Physical connection

TurkIX offers the following physical connection possibilities:

  • 1 / 10Gb SFP / SFP + (SR / LR / ER / ZR);
  • 100/1000/10000 Mb (10GBaseT) RJ45;
  • 40Gb QSFP + with SR4 / LR4;
  • 100Gb QSFP28 + with SR4 / LR4;
  • Ethertypes and MAC addresses allowed

    Only one MAC address per port connected to TurkIX peering VLAN is allowed.
    The expected Ethernet frame types are as follows:

  • 0x0800 – IPv4
  • 0x0806 – ARP
  • 0x86dd – IPv6
  • Allowed Traffic

    The following protocols are allowed at the data link level:

  • ARP
  • IPv6 ND
  • Traffic must be restricted to unicast traffic with the exception of ARP broadcast packets and IPv6ND multicast packets
  • Members should not send any link-local and other unauthorized protocol traffic to the ports, such as the following:
  • Proxy ARP
  • ICMP redirects
  • IEEE 802 Spanning Tree
  • Proprietary protocols from different manufacturers, especially discovery:
  • Discovery protocols: CDP, EDP, MDP
  • VLAN / trunking protocols: VTP, DTP
  • Internal routing protocol broadcasts (e.g. OSPF, ISIS, IGRP, EIGRP)
  • BOOTP/DHCP
  • ICMPv6 ND-RA
  • Interface configurations:

    We recommend the following interface configurations for routers based on CISCO configurations:

    no ip redirects
    no ip proxy-arp
    no ip directed-broadcast
    no mop enabled
    no cdp enable
    udld port disable
    no keepalive
    For IPv6:
    no ipv6 redirects
    ipv6 nd suppressor

    Prefix filtering

    TurkIX route servers drop prefixes for the following reasons:

    1. PREFIX LENGTH TOO LONG – the prefix length is longer than /24 for IPv4 prefixes and /48 for IPv6 prefix
    2. BOGON – prefix is bogon (see IPv4 bogons lists / IPv6 bogons list below)
    3. AS PATH TOO LONG – as-path with more than 64 AS numbers
    4. AS PATH TOO SHORT – must have at least one AS number in the as-path
    5. FIRST AS NOT PEER AS – first AS number in the as-path must be peer AS number
    6. NEXT HOP NOT PEER IP – next-hop IP address must be one of the member’s peer IP addresses
    7. IRRDB PREFIX FILTERED – no IRR record for prefix found
    8. IRRDB ORIGIN AS FILTERED – origin AS number is not included in as-set
    9. TRANSIT FREE ASN – AS number of known transit network is present in the as-path (see list below)

    IPv4 bogons list:

    IPv6 bogons list:

    Known transit networks:

    BGP peering connection

    Addressing TurkIX

    The IPv4 and IPv6 addressing space assigned to TurkIX should not be advertised outside the TurkIX infrastructure.

    BGP TurkIX
    ASn: 60850
    IRR Record: AS60850:AS-TURKIX

    TurkIX RS1
    IPv4: 185.0.26.100
    IPv6: 2001:7f8:146::6:0850:100

    TurkIX RS2
    IPv4: 185.0.26.200
    IPv6: 2001:7f8:146::6:0850:200

    Note: you need to disable the first-as-check mechanism on your BGP router (most vendors have it enabled by default) as the route server does not insert its own AS number into the as-path attribute of prefix announcements (equivalent Cisco command “no bgp enforce-first-as“).

     

    Below follows a sample configuration for Cisco routers to announce a prefix to the route servers:

    !
    router bgp your-asn
     bgp always-compare-med
     no bgp enforce-first-as
     bgp log-neighbor-changes
     neighbor TURKIX-RS peer-group
     neighbor TURKIX-RS remote-as 60850
     neighbor TURKIX-RS version 4
     neighbor TURKIX-RS transport connection-mode active
    
     neighbor TURKIX-RS-6 peer-group
     neighbor TURKIX-RS-6 remote-as 60850
     neighbor TURKIX-RS-6 version 4
     neighbor TURKIX-RS-6 transport connection-mode active
    
     neighbor 185.0.26.100 peer-group TURKIX-RS
     neighbor 185.0.26.100 description rs1.turkix.com.tr
     neighbor 185.0.26.200 peer-group TURKIX-RS
     neighbor 185.0.26.200 description rs2.turkix.com.tr
     neighbor 2001:7f8:146::6:0850:100 peer-group TURKIX-RS-6
     neighbor 2001:7f8:146::6:0850:100 description rs1.turkix.com.tr
     neighbor 2001:7f8:146::6:0850:200 peer-group TURKIX-RS-6
     neighbor 2001:7f8:146::6:0850:200 description rs2.turkix.com.tr
    !
      address-family ipv4
      neighbor TURKIX-RS activate
      neighbor TURKIX-RS next-hop-self
      neighbor TURKIX-RS soft-reconfiguration inbound
      neighbor TURKIX-RS route-map TO-TURKIX-RS out
      no auto-summary
      no synchronization
      neighbor 185.0.26.100 peer-group TURKIX-RS
      neighbor 185.0.26.200 peer-group TURKIX-RS
      network 192.168.100.0 mask 255.255.255.0
      network 192.168.101.0 mask 255.255.255.0
     exit-address-family
    !
      address-family ipv6
      neighbor TURKIX-RS-6 activate
      neighbor TURKIX-RS-6 next-hop-self
      neighbor TURKIX-RS-6 soft-reconfiguration inbound
      neighbor TURKIX-RS-6 route-map TO-TURKIX-RS out
      neighbor 2001:7f8:146::6:0850:100 peer-group TURKIX-RS-6
      neighbor 2001:7f8:146::6:0850:200 peer-group TURKIX-RS-6
    
