Terms Of Services

The general rules of BGP.Exchange you have to obey by.

By registering and using BGP.Exchange services you accept our terms of service.
Any repeated violation against our Terms Of Services (ToS) will cause in a permanently deactivation (ban) of your account and services.

General BGP.Exchange Rules

• We can reject any request or any service at any time without any warning.
• We can cancel any service at any time without any warning.
• We can throttle your bandwidth at any time.
• We can nullroute your advertised prefixes at any time without any warning.
• Any kind of spam, ddos, attacks, scanning, scrapping,.. and all activities that are not allowed within the country of connection or any violations will result in (temporary) cancellation without any warning.
• Any filesharing like illegal bittorents or similar are not allowed. Any detection of this usage will cause termination of all services and a restriction of the account.
• You cannot use that service if you running a business or service which is often a target of ddos attacks. Repeated targets will result in (temporary) cancellation without any warning.
• We do flow spec analyzing to prevent incoming or outgoing ddos attacks.
• Incomming ddos attacks causing a deactivation of your bgp sessions or a nullrouting.
• This is a free best effort service. We have no service levels or guarantees.
• We doing strict IRR and RPKI filtering.
• You have to activate your bgp sessions within 7 days after you got your configuration details or the session will be automaticly deleted.
• You have to ensure that bgp sessions are up, a downtime of more than 14 days without prior notification will cause a service deactivation.
• Our service is designed to deliver up to minimal 100mbit throughput often more depending on location.
• We are open for donations and sponsorships, if you would like to support or extend our services feel free to contact us.
• Using of hijacked ASNs or IP prefixes will cause in a permanent ban and notification of other platforms regarding used ASN, your ASN will be blacklisted forever.
• Re-advertising BGP.Exchange peering prefixes is bad and not permitted, this will result in (temporary) cancellation without any warning.
• Re-advertising BGP.Exchange services prefixes is only allowed by specific partners and not permitted by anyone else, this will result in (temporary) cancellation without any warning.

Peers must comply with the following policies

• A publicly routable ASN.
• Publicly routable address space.
• ASN record completed in PeeringDB.
• Minimal 8x5 NOC contact capable of resolving BGP routing issues.
• Ability to do the BGP between peers (and ideally the route servers, but optional)
• Peer contact information must be provided to help enable a response in the event of any issues that may impact the IX itself or other Peers

Allowed Traffic

To ensure smooth operation of the BGP.Exchange infrastructure and tunnel nodes we impose restrictions on what kind of traffic is allowed on the network. Below is a summary of some of the restrictions that are enforced on the network.

Please assume all others types/protocols not mentioned here are a no-no.
BGP.Exchange reserves the right to disable ports or remove tunnels that violate the Terms Of Services.

Allow Traffic Types

Ethernet types:

• 0x800 - IPv4
• 0x806 - ARP
• 0x86DD - IPv6

Mac Security

Layer 2 MAC filtering is implemented at BGP.Exchange to help prevent unauthorised traffic from entering the exchange, each peering port/bundle is restricted to a single MAC address.

No Proxy ARP

Unicast only (except for broadcast ARP and Neighbour Discovery/IPv6 Things)

No link-local Traffic

Traffic related to link-local protocols shall not be forwarded to the BGP.Exchange network.

Link-local protocls include, but are not limited to the following list:

• IRDP
• ICMP redirects
• IEEE 802 Spanning Tree
• Vendor proprietary protocols. These include, but are not limited to:
• Discovery protocols: CDP, EDP, MNDP, LLDP, etc.
• VLAN/trunking protocols: VTP, DTP
• Interior routing protocol broadcasts (e.g. OSPF, ISIS, IGRP, EIGRP)
• BOOTP/DHCP
• PIM-SM
• PIM-DM
• DVMRP
• ICMPv6 ND-RA
• UDLD
• L2 Keepalives
• Maintenance Operation Protocol (MOP)

The following protocols are fine:

• ARP
• IPv6 ND

Port Security

Network Loops

The greatest danger to any Ethernet network consists of network loops, unless countermeasures are taken, a loop will instantly bring down any layer 2 network. For example broadcast frames are looped back to the network, creating duplicates and loading the cpu's of all connected equipment. This in turn, can lead to a self-sustaining broadