Routing Registry Guide

Overview

This guide explains how to publish the required routing registry objects so that your announcements are accepted by the CNX Route Servers. CNX builds Route Server filters automatically from authoritative public data sources:

• IRR (APNIC ,RIPE, AFRINIC, LANIC, ARIN)
• RPKI
• Published hierarchical AS-SET objects
• PeeringDB records

No manual prefix insertion or private overrides are performed.

All examples below assume:

ASN: AS64496
IPv4 prefix: 203.119.0.0/24
IPv6 prefix: 2001:db8:100::/48

And the allocation is made by APNIC, if you use a different RIR, please substiute where needed. CNX accecpet ASNs and prefixes from all Regional Internet Registry.

ASN and aut-num Object in APNIC

Your ASN must be registered in the APNIC database and have a valid aut-num object.

You can verify this using:

whois -h whois.apnic.net AS64496

The output must show a valid aut-num entry.

APNIC reference

Create Route Objects in APNIC IRR

Every prefix you announce must have a corresponding IRR route object in the APNIC database.

IPv4 Route Object Example

route: 203.119.0.0/24
descr: Example Network IPv4
origin: AS64496
mnt-by: MAINT-AS64496
changed: noc@example.com
source: APNIC

IPv6 Route Object Example

route6: 2001:db8:100::/48
descr: Example Network IPv6
origin: AS64496
mnt-by: MAINT-AS64496
changed: noc@example.com
source: APNIC

The origin field must match the ASN that originates the prefix. You can verify your published routes using:

whois -h whois.radb.net !gas64496
whois -h whois.radb.net !6as64496

If a prefix does not appear in IRR, it may not be accepted.

• APNIC IRR guide

Publish ROAs via APNIC (RPKI)

For every prefix you announce, create a Route Origin Authorization (ROA) in the APNIC RPKI portal.

• APNIC RPKI portal: https://my.apnic.net
• APNIC RPKI documentation: https://www.apnic.net/manage-ip/resource-certification/

IPv4 ROA Example

Prefix: 203.119.0.0/24
Origin ASN: AS64496
Max Length: 24

IPv6 ROA Example

Prefix: 2001:db8:100::/48
Origin ASN: AS64496
Max Length: 48

If you plan to announce more specific prefixes, the maxLength must reflect that. Example: If you intend to announce 2001:db8:100::/47 and also /48s, Max Length must be set to 48. Ensure all announced prefixes are RPKI Valid before peering.

Create a Hierarchical AS-SET (If Announcing Downstream)

If you announce only your own prefixes, this section is not required. If you announce prefixes on behalf of downstream ASNs, you must create a hierarchical AS-SET in APNIC.

Format:

AS64496:AS-CUSTOMERS

AS-SET Object Example

as-set: AS64496:AS-CUSTOMERS
descr: Downstream ASNs of AS64496
members: AS64501, AS64502
mnt-by: MAINT-AS64496
changed: noc@example.com
source: APNIC

The AS-SET must:

• Be registered in APNIC
• Use hierarchical naming (AS:)
• Include all downstream ASNs

APNIC AS-SET guide: https://www.apnic.net/manage-ip/using-whois/guide/as-set/

If a downstream ASN is not listed in your AS-SET, its routes may not be accepted.

Reference Your AS-SET in PeeringDB

If you maintain an AS-SET, you must reference it in PeeringDB.

PeeringDB: https://www.peeringdb.com

Steps:

• Log in to PeeringDB.
• Edit your ASN entry.
• Enter your AS-SET in the IRR Record field.

Example:

AS64496:AS-CUSTOMERS

Ensure your PeeringDB record includes:

• Accurate contact information
• Correct peering policy
• Updated network details

PeeringDB documentation: https://docs.peeringdb.com/

Prefix Length Expectations

Before peering, verify that your announcements comply with common routing practice:

• IPv4:
  • Announce no longer than /24
• IPv6:
  • Announce no longer than /48
  • Avoid announcing shorter than /16

If you announce more specific prefixes than your ROA allows, they will be RPKI Invalid. Ensure IRR route objects and ROAs are consistent with the actual prefix lengths you announce.

BGP Configuration Requirements

When configuring your BGP sessions toward CNX Route Servers:

• Disable first-AS enforcement
  • Cisco: no bgp enforce-first-as
  • Huawei: undo check-first-as
• Establish sessions to all CNX Route Servers.
• Announce identical prefix sets to each Route Server.
• Never announce the CNX peering LAN prefix.

Refer to:

• /technical/rs/
• /technical/bgp-config/

Final Checklist Before Activation

• ASN visible in APNIC IRR
• IPv4 route objects published
• IPv6 route6 objects published
• ROAs created for all prefixes
• AS-SET created (if announcing downstream)
• AS-SET referenced in PeeringDB
• Prefix lengths consistent between IRR, ROA, and BGP