Strict Filtering Policy for Route Servers
CNX Route Servers implement strict prefix filtering to ensure routing security and policy integrity. BGP announcements from your ASN will only be accepted if all downstream ASNs are properly registered and referenced in a AS-SET object.
Our configuration automation relies exclusively on authoritative data you publish. Specifically, we use:
- Your AS-SET object registered in the RIR (e.g. APNIC) database
- Your PeeringDB entry, which must reference your AS-SET
To be eligible for route server peering with downstream announcements, you must:
- Create a hierarchical AS-SET with your RIR (e.g.
ASAS65555:AS-CUSTOMERS) - Add all downstream ASNs as members to the AS-SET
- Ensure the AS-SET is listed in the “IRR Record” field of your PeeringDB entry
What is a Hierarchical AS-SET?
A hierarchical AS-SET follows the format AS-<owner>:<set-name>, such as AS64496:AS-CUSTOMERS. This naming scheme is mandatory under APNIC policy (Prop-151, APNIC-127) and ensures global uniqueness and traceability. Non-hierarchical AS-SETs (e.g. AS-FOO) are no longer accepted.
Useful references:
Once your AS-SET and PeeringDB entry are in place, our configuration system will automatically detect the change and apply the correct filters.
If you do not intend to announce downstream routes via CNX, you are not required to create an AS-SET. However, we still strongly recommend maintaining an accurate PeeringDB entry and listing your peering with CNX. This helps improve route visibility and community growth, which in turn reduces costs through increased scale.