a 1000-kilometer
radius of the POP where the customer prefix is received.
5580:194 - set local preference to 90 in POPs more than 2500 kilometer
from origin
When a prefix is received from a customer in Amsterdam within a
radius of 1000 kilometer around Amsterdam, the prefix will be
assigned the default customer local preference (600 or 650).
However, outside that 2500 kilometer radius the local preference for
the prefix is set to 90. LP 90 is the lowest local-preference used
in AS 5580.
A simple Haversine formula is used to calculate distance between
POPs and assess whether the threshold is crossed. Please note that
no regard is given to actual length of optical paths between POPs.
Affects: All POPs globally - except POPs within a 2500-kilometer
radius of the POP where the customer prefix is received.
5580:195 - outside origin continent: lower the local preference to 90
When a prefix is received from a customer in Europe within Europe
the prefix will be assigned the default customer local preference
(600 or 650). However outside of Europe, the local preference for
the Prefix is set to 90. LP 90 is the lowest local-preference used
in AS 5580.
This community is ideal for customers offering Anycast Services such
as DNS and are connected to AS 5580 on two or three continents.
Because the prefix is made less attractive, but not discarded
outside the scope of the country, interconnections in different
country's essentially serve as backup for each other. The prefix
will only be announced towards eBGP peers if AS5580 is not receiving
the prefix from eBGP peers. This property works particularly well
when an Anycast service provider utilises multiple upstreams.
Affects: All POPs globally except the POPs within the continent in
which the customer prefix is received.
Selective no export
===================
5580:554 - do not export the prefix outside this metro
When a prefix is received from a customer in Amsterdam within the
Amsterdam metro area, the prefix will be assigned the default
customer local-preference (600 or 650). However, outside the
Amsterdam metro (London, New York, etc) the prefix will not be
accepted by AS 5580 routers over their iBGP sessions.
This community is for customers offering Anycast Services such as
DNS and are connected to AS 5580 in many different metro areas.
Because the prefix is selectively imported, it is of utmost
importance the customer takes global reachability into consideration.
This property works particularly well when an Anycast service
provider utilises multiple upstreams.
Affects: All POPs globally - except the POPs in the metro in which
the customer prefix is received.
5580:555 - do not export the prefix outside country
When a prefix is received from a customer in the Netherlands , the
prefix will be assigned the default customer local-preference (600
or 650). However, outside the Netherlands (United Kingdom, North
America, etc) the prefix will not be accepted by AS 5580 routers
over their iBGP sessions.
This community is for customers offering Anycast Services such as
DNS and are connected to AS 5580 in many different countries.
Because the prefix is selectively imported, it is of utmost
importance the customer takes global reachability into consideration.
This property works particularly well when an Anycast service
provider utilises multiple upstreams.
Affects: All POPs globally - except the POPs in the country in which
the customer prefix is received.
5580:556 - do not export the prefix outside a 1000 kilometer radius
When a prefix is received from a customer at a given POP, the prefix
will be assigned the default customer local-preference (600 or 650).
However, outside a radius of one thousand (1000) kilometers the
prefix will not be accepted by AS 5580 routers over their iBGP
sessions.
This community is for customers offering Anycast Services such as
DNS and are connected to AS 5580 in many different countries.
Because the prefix is selectively imported, it is of utmost
importance the customer takes global reachability into consideration.
This property works particularly well when an Anycast service
provider utilises multiple upstreams.
Affects: All POPs globally - except the POPs in a radius of a 1000
kilometers around the POP where the customer prefix is received.
5580:557 - do not export the prefix outside a 2500 kilometer radius
Mimics the 5580:556 community, except the radius is extended to
2500 kilometers.
5580:558 - do not export the prefix outside this region
A region is a square in a virtual 3 x 3 grid overlaid on top of the
continent of origin. Usefulness depends on the location of the POP
in which the prefix is received (a POP might be located close to the
border of a region, in that case the 5580:557 community might be a
better fit).
When a prefix is received from a customer in the 'West' region,
within that West Europe region, the prefix will be treated as any
other customer prefix. However, outside a radius of 2500 kilometers
the prefix will not be accepted by AS 5580 routers over their iBGP
sessions. This property works particularly well when an Anycast
service provider utilises multiple upstreams.
Because the prefix is selectively imported, it is of utmost
importance the customer takes global reachability into consideration.
5580:559 - do not export the prefix outside this continent
When a prefix is received from a customer in Europe, the prefix will
be treated as any other customer prefix within Europe. or 650).
However, outside Europe (North America, Asia, etc) the prefix will
not be accepted by AS 5580 routers over their iBGP sessions.
This community is for customers offering Anycast Services such as
DNS and are connected to AS 5580 on different continents. This
property works particularly well when an Anycast service provider
utilises multiple upstreams.
Because the prefix is selectively imported, it is of utmost
importance the customer takes global reachability into consideration.
Various action communities
==========================
5580:7100 - Set BGP local preference to 90 at the intercontinental route
reflection layer on NLRI export from Europe towards North America.
(but 5580:195 is recommended)
5580:7200 - Set BGP local preference to 90 at the intercontinental route
reflection layer on NLRI export from North America towards Europe.
