France-IX route servers filtering policy: vote results and next steps
Early November, all active members and resellers were invited to give their opinion on the route servers filtering policy they would like France-IX to adopt. We want to thank you for your feedback and your interest in this matter.
With a voter turnout of 33%, 110 members/resellers (out of a total of 331) expressed their opinions. Please find below the results and the next steps regarding this project.
Results
1/ Do you think that by default, route servers should not filter routes, and only tag them with BGP communities?
No (I don’t agree) 79 (73.1%)
Yes (I agree) 29 (26.9%)
Abstain 2 (1.8%)
2/ Do you think that by default, route servers should filter (i.e. drop) routes with “ROA Invalid” status?
Yes (I agree) 88 (80.7%)
No (I don’t agree) 21 (19.3%)
Abstain 1 (0.9%)
3/ Do you think that by default, route servers should filter (i.e. drop) routes with “IRR not found” status?
Yes (I agree) 85 (78.0%)
No (I don’t agree) 24 (22.0%)
Abstain 1 (0.9%)
4/ If filtering is enabled by default, do you think that members should be able to switch from “auto filtering” to “tag only” using the portal web interface or a NOC ticket?
Yes (I agree) 89 (81.7%)
No (I don’t agree) 20 (18.3%)
Abstain 1 (0.9%)
Next steps and planning
- From November 20, 2017
We will start contacting members announcing invalid prefixes and let them know their options in order to make those prefixes valid.
- On January 8, 2018
We will enable IRR and RPKI/ROA filtering by default on both route servers (prefixes with “IRR not found” or “ROA invalid” states won’t be announced anymore). You will be able to request to switch to “tag only” behavior by opening a ticket to noc@franceix.net.
- During Q2-2018
We will provide a “check tool” in your member’s admin console (at https://tools.franceix.net) in order to check easily if your own IRR and ROA prefixes’ states are correct, with suggestions links on how to fix it.
In the meantime, you can already check the routes currently advertised on the route servers and ROA/IRR validation status with theses links:
– Routes with “ROA invalid” status for an origin ASN (no ROA invalid route originated by AS57734 in this example) : https://lg.franceix.net/roa_invalid/RS1+RS2/ipv4?q=57743
– Routes with “IRR not found” status for an origin ASN (i.e transit networks of $ASN with IRR records possibly not up-to-date) : https://lg.franceix.net/irr_notfound_for/RS1+RS2/ipv4?q=57734
– Routes with “IRR not found” status which are announced by ASN (this ASN has a peering with the RS) : https://lg.franceix.net/irr_notfound_from/RS1+RS2/ipv4?q=57734
You can check routes that would be filtered if filtering was enabled on:
– All routes with “ROA Invalid” state : https://lg.franceix.net/all_roa_invalid/RS1+RS2/ipv4
– All routes with “IRR not found” state : https://lg.franceix.net/all_irr_notfound/RS1+RS2/ipv4