      network 2001:DB8:10::/64
      network 2001:DB8:11::/64
      network 2001:DB8:12::/64
     exit-address-family
    !
    ip prefix-list TO-TURKIX-RS seq 10 permit 192.168.100.0/24
    ip prefix-list TO-TURKIX-RS seq 20 permit 192.168.101.0/24
    !
    ipv6 prefix-list TO-TURKIX-RS seq 10 permit 2001:DB8:10::/64
    ipv6 prefix-list TO-TURKIX-RS seq 20 permit 2001:DB8:11::/64
    !
    route-map TO-TURKIX-RS permit 10
     match ip address prefix-list TO-TURKIX-RS
    !
    end

    Below is a similar example for Juniper routers:

    [edit]
    user@junix# show protocols bgp
    group IPV4-TURKIX-RS {
      type external;
      description "TurkIX Route Servers";
      family inet {
         unicast;
      }
      export TO-TURKIX-RS;
      peer-as 60850;
      neighbor 185.0.26.100 {
         description rs1.turkix.com.tr;
      }
      neighbor 185.0.26.200 {
         description rs2.turkix.com.tr;
      }
    }
    
    [edit]
    user@junix# show policy-options policy-statement TO-TURKIX-RS
    term unicast-export {
      from {
         rib inet.0;
         prefix-list to-turkix-announce;
      }
      then accept;
    }
    term end {
      then reject;
    }
    
    [edit]
    user@junix# show policy-options prefix-list to-dpeed-ix-announce
    192.168.110.0/24;

    Below is a similar example for Huawei routers:

    bgp your-asn
     undo check-first-as
     group TURKIX-RS external
     peer TURKIX-RS as-number 60850
     peer TURKIX-RS description *** TurkIX Route Servers ***
     peer 185.0.26.100 as-number 60850
     peer 185.0.26.100 group TURKIX-RS
     peer 185.0.26.200 as-number 60850
     peer 185.0.26.200 group TURKIX-RS
     peer 2001:7f8:146::6:0850:100 as-number 60850
     peer 2001:7f8:146::6:0850:100 group TURKIX-RS
     peer 2001:7f8:146::6:0850:200 as-number 60850
     peer 2001:7f8:146::6:0850:200 group TURKIX-RS
     #
     ipv4-family unicast
      network 192.168.100.0 255.255.255.0   
      network 192.168.101.0 255.255.255.0   
      peer TURKIX-RS enable
      peer TURKIX-RS route-policy EBGP_TurkIX_OUT export
      peer TURKIX-RS advertise-community both
      peer TURKIX-RS advertise-ext-community both
      peer 185.0.26.100 enable
      peer 185.0.26.100 group TURKIX-RS
      peer 185.0.26.200 enable
      peer 185.0.26.200 group TURKIX-RS
     #
     ipv6-family unicast 
      network 2001:DB8:10:: 64   
      network 2001:DB8:11:: 64
      network 2001:DB8:12:: 64
      peer TURKIX-RS enable
      peer TURKIX-RS route-policy 6EBGP_TurkIX_OUT export
      peer TURKIX-RS advertise-community both
      peer TURKIX-RS advertise-ext-community both
      peer 2001:7f8:146::6:0850:100 enable
      peer 2001:7f8:146::6:0850:100 group TURKIX-RS
      peer 2001:7f8:146::6:0850:200 enable
      peer 2001:7f8:146::6:0850:200 group TURKIX-RS
    #
    route-policy EBGP_TurkIX_OUT permit node 10
     if-match ip-prefix TO-TURKIX-RS
    #
    route-policy 6EBGP_TurkIX_OUT permit node 10
     if-match ipv6 address prefix-list 6TO-TURKIX-RS
    # 
    ip prefix-list TO-TURKIX-RS index 20 permit 192.168.100.0 24
    ip prefix-list TO-TURKIX-RS index 30 permit 192.168.101.0 24
    #
    ip ipv6-prefix 6TO-TURKIX-RS index 10 permit 2001:DB8:10:: 64
    ip ipv6-prefix 6TO-TURKIX-RS index 20 permit 2001:DB8:11:: 64
    #
    commit