Traffic Engineering
Traffic Engineering for BGP Downstreams
aurologic offers ingress and egress applied BGP Communities. Egress BGP Communities are available to the customer, while Ingress ones are set by aurologic up on route import.
Control Communities
- 30823:30820 -> Customers can set that community to trigger RTBH for /32 IPv4 and /128 IPv6
- 30823:30821 -> External Route, any route received on peering/upstream is tagged with
- 30823:30822 -> Pre-Customer Route, this route is accepted only for automation purpose and only when the prefix is not accepted yet - not installed in FIB
- 30823:30823 -> Customer Route, any route tagged with that community is advertised to peering and upstream
- 30823:21xxx:xxxx -> Router Identifier the route was received on
Ingress Communities
These are applied on routes received by aurologic routers.
Peering
Peering Communities are like the following:
30823:153IXP:0-3, where 30823 is the aurologic AS-SET, 153 the ASCII number of IP (ingress peering combined), IXP is the numeric identifier of the IXP, e.g. 358 for GNM-IX on PeeringDB. 0-3 is either do not announce (0) or 1-3 amount of times the aurologic ASN 30823 is prepended in the AS-PATH.
- 30823:1530000:999 -> ANY Peering received route
- 30823:153655:999 -> Giganet IXN, see https://www.peeringdb.com/ix/655
- 30823:1534233:999 -> Giganet IXN Frankfurt, see https://www.peeringdb.com/ix/4233
- 30823:153358:999 -> GNM-IX, see https://www.peeringdb.com/ix/358
- 30823:1533789:999 -> ERA-IX Amsterdam, see https://www.peeringdb.com/ix/3789
- 30823:1534630:999 -> ERA-IX Frankfurt, see https://www.peeringdb.com/ix/4630
- 30823:1537376:999 -> 1-IX, see https://www.peeringdb.com/net/27376
- 30823:15316303:999 -> Piter-IX St. Petersburg, see https://www.peeringdb.com/net/16303
- 30823:15325096:999 -> Piter-IX Moscow, see https://www.peeringdb.com/net/25096
- 30823:15329224:999 -> Piter-IX Frankfurt, see https://www.peeringdb.com/net/29224
Private Peering
- 30823:154000:999 -> ANY Private Peering
- 30823:1541766:999 -> AS24940, Hetzner Online -> Region: FFM3.DE
- 30823:154433:999 -> AS15169, Google -> Region: FFM3.DE
- 30823:1541007:999 -> AS24961, WIIT Group -> Region: FFM3.DE
- 30823:1544961:999 -> AS50629, LWLcom -> Region: FFM3.DE
Egress Communities
These are applied on routes transceived by aurologic routers, e.g. to disable upstream/peering partners or influence ingress routing.
Upstream
Upstream Communities are like the following:
30823:85ASN:0-3, where 30823 is the aurologic AS-SET, 85 the ASCII number of U in Upstream, ASN is the numeric ASN of the Carrier, e.g. 5405 for inter.link. 0-3 is either do not announce (0) or 1-3 amount of times the aurologic ASN 30823 is prepended in the AS-PATH.
Upstream Communities are passed, which means if you use the Arelion Community for Local-Preference Changes, it's distributed to our upstreams.
- 30823:85000:XXX -> ANY Upstream
- 30823:851299:XXX -> AS1299, Arelion, Region FFM3.DE
- 30823:85129901:XXX -> AS1299, Arelion, Region HEL1.FI
- 30823:85129902:XXX -> AS1299, Arelion, Region AMS1.NL
- 30823:85174:XXX -> AS174, Cogent Communications, Region FFM5.DE
- 30823:8517401:XXX -> AS174, Cogent Communications, Region HEL1.FI
- 30823:8517402:XXX -> AS174, Cogent Communications, Region AMS1.NL
- 30823:853257:XXX -> AS3257, GTT Communications, Region FFM3.DE
- 30823:852914:XXX -> AS2914, NTT Communications, Region FFM5.DE
- 30823:856762:XXX -> AS6762, TI Sparkle, Region FFM3.DE
- 30823:856762001:XXX -> AS6762, TI Sparkle, Region HEL2.FI
- 30823:8544592:XXX -> AS44592, Skylink Datacenter -> Region: EGH.NL
Peering
Peering Communities are like the following:
30823:80IXP:0-3, where 30823 is the aurologic AS-SET, 80 the ASCII number of P in Peering, IXP is the numeric identifier of the IXP, e.g. 358 for GNM-IX on PeeringDB. 0-3 is either do not announce (0) or 1-3 amount of times the aurologic ASN 30823 is prepended in the AS-PATH.
