Physical connection

TurkIX offers the following physical connection possibilities:

1 / 10Gb SFP / SFP + (SR / LR / ER / ZR);

100/1000/10000 Mb (10GBaseT) RJ45;

40Gb QSFP + with SR4 / LR4;

100Gb QSFP28 + with SR4 / LR4;

Ethertypes and MAC addresses allowed

Only one MAC address per port connected to TurkIX peering VLAN is allowed.
The expected Ethernet frame types are as follows:

0x0800 – IPv4

0x0806 – ARP

0x86dd – IPv6

Allowed Traffic

The following protocols are allowed at the data link level:

ARP

IPv6 ND

Traffic must be restricted to unicast traffic with the exception of ARP broadcast packets and IPv6ND multicast packets

Members should not send any link-local and other unauthorized protocol traffic to the ports, such as the following:

Proxy ARP

ICMP redirects

IEEE 802 Spanning Tree

Proprietary protocols from different manufacturers, especially discovery:

Discovery protocols: CDP, EDP, MDP

VLAN / trunking protocols: VTP, DTP

Internal routing protocol broadcasts (e.g. OSPF, ISIS, IGRP, EIGRP)

BOOTP/DHCP

ICMPv6 ND-RA

Interface configurations:

We recommend the following interface configurations for routers based on CISCO configurations:

no ip redirects
no ip proxy-arp
no ip directed-broadcast
no mop enabled
no cdp enable
udld port disable
no keepalive

For IPv6:

no ipv6 redirects
ipv6 nd suppressor

Prefix filtering

TurkIX route servers drop prefixes for the following reasons:

PREFIX LENGTH TOO LONG – the prefix length is longer than /24 for IPv4 prefixes and /48 for IPv6 prefix
BOGON – prefix is bogon (see IPv4 bogons lists / IPv6 bogons list below)
AS PATH TOO LONG – as-path with more than 64 AS numbers
AS PATH TOO SHORT – must have at least one AS number in the as-path
FIRST AS NOT PEER AS – first AS number in the as-path must be peer AS number
NEXT HOP NOT PEER IP – next-hop IP address must be one of the member’s peer IP addresses
IRRDB PREFIX FILTERED – no IRR record for prefix found
IRRDB ORIGIN AS FILTERED – origin AS number is not included in as-set
TRANSIT FREE ASN – AS number of known transit network is present in the as-path (see list below)

IPv4 bogons list:

0.0.0.0/32 – Special Use IPv4 Addresses
0.0.0.0/0 ge 25 le 32 – Filter small prefixes
0.0.0.0/0 ge 7 – Requirements for Internet Hosts — Communication Layers 3.2.1.3
10.0.0.0/8 le 32 – Address Allocation for Private Internets
100.64.0.0/10 le 32 – IANA-Reserved IPv4 Prefix for Shared Address Space
127.0.0.0/8 le 32 – Requirements for Internet Hosts — Communication Layers 3.2.1.3
169.254.0.0/16 le 32 – Dynamic Configuration of IPv4 Link-Local Addresses
172.16.0.0/12 le 32 – Address Allocation for Private Internets
192.0.0.0/24 le 32 – Special-Purpose Address Registries
192.0.2.0/24 le 32 – IPv4 Address Blocks Reserved for Documentation
192.168.0.0/16 le 32 – Address Allocation for Private Internets
198.18.0.0/15 le 32 – Benchmarking Methodology for Network Interconnect Devices
198.51.100.0/24 le 32 – IPv4 Address Blocks Reserved for Documentation
203.0.113.0/24 le 32 – IPv4 Address Blocks Reserved for Documentation
224.0.0.0/4 le 32 – Host Extensions for IP Multicasting
240.0.0.0/4 le 32 – Special-Purpose Address Registries

IPv6 bogons list:

