To manage route announcements via BGP communities, CNX's route servers support specific community tags that allow peers to control the propagation of their prefixes and to understand how the route server has validated them.
- CNX route servers support a set of communities you can send to us to influence how your routes are propagated.
- They also attach communities to the routes they send back to you to signal validation and, for rejected routes, the rejection reason.
- See the automatically generated route server policy for full details.
- RFC8092 Large Communities are supported on all route servers; we recommend using them where possible.
BGP communities you can send us
These communities are accepted from peers and used to control propagation and prepending behaviour.
- Routes tagged with the NO_EXPORT or NO_ADVERTISE communities received by the route server are propagated to other clients with those communities unaltered.
- Routes tagged with the GRACEFUL_SHUTDOWN BGP community
65535:0have theirLOCAL_PREFlowered to 0.
| Function | Standard | Large |
|---|---|---|
| Do not announce to any client | 0:65534 | 132213:0:0 |
| Announce to peer, even if tagged with the previous community | 65534:peer_as | 132213:1:peer_as |
| Do not announce to peer | 0:peer_as | 132213:0:peer_as |
| Prepend the announcing ASN once to peer | 65511:peer_as | 132213:101:peer_as |
| Prepend the announcing ASN twice to peer | 65512:peer_as | 132213:102:peer_as |
| Prepend the announcing ASN thrice to peer | 65513:peer_as | 132213:103:peer_as |
| Prepend the announcing ASN once to any | 65501:65534 | 132213:101:0 |
| Prepend the announcing ASN twice to any | 65502:65534 | 132213:102:0 |
| Prepend the announcing ASN thrice to any | 65503:65534 | 132213:103:0 |
| Add NO_EXPORT to peer | 65281:peer_as | 132213:65281:peer_as |
| Add NO_ADVERTISE to peer | 65282:peer_as | 132213:65282:peer_as |
Domestic / non-domestic segmentation communities
These communities distinguish routes learned from domestic and non-domestic peers, and allow you to control whether your prefixes are advertised to each group. They are kept separate from other steering and validation communities for clarity.
Segmentation communities we attach to routes
These communities are added by the CNX route servers to mark whether a received route originates from a domestic or non-domestic peer.
| Function | Standard | Large |
|---|---|---|
| Routes received from domestic peers | 65528:0 | 132213:65528:0 |
| Routes received from non-domestic peers | 65529:0 | 132213:65529:0 |
Segmentation steering communities you can send us
These communities can be set by peers on their prefixes to control whether the CNX route servers advertise those prefixes toward domestic or non-domestic peers.
| Function | Standard | Large |
|---|---|---|
| Do not advertice to domestic peers | 0:65528 | 132213:0:65528 |
| Do not advertice to non-domestic peers | 0:65529 | 132213:0:65529 |
BGP communities we attach to routes
The route servers add communities to the routes they send you. These communities indicate validation state and, for rejected routes, the specific reason for the rejection.
Route validity and RPKI markers (exported on accepted routes)
| Description | Standard | Large |
|---|---|---|
| Prefix is included in client's AS-SET | 64512:11 | 132213:64512:11 |
| Prefix is NOT included in client's AS-SET | 64512:10 | 132213:64512:10 |
| Origin ASN is included in client's AS-SET | 64512:21 | 132213:64512:21 |
| Origin ASN is NOT included in client's AS-SET | 64512:20 | 132213:64512:20 |
| Prefix matched by a RPKI ROA for the authorized origin ASN | 64512:31 | 132213:64512:31 |
| Prefix matched by an entry of the NIC.BR Whois DB dump | 64512:61 | 132213:64512:61 |
| Route authorized solely because of a client white list entry | 64512:41 | 132213:64512:41 |
| RPKI origin validation state: Valid | 132213:1000:1 | |
| RPKI origin validation state: Unknown | 132213:1000:2 | |
| RPKI origin validation state: Invalid | 132213:1000:4 | |
| RPKI BGP Origin Validation not performed | 132213:1000:3 |
Reject-reason markers (used for rejected routes)
These communities appear only on rejected routes and are mostly visible in looking-glass / debugging tools.
| ID | Description | Standard | Large |
|---|---|---|---|
| 0 | Generic code: the route must be treated as rejected | 65520:0 | 132213:65520:0 |
| 1 | Invalid AS_PATH length | 65520:1 | 132213:65520:1 |
| 2 | Prefix is bogon | 65520:2 | 132213:65520:2 |
| 3 | Prefix is in global blacklist | 65520:3 | 132213:65520:3 |
| 4 | Invalid AFI | 65520:4 | 132213:65520:4 |
| 5 | Invalid NEXT_HOP | 65520:5 | 132213:65520:5 |
| 6 | Invalid left-most ASN | 65520:6 | 132213:65520:6 |
| 7 | Invalid ASN in AS_PATH | 65520:7 | 132213:65520:7 |
| 8 | Transit-free ASN in AS_PATH | 65520:8 | 132213:65520:8 |
| 9 | Origin ASN not in IRRDB AS-SETs | 65520:9 | 132213:65520:9 |
| 10 | IPv6 prefix not in global unicast space | 65520:10 | 132213:65520:10 |
| 11 | Prefix is in client blacklist | 65520:11 | 132213:65520:11 |
| 12 | Prefix not in IRRDB AS-SETs | 65520:12 | 132213:65520:12 |
| 13 | Invalid prefix length | 65520:13 | 132213:65520:13 |
| 14 | RPKI INVALID route | 65520:14 | 132213:65520:14 |
| 15 | Never via route-servers ASN in AS_PATH | 65520:15 | 132213:65520:15 |
| 65535 | Unknown | 65520:65535 | 132213:65520:65535 |