TATA Communications Customer BGP Filter Update Policy for IP Transit

Basic Requirements

Mandatory Requirements

1. Customer must own an ASN (Autonomous System Number) and we validate the ownership by checking the proper registration of this ASN in the Routing Registries. Valid aut-num object is mandatory. See APNIC, RIPE or your RIR site for the syntax details.

aut-num: AS64511
as-name: ISP-C
descr: Company AS number
descr: Cityname
<-omitted->
mnt-by:     MAINT-COMPANY
changed:    ipadmin@example.com 20381228
source:     RIR

2. The customer must register "route" objects for all his IP blocks with a proper "origin" or the customer must register "ROA" objects for all his IP blocks with a proper ASN. Multiple "route" objects per IP block are allowed. Multiple "ROA" objects per IP block are allowed. "ROA" objects have higher precedence than "route" objects.

route: 203.0.113.0/24
descr: Test
origin: AS64511
mnt-by: MAINT-COMPANY
changed: ipadmin@example.com 20381228
source: RIR

For the "route" object see APNIC, ARIN or your RIR site for the syntax details.

For the "ROA" object see RIPE, ARIN, APNIC or your RIR site for the syntax details.

Please note, 'route' and 'route6' must be created in the coresponding authoritative registries - AfriNIC, APNIC, ARIN, LACNIC, RIPE. Objects creation in non-authoritative registries is discouraged and their functionality is not guaranteed.

Steps to be followed by the customer, if the customer is a transit AS

3. Register an AS-SET Object and add in the "members" field all the ASN/AS-SETs that will be transiting through the customer's network INCLUDING his ASN. Preferred AS-SET format is ASNNN:AS-YYYYY

as-set: AS64511:AS-ISPCUST
descr: Description of the as-set
descr: Country
members: AS64511, AS645113, AS64514:AS-CLIENT
members: AS64515:AS-CLIENT, AS64516:AS-CLIENT, ASAS64517
mnt-by: MAINT-COMPANY
changed: ipadmin@example.com 20381228
source: RIR

It is recommended to create an AS-SET in the coresponding to the ASN authoritative registry - AfriNIC, APNIC, ARIN, LACNIC, RIPE. Objects creation in non-authoritative registries is discouraged and their functionality is not guaranteed.

4. Advise Tata Communications (IPServiceDesk@tatacommunications.com) about the new AS-SET creation (Only one AS-SET will be used).

Update Process

Our route filtering engine gets updated regularly from all major routing registries and build the appropriate IP prefix-list and IP as-path access-list and forward it to the appropriate router within 24 hours.

Please note that all the as-set "members" need to have their IP Blocks registered with the correct ASN as "origin" since Tata Communications only accepts announcement for properly registered "route" or "ROA" objects that belong to their customer or their customer's customers. This feature provides our customers with full control on their Tata Communications BGP filters, once an update is done on the RIR database the routers BGP filters will be updated automatically within 24 hours. The customer can add or remove ASN from his as-set, can add or remove "route" or "ROA" objects with no manual intervention on Tata Communications side.

Verification Process

  1. Check "AS-SET" expansion to the ASN list

Install bgpq3

# apt install bgpq3

or visit bgpq3 site for the installation details

$ bgpq3 AS64511:AS-ISPCUST -t -j
{"NN": [
64511,64512,64513
64514,64515
]}

2. Check "route" object

$ whois 193.0.0.0
route:          193.0.0.0/21
descr:          RIPE-NCC
origin:         AS3333
mnt-by:         RIPE-NCC-MNT
created:        1970-01-01T00:00:00Z
last-modified:  2008-09-10T14:27:53Z
source:         RIPE

3. Check "ROA" object https://rpki-validator.ripe.net/roas