(but 5580:195 is recommended)
5580:100 - set local preference same as Transit
5580:400 - set local-preference same as public Peer
5580:500 - set local-preference same as private Peer
5580:600 - set local-preference as customer backup route
5580:650 - default local-preference for customer routes (Not available for all customers)
5580:999 - No export outside of AS 5580, allowing more-specifics up to IPv4:
/32, IPv6: /128, mainly used for traffic engineering purposes across
multiple uplinks.
Informational communities
=========================
Informational BGP Communities are set by AS 5580 border routers, and are used
to pass on information to the customer about where and how a particular route
was learned, as well as for our internal routing policies.
There should never be more than one Informational BGP Community attached to an
IP Prefix. The Informational Community is set at the point where the prefix is
learned by our border router. Any BGP community which is 5580: followed by 5
digits can be assumed to be an Informational BGP Community.
and these communities can not be passed to us from any other network.
Information Tags are always used in the following format: 5580:CTRPP
5580: Standard preamble
C Continent identifier
T Type or Relation
R Region identifier
PP POP Location code (city code)
Relation table:
---------------
+------------+------------------+------------------+
| Identifier | Description | Local-preference |
+------------+------------------+------------------+
| 1 | transit customer | 100 |
| 4 | public peer | 400 |
| 3 | private peer | 500 |
| 5 | customer | 600 |
| 6 | customer | 650 |
| 7 | internal | 700 |
+------------+------------------+------------------+
The Region attribute is a virtual 3x3 grid overlaid on top of the continent in the following structure:
.-----------.
| 1 | 2 | 3 |
|-----------|
| 4 | 5 | 6 |
|-----------|
| 7 | 8 | 9 |
`-----------'
+-------------------+------------+------------------------------------+-------------------------------+
| Region identifier | Name | North America (1) | Europe (2) |
+-------------------+------------+------------------------------------+-------------------------------+
| 1 | North-West | Seattle | United Kingdom |
| 2 | North | Chicago | Netherlands, Germany, Denmark |
| 3 | North-East | New York, Boston, Montreal | Poland, Western Russia |
| 4 | West | San Francisco, Palo Alto, San Jose | France |
| 5 | Central | Kansas City, Denver | Northern Italy |
| 6 | East | Ashburn, Washington DC | Romania |
| 7 | South-West | Los Angeles, Phoenix | Spain, Portugal |
| 8 | South | Dallas, Houston | Southern Italy |
| 9 | South-East | Atlanta, Miami | Greece |
+-------------------+------------+------------------------------------+-------------------------------+
City codes / POP identifiers:
-----------------------------
11. Brussels
12. Prague
13. Paris
14. Berlin
15. Dusseldorf
16. Frankfurt
17. Hamburg
18. Budapest
19. Milan
20. Amsterdam
21. Warsaw
22. Stockholm
23. London
24. Ashburn
25. Chicago
26. New York
27. Copenhagen
28. Denver
29. San Jose
30. Madrid
31. Los Angeles
32. Hilversum
33. Dallas
34. Atlanta
35. Miami
36. Vienna
37. Jacksonville
38. Wenen
39. Zürich
40. Rotterdam
41. Alblasserdam
42. Seattle
43. Dublin
44. Secaucus NJ
45. Carteret, NJ
46. Tokyo
47. Phoenix
48. Kansas City
49. Baltimore
50. Singapore
51. San Francisco
52. Weehawken NJ
In addition to the above Informational BGP communities, Some peers or customers
might receive the following communities:
5580:0 - customer prefix (5580:00000)
5580:10000 - customer prefix learned in North America
5580:20000 - customer prefix learned in Europe
5580:30000 - customer prefix learned in Asia
Actions - BGP Communities which actively influence the routing policy
=====================================================================
Action Tags are (optionally) set by the customer to provide instructions for
special handling of a prefix, such as where it should be exported, attributes
which should be changed by us, and other actions such as Null Routing.
Customers may send as many Action Tags as they would like.
Action Tags can be classified into three main types, Import/Export Actions
which use location-specific tags, Preference Action tags which set BGP
Local-Preference inside the Atrato network, and Other Actions.
Targeted import/export action communities
-----------------------------------------
These communities define specific import/export behaviors, and contain location
codes to specify which BGP sessions the actions should be applied to. The
second half of the Community will always be 4 digits long, and will have the
following structure:
TARGET_CODE:A0CR
-or-
TARGET_CODE:A1PP
+-----------+---------------------------------------------------------------------+
| Symbol | Description |
+-----------+---------------------------------------------------------------------+
| A | The action to perform when propagating the Prefix to eBGP neighbors |
| C | Continental code (or 0 for all continents) |
| R | Regional code (or 0 for all regions) |
| PP | POP Location code (city code) |
+-----------+---------------------------------------------------------------------+
Action codes:
-------------
1 - Prepend AS-PATH with 5580 on export
2 - Prepend AS-PATH with 5580 5580 on export
3 - Prepend AS-PATH with 5580 5580 5580 on export
5 - No export outside AS 5580
+-------------------+---------------------------
| Target identifier | Target description
+-------------------+--------------------------
| 5580 | Apply to all neighboring ASNs
| 65010 | Apply to all Transit
| 65020 | Apply to all Peers
| 65021 | Apply to all Peer: Public
| 65022 | Apply to all Peer: Private
Group-type: INTERNET_EXCHANGE
+-------------------+---------------------------------------------------------------------------
| Target identifier | Description, locations and Autonomous Number
+-------------------+---------------------------------------------------------------------------
| 12001 | AMSIX - Amsterdam (20)
| 12002 | DECIX - Frankfurt (16)
| 12003 | LINX - London (23)
| 12004 | ECIX-AMS - Amsterdam (20)
| 12006 | EQUINIX - Ashburn (24) Chicago (25) New York (26) San Jose (29) Dallas (33)
| |
| 12007 | FRANCEIX - Paris (13)
| 12008 | ECIX - Berlin (14) Dusseldorf (15) Hamburg (17)
| 12009 | TIE-TELX - New York (26) Atlanta (34)
| 12010 | Seattle IX - Seattle (42)
| 12011 | NETNOD - Stockholm (22)
| 12012 | PLIX - Warsaw (21)
| 12013 | NIX - Prague (12)
| 12014 | BIX - Budapest (18)
| 12015 | BNIX - Brussels (11)
| 12016 | MIX - Milan (19)
| 12017 | ANY2 - Los Angeles (31)
| 12018 | NOTA - Miami (35)
| 12019 | ESPANIX - Madrid (30)
| 12020 | SWISSIX - Zürich (39)
| 12022 | Rotterdam Internet Exchange - Rotterdam (40)
+-------------------+---------------------------------------------------------------------------
Group-type: PEERING_PRIVATE_PUBLIC
+-------------------+---------------------------------------------------------------------------
| Target identifier | Description, locations and Autonomous Number
+-------------------+---------------------------------------------------------------------------
| 13001 | Online - Amsterdam (20) - AS5390
| 13002 | PACNET - San Jose (29) - AS10026
| 13003 | Ziggo - Amsterdam (20) - AS9143
| 13004 | Kabel BB - Frankfurt (16) Amsterdam (20) - AS31334
| 13005 | Telfort - Amsterdam (20) - AS5615
| 13006 | Telefonica DE - Frankfurt (16) - AS6805
| 13007 | TalkTalk - London (23) - AS13285
| 13008 | Charter - Ashburn (24) Chicago (25) - AS20115
| 13009 | Leaseweb - Amsterdam (20) - AS16265
| 13010 | Cox Communications - Chicago (25) Dallas (33) - AS22773
| 13011 | BICS - Brussels (11) - AS6774
| 13012 | UPC - Frankfurt (16) Amsterdam (20) Wenen (38) - AS6830
| 13013 | British Telecom - London (23) - AS2856
| 13014 | BELL - Ashburn (24) Chicago (25) San Jose (29) - AS577
| 13015 | Nordunet - Amsterdam (20) Ashburn (24) - AS2603
| 13016 | OCCAID - Amsterdam (20) - AS30071
| 13017 | Rostelecom - Frankfurt (16) - AS12389
| 13018 | LEVEL3 - Amsterdam (20) - AS3356
| 13019 | Virgin Media - London (23) - AS5089
| 13020 | Telenet - Brussels (11) - AS6848
| 13021 | Columbus Networks USA Inc. - Miami (35) - AS23520
| 13022 | XO - Chicago (25) San Jose (29) Dallas (33) - AS2828
| 13023 | Softbank - San Jose (29) - AS4725
| 13024 | Telefonica Wholesale - Frankfurt (16) London (23) Dallas (33) Miami (35) - AS12956
| 13025 | Numericable - Paris (13) - AS21502
| 13026 | Init7 - Zürich (39) - AS13030
| 13027 | BSkyB - London (23) - AS5607
| 13028 | MegaFON - Stockholm (22) - AS31133
+-------------------+---------------------------------------------------------------------------
Group-type: TRANSIT
+-------------------+---------------------------------------------------------------------------
| Target identifier | Description, locations and Autonomous Number
+-------------------+---------------------------------------------------------------------------
| 11003 | Teliasonera - Prague (12) Frankfurt (16) Amsterdam (20) Stockholm (22) London (23)
| | Ashburn (24) Chicago (25) New York (26) Los Angeles (31)
| | Dallas (33) Miami (35) - AS1299
| 11004 | NTT - Paris (13) Frankfurt (16) Milan (19) Amsterdam (20) Warsaw (21)
| | Ashburn (24) Chicago (25) New York (26) San Jose (29)
| | Madrid (30) Los Angeles (31) Dallas (33) Atlanta (34)
| | Miami (35) Tokyo (46) - AS2914
+-------------------+---------------------------------------------------------------------------
Examples based on CODE:A0CR / CODE:A1PP
---------------------------------------
5580:1000 - Prepend once globally
5580:2010 - Prepend twice in North America
5580:3124 - Prepend three times in Ashburn
65010:5020 - No Export to transit networks in Europe