::/0 – Default
::/96 – IPv4-compatible IPv6 address – deprecated by RFC4291
::/128 – Unspecified address
::1/128 – Local host loopback address
::ffff:0.0.0.0/96 le 128 – IPv4-mapped addresses
::224.0.0.0/100 le 128 – Compatible address (IPv4 format)
::127.0.0.0/104 le 128 – Compatible address (IPv4 format)
::0.0.0.0/104 le 128 – Compatible address (IPv4 format)
::255.0.0.0/104 le 128 – Compatible address (IPv4 format)
0000::/8 le 128 – Pool used for unspecified, loopback and embedded IPv4 addresses
0200::/7 le 128 – OSI NSAP-mapped prefix set (RFC4548) – deprecated by RFC4048
3ffe::/16 le 128 – Former 6bone, now decommissioned
2001:db8::/32 le 128 – Reserved by IANA for special purposes and documentation
2002:e000::/20 le 128 – Invalid 6to4 packets (IPv4 multicast)
2002:7f00::/24 le 128 – Invalid 6to4 packets (IPv4 loopback)
2002:0000::/24 le 128 – Invalid 6to4 packets (IPv4 default)
2002:ff00::/24 le 128 – Invalid 6to4 packets
2002:0a00::/24 le 128 – Invalid 6to4 packets (IPv4 private 10.0.0.0/8 network)
2002:ac10::/28 le 128 – Invalid 6to4 packets (IPv4 private 172.16.0.0/12 network)
2002:c0a8::/32 le 128 – Invalid 6to4 packets (IPv4 private 192.168.0.0/16 network)
fc00::/7 le 128 – Unicast Unique Local Addresses (ULA) – RFC 4193
fe80::/10 le 128 – Link-local Unicast
fec0::/10 le 128 – Site-local Unicast – deprecated by RFC 3879 (replaced by ULA)
ff00::/8 le 128 – Multicast
::/0 ge 49 le 128 – Filter small prefixes

Known transit networks:

AS174 – Cogent
AS209 – Qwest (HE carries this on IXPs IPv6 (Jul 12 2018))
AS701 – UUNET
AS702 – UUNET
AS1239 – Sprint
AS1299 – Telia
AS2914 – NTT Communications
AS3257 – GTT Backbone
AS3320 – Deutsche Telekom AG (DTAG)
AS3356 – Level3
AS3549 – Level3
AS3561 – Savvis / CenturyLink
AS4134 – Chinanet
AS5511 – Orange opentransit
AS6453 – Tata Communications
AS6762 – Seabone / Telecom Italia
AS7018 – AT&T

BGP peering connection

Addressing TurkIX

The IPv4 and IPv6 addressing space assigned to TurkIX should not be advertised outside the TurkIX infrastructure.

BGP TurkIX
ASn: 60850
IRR Record: AS60850:AS-TURKIX

TurkIX RS1
IPv4: 185.0.26.100
IPv6: 2001:7f8:146::6:0850:100

TurkIX RS2
IPv4: 185.0.26.200
IPv6: 2001:7f8:146::6:0850:200

Note: you need to disable the first-as-check mechanism on your BGP router (most vendors have it enabled by default) as the route server does not insert its own AS number into the as-path attribute of prefix announcements (equivalent Cisco command “no bgp enforce-first-as“).

Below follows a sample configuration for Cisco routers to announce a prefix to the route servers:

!
router bgp your-asn
 bgp always-compare-med
 no bgp enforce-first-as
 bgp log-neighbor-changes
 neighbor TURKIX-RS peer-group
 neighbor TURKIX-RS remote-as 60850
 neighbor TURKIX-RS version 4
 neighbor TURKIX-RS transport connection-mode active

 neighbor TURKIX-RS-6 peer-group
 neighbor TURKIX-RS-6 remote-as 60850
 neighbor TURKIX-RS-6 version 4
 neighbor TURKIX-RS-6 transport connection-mode active

 neighbor 185.0.26.100 peer-group TURKIX-RS
 neighbor 185.0.26.100 description rs1.turkix.com.tr
 neighbor 185.0.26.200 peer-group TURKIX-RS
 neighbor 185.0.26.200 description rs2.turkix.com.tr
 neighbor 2001:7f8:146::6:0850:100 peer-group TURKIX-RS-6
 neighbor 2001:7f8:146::6:0850:100 description rs1.turkix.com.tr
 neighbor 2001:7f8:146::6:0850:200 peer-group TURKIX-RS-6
 neighbor 2001:7f8:146::6:0850:200 description rs2.turkix.com.tr
!
  address-family ipv4
  neighbor TURKIX-RS activate
  neighbor TURKIX-RS next-hop-self
  neighbor TURKIX-RS soft-reconfiguration inbound
  neighbor TURKIX-RS route-map TO-TURKIX-RS out
  no auto-summary
  no synchronization
  neighbor 185.0.26.100 peer-group TURKIX-RS
  neighbor 185.0.26.200 peer-group TURKIX-RS
  network 192.168.100.0 mask 255.255.255.0
  network 192.168.101.0 mask 255.255.255.0
 exit-address-family
!
  address-family ipv6
  neighbor TURKIX-RS-6 activate
  neighbor TURKIX-RS-6 next-hop-self
  neighbor TURKIX-RS-6 soft-reconfiguration inbound
  neighbor TURKIX-RS-6 route-map TO-TURKIX-RS out
  neighbor 2001:7f8:146::6:0850:100 peer-group TURKIX-RS-6
  neighbor 2001:7f8:146::6:0850:200 peer-group TURKIX-RS-6

