BGP Cookbook for Connecting to AIXP Exchanges


  • Public Autonomous System Number (ASN) as issued by ARIN. See the application form at
  • Edge router capable of running BGP4+. The memory requirements for peering with our exchanges are moderate since there are fewer than 200,000 routes. However peering with an ISP may require handling almost 1,000,000 IPv4 routes and can be a memory hog if you do not use default routing. If you need more info, please ask.

Router Config

This router configuration is for Cisco. It can be adapted for JunOS, Quagga, BIRD, and others. Fields that are in red italics are ones that must be customized for each client and each exchange. Fields that are in blue italics are typical for peering at HFXIX, but must be updated for peering at our other exchanges.

Configure your router port. The actual IP addresses will be assigned to you by AIXP. The lines that start “ipv6 nd” are there to make sure the router port does not advertise itself to IXP peers with IPv6 autoconfig router advertisements. Different router models may use slightly different syntax (e.g. “ipv6 nd prefix default no-advertise” and “ipv6 nd ra suppress”).

interface Gigx/x
 description HFXIX peering
 ip address 206.130.15.x
 ipv6 address 2001:504:37:10::xxx/64
 ipv6 nd prefix default no-autoconfig no-rtr-address
 ipv6 nd suppress-ra

Define a filter list called “My_IPv4_routes_out” (or whatever you want to call it) for locally sourced IPv4 routes, and do the same for IPv6. This is a useful filter for all your BGP peers since it prevents accidentally advertising one to the other and making you a transit between them.

ip prefix-list My_IPv4_routes_out description Outbound IPv4 routes filter list
ip prefix-list My_IPv4_routes_out permit
ipv6 prefix-list My_IPv6_routes_out description Outbound IPv6 routes filter list
ipv6 prefix-list My_IPv6_routes_out permit 2001:DB8:10::/48

Start the BGP configuration by identifying your own ASN. Both 16 bit and 32 bit ASNs are usable. An IXP such as HFXIX will not add its own ASN to BGP announcements, so the second line is required for the IXP announcements to be accepted.

router bgp 123456
no bgp enforce-first-as

Define the neighbors and set a password. The IP numbers and password in this example have to be coordinated with AIXP technical staff.

neighbor remote-as 13770
neighbor description >>HFXIX RS1<<
neighbor password password
neighbor remote-as 13770
neighbor description >>HFXIX RS2<<
neighbor password password

Same thing for IPv6.

neighbor 2001:504:37:10::20 remote-as 13770
neighbor 2001:504:37:10::20 description >>HFXIX RS1<<
neighbor 2001:504:37:10::20 password password
neighbor 2001:504:37:10::30 remote-as13770
neighbor 2001:504:37:10::30 description >>HFXIX RS2<<
neighbor 2001:504:37:10::30 password password

Still working under the “router bgp” clause, activate the IPv4 protocol and apply the prefix filter. The sample route map “HFXIX_community_out” and the filter-list “55” are also used to control route distribution (see “Filter ISP Routes” below).

Some peers may have their own policy about exchanging traffic with you via our exchange. You can control whether you exchange BGP routes with them, in accordance with their policies, with the statements in green italics in this and the following sections.

address-family ipv4
 neighbor activate
 neighbor send-community
 neighbor soft-reconfiguration inbound
 neighbor route-map HFXIX_community_out out
 neighbor filter-list 55 in
 neighbor prefix-list My_IPv4_routes_out out
 neighbor activate
 neighbor soft-reconfiguration inbound
 neighbor send-community
 neighbor route-map HFXIX_community_out out
 neighbor filter-list 55 in
 neighbor prefix-list My_IPv4_routes_out out

…and activate the IPv6 sessions

address-family ipv6
 neighbor 2001:504:37:10::20 activate
 neighbor 2001:504:37:10::20 send-community
 neighbor 2001:504:37:10::20 soft-reconfiguration inbound
 neighbor 2001:504:37:10::20 route-map HFXIX_community_out out
 neighbor 2001:504:37:10::20 filter-list 55 in
 neighbor 2001:504:37:10::20 prefix-list My_IPv6_routes_out out
 neighbor 2001:504:37:10::30 activate
 neighbor 2001:504:37:10::30 send-community
 neighbor 2001:504:37:10::30 soft-reconfiguration inbound
 neighbor 2001:504:37:10::30 route-map HFXIX_community_out out
 neighbor 2001:504:37:10::30 filter-list 55 in
 neighbor 2001:504:37:10::30 prefix-list My_IPv6_routes_out out
Filter ISP Routes

Configurations from here down are optional depending on your arrangements with other peers.

You may not want to peer with everyone via this connection, and they may not want you to either. AIXP can provide other mechanisms to easily set up custom peering. Statements in green italics in this and the previous sections will do the filtering.

Add a community string to your advertisements to prevent them from being sent to your ISP. For the sake of this example we have assumed you wish to have custom peering with two others at the exchange with AS numbers 999 and 12345. This community string says “do not advertise me to ASN 999 or ASN 12345, but do advertise me to everyone else”. See

ip bgp-community new-format
route-map HFXIX_community_out permit 10
 set community 0:999
 set community 0:12345
 set community 13770:13770

You may also want to filter out incoming routes from those networks. In that case you should filter all incoming routes that have their ASN as the first entry. We do that by defining an as-path access list that matches the other network’s ASN as the first entry using a regular expression (regexp). The regexp in the example below says “filter out any AS path that starts with ASN 999 (note: not 9990 or 99923 etc.) or ASN 12345 and may include zero or more ASNs after that, but allow all others”.

For information on regular expressions, especially as they apply to BGP strings, see

ip as-path access-list 55 deny ^999_
ip as-path access-list 55 deny ^12345_
ip as-path access-list 55 permit .*