Technical / Network

Route Sever

Namex owns two different Route Servers within its switching platform, one running with OpenBGPD and the other running on BIRD.

A Route Server is an essential simplifcation for peering sessions. Indeed, by configuring a single BGP session with the route server each Namex member can see announcements and receive routes from all the other members.

Besides being faster than establishing multiple BGP sessions, it also enhances transparency and routing security, since the route server performs an initial filtering on routes received from its peers, thus guaranteeing greater reliability of announced routes.

Topology

MANRS

Mutually Agreed Norms for Routing Security (MANRS) is a global initiative, supported by the Internet Society, that provides crucial fixes to reduce the most common routing threats.

Namex has been an active sponsor of MANRS since 2018, implementing the following security policies within its datacentes.

  1. IRRdb filtering: Automatic generation of filters from the information contained within the Internet Routing Registry. Each Namex member must provide an AS-SET macro containing all ASes that are advertised by it on the NAP. Route server and filters configuration is updated daily in the eatly morning.
  2. ROA RPKI filtering: The prefixes received are filtered according to their ROA RPKI status: Invalid ROA are blocked and not propagated to the peers, instead ROAs with Valid and Not Found status are exported.
  3. RTBH Filtering: The Remote-Triggered Black-Hole mechanism enables the Route Server to mitigate a DDoS attack. Blackholing means diverting the flow of malicious data towards a specific next-hop (Blackhole), where traffic is discarded, guaranteeing protection for networks and hosts located within the blackholed prefix. RTBH is also avaiable on bilateral peering sessions.
manrs.org