  network 2001:DB8:10::/64
  network 2001:DB8:11::/64
  network 2001:DB8:12::/64
 exit-address-family
!
ip prefix-list TO-TURKIX-RS seq 10 permit 192.168.100.0/24
ip prefix-list TO-TURKIX-RS seq 20 permit 192.168.101.0/24
!
ipv6 prefix-list TO-TURKIX-RS seq 10 permit 2001:DB8:10::/64
ipv6 prefix-list TO-TURKIX-RS seq 20 permit 2001:DB8:11::/64
!
route-map TO-TURKIX-RS permit 10
 match ip address prefix-list TO-TURKIX-RS
!
end

Below is a similar example for Juniper routers:

[edit]
user@junix# show protocols bgp
group IPV4-TURKIX-RS {
  type external;
  description "TurkIX Route Servers";
  family inet {
     unicast;
  }
  export TO-TURKIX-RS;
  peer-as 60850;
  neighbor 185.0.26.100 {
     description rs1.turkix.com.tr;
  }
  neighbor 185.0.26.200 {
     description rs2.turkix.com.tr;
  }
}

[edit]
user@junix# show policy-options policy-statement TO-TURKIX-RS
term unicast-export {
  from {
     rib inet.0;
     prefix-list to-turkix-announce;
  }
  then accept;
}
term end {
  then reject;
}

[edit]
user@junix# show policy-options prefix-list to-dpeed-ix-announce
192.168.110.0/24;

Below is a similar example for Huawei routers:

bgp your-asn
 undo check-first-as
 group TURKIX-RS external
 peer TURKIX-RS as-number 60850
 peer TURKIX-RS description *** TurkIX Route Servers ***
 peer 185.0.26.100 as-number 60850
 peer 185.0.26.100 group TURKIX-RS
 peer 185.0.26.200 as-number 60850
 peer 185.0.26.200 group TURKIX-RS
 peer 2001:7f8:146::6:0850:100 as-number 60850
 peer 2001:7f8:146::6:0850:100 group TURKIX-RS
 peer 2001:7f8:146::6:0850:200 as-number 60850
 peer 2001:7f8:146::6:0850:200 group TURKIX-RS
 #
 ipv4-family unicast
  network 192.168.100.0 255.255.255.0   
  network 192.168.101.0 255.255.255.0   
  peer TURKIX-RS enable
  peer TURKIX-RS route-policy EBGP_TurkIX_OUT export
  peer TURKIX-RS advertise-community both
  peer TURKIX-RS advertise-ext-community both
  peer 185.0.26.100 enable
  peer 185.0.26.100 group TURKIX-RS
  peer 185.0.26.200 enable
  peer 185.0.26.200 group TURKIX-RS
 #
 ipv6-family unicast 
  network 2001:DB8:10:: 64   
  network 2001:DB8:11:: 64
  network 2001:DB8:12:: 64
  peer TURKIX-RS enable
  peer TURKIX-RS route-policy 6EBGP_TurkIX_OUT export
  peer TURKIX-RS advertise-community both
  peer TURKIX-RS advertise-ext-community both
  peer 2001:7f8:146::6:0850:100 enable
  peer 2001:7f8:146::6:0850:100 group TURKIX-RS
  peer 2001:7f8:146::6:0850:200 enable
  peer 2001:7f8:146::6:0850:200 group TURKIX-RS
#
route-policy EBGP_TurkIX_OUT permit node 10
 if-match ip-prefix TO-TURKIX-RS
#
route-policy 6EBGP_TurkIX_OUT permit node 10
 if-match ipv6 address prefix-list 6TO-TURKIX-RS
# 
ip prefix-list TO-TURKIX-RS index 20 permit 192.168.100.0 24
ip prefix-list TO-TURKIX-RS index 30 permit 192.168.101.0 24
#
ip ipv6-prefix 6TO-TURKIX-RS index 10 permit 2001:DB8:10:: 64
ip ipv6-prefix 6TO-TURKIX-RS index 20 permit 2001:DB8:11:: 64
#
commit