- 30823:80000:XXX -> ANY Peering
- 30823:80358:XXX -> GNM-IX, see https://www.peeringdb.com/ix/358
- 30823:803789:XXX -> ERA-IX, see https://www.peeringdb.com/ix/3789
- 30823:807376:XXX -> 1-IX, see https://www.peeringdb.com/net/27376
- 30823:80655:XXX -> Giganet IXN, see https://www.peeringdb.com/ix/655
- 30823:803739:XXX -> Piter-IX Frankfurt (FFM5.DE), see https://www.peeringdb.com/ix/3739
- 30823:803017:XXX -> Piter-IX Moscow (FFM5.DE), see https://www.peeringdb.com/ix/3017
- 30823:802149:XXX -> Piter-IX St. Petersburg (FFM5.DE), see https://www.peeringdb.com/ix/2149
- 30823:803017001:XXX -> Piter-IX Moscow (HEL2.FI), see https://www.peeringdb.com/ix/3017
- 30823:802149001:XXX -> Piter-IX St. Petersburg (HEL2.FI), see https://www.peeringdb.com/ix/2149
- 30823:803299001:XXX -> Piter-IX Helsinki (HEL2.FI), see https://www.peeringdb.com/ix/3299
Private Peering
- 30823:69000:XXX -> ANY Private Peering
- 30823:691766:XXX -> AS24940, Hetzner Online -> Region: FFM3.DE
- 30823:69433:XXX -> AS15169, Google -> Region: FFM3.DE
- 30823:691007:XXX -> AS24961, WIIT Group -> Region: FFM3.DE
- 30823:694961:XXX -> AS50629, LWLcom -> Region: FFM3.DE
- 30823:69979:XXX -> AS32934, Meta (Facebook/Whatsapp/Instagram) -> Region: FFM5.DE
- 30823:69979001:XXX -> AS32934, Meta (Facebook/Whatsapp/Instagram) -> Region: HEL2.FI
Action
Applied by aurologic
- 30823:30820 -> RTBH -> ANY Region, max. IPv4 /32, IPv6 /128
- 30823:30823 -> Customer -> ANY Region, Community is added for any customer Announcement
- 30823:30824 -> Discovered but yet filtered customer announcement
DDoS-Protection
aurologic allows to influence the various settings of DDoS Analysis to be set through large bgp communities. These setttings are retrieve every three seconds from the bgp daemon running on the flowAnalyzer infrastructure. Whenever changes are present, they are being replicated into the longest prefix match database of the respective infrastructure. These communities are experimental and will be activated with the upcoming flowAnalyzer release. Routes tagged with these communities will automatically apply the new threshold / configuration within three seconds are (re-)announcing. The new threshold / configuration is synchronized with the customer area through our message bus.
- 30823:30820 -> RTBH route (set by aurologic)
- 30823:30828 -> flowShield route (set by aurologic)
- 30823:30829 -> flowProxy route (set by aurologic)
- 30823:15301:X -> Set threshold for hosts within the prefix to X MegabitPerSecond (maximum is 40000 -> 40Gbps = 30823:15301:40000, minimum is 100 -> 100Mbps = 30823:15301:100)
- 30823:15302:X -> Set threshold for hosts within the prefix to X PacketPerSecond (kpps) (maximum is 59200 -> 59.2Mpps = 30823:15302:59200, minimum is 10 -> 10kpps = 30823:15302:10)
- 30823:15303:X -> Set threshold for whole prefix (Carpet Bombing Detection) to X MegabitPerSecond (maximum is 40000 -> 40Gbps = 30823:15303:40000, minimum is 1000 -> 1000Mbps = 30823:15303:1000)
- 30823:15304:X -> Set threshold for whole prefix (Carpet Bombing Detection) to X PacketPerSecond (kpps) (maximum is 59200 -> 59.2Mpps = 30823:15304:59200, minimum is 1000 -> 1000kpps = 30823:15304:1000)
- 30823:15305:X -> Set threshold for whole prefix (RTBH General Threshold) to X MegabitPerSecond (no maximum exists, minimum is 2500 -> 2500Mbps = 30823:15305:2500)
- 30823:15306:X -> Set threshold for whole prefix (RTBH General Threshold) to X PacketPerSecond (kpps) (no maximum exists, minimum is 2500 -> 2500kpps = 30823:15306:2500)
- 30823:15307:0 -> Turn off processing of general flowrules (fine grained detection of various flood methods such as TCP SYN, SYN-ACK, diverse UDP Reflection)
Site specific steering
These are settable steering communities and will be enhanced as required:
HEL-FRA
- 30823:91358:26901 -> Do not announce HEL (HEL2, Digita) to FRA peers
Site (Region) specific
Finland
Helsinki
- 30823:90358:20001 -> Hetzner Helsinki
- 30823:90358:20002 -> Digita Helsinki
Germany
Frankfurt
- 30823:9049:69001 -> Tornado Datacenter FRA1
- 30823:9049:69002 -> Interwerk Rechenzentrum
- 30823:9049:69003 -> Digital Realty FRA16
- 30823:9049:69005 -> Equinix FR7
Netherlands
Amsterdam
- 30823:9031:20001 -> Nikhef