1. Customer must own an ASN (Autonomous System Number) and we validate the ownership by checking the proper registration of their ASN in the Routing Registries. Valid aut-num object is mandatory. See APNIC, RIPE or your RIR site for the syntax details.
aut-num: AS64511 as-name: ISP-C descr: Company AS number descr: Cityname <-omitted-> mnt-by: MAINT-COMPANY changed: ipadmin@example.com 20381228 source: RIR
2. The customer must register "ROA" objects or "route" objects for all their IP blocks with a proper origin ASN. Multiple "route" objects per IP block are allowed. Multiple "ROA" objects per IP block are allowed. "ROA" objects have higher precedence than "route" objects.
route: 203.0.113.0/24 descr: Test origin: AS64511 mnt-by: MAINT-COMPANY changed: ipadmin@example.com 20381228 source: RIR
For the "route" object see APNIC, ARIN or your RIR site for the syntax details.
For the "ROA" object see RIPE, ARIN, APNIC, LACNIC or your RIR site for the syntax details.
Please note, 'route' and 'route6' must be created in the corresponding authoritative registry - AfriNIC, APNIC, ARIN, LACNIC, RIPE, NIC.br or IDNIC. Objects creation in non-authoritative registries is not supported.
3. Register an AS-SET Object and add in the "members" field all the ASN/AS-SETs that will be transiting through the customer's network INCLUDING their ASN. Preferred AS-SET format is ASNNN:AS-YYYYY
as-set: AS64511:AS-ISPCUST descr: Description of the as-set descr: Country members: AS64511, AS645113, AS64514:AS-CLIENT members: AS64515:AS-CLIENT, AS64516:AS-CLIENT, ASAS64517 mnt-by: MAINT-COMPANY changed: ipadmin@example.com 20381228 source: RIR
It is recommended to create an AS-SET in the corresponding to the ASN authoritative registry - AfriNIC, APNIC, ARIN, LACNIC, RIPE, RIPE, NIC.br or IDNIC. Objects creation in non-authoritative registries is discouraged and their functionality is not guaranteed.
4. Advise Tata Communications (IPServiceDesk@tatacommunications.com) about the new AS-SET creation (Only one AS-SET will be used).
Please note that 'route' and 'route6' objects created after 2023-Aug-15 in non-authoritative registries like RADB, NTTCOM, ALTDB won't be processed. It is recommended to create RPKI ROA objects instead. In rare cases if that's not possible, 'route' and 'route6' must be created in the authoritative registry - AfriNIC, APNIC, ARIN, LACNIC, RIPE, RIPE, NIC.br or IDNIC.
Our route filtering engine gets updated regularly from all major routing registries and build the appropriate IP prefix-list and IP as-path access-list and forward it to the appropriate router within 24 hours.
Please note that all the as-set "members" must have their IP Blocks registered with the correct ASN as "origin" since Tata Communications only accepts announcement for the properly registered "route" or "ROA" objects that belong to their customer or their customers' customers. This feature provides our customers with full control on their Tata Communications BGP filters, once an update is done on the RIR database the routers BGP filters will be updated automatically within 24 hours. The customer can add or remove ASN from their as-set, can add or remove "route" or "ROA" objects with no manual intervention on Tata Communications side.
Install bgpq3
# apt install bgpq3
or visit bgpq3 site for the installation details
$ bgpq3 AS64511:AS-ISPCUST -t -j
{"NN": [
64511,64512,64513
64514,64515
]}
2. Check "route" object
$ whois 193.0.0.0 route: 193.0.0.0/21 descr: RIPE-NCC origin: AS3333 mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2008-09-10T14:27:53Z source: RIPE
3. Check "ROA" object https://rpki-validator.ripe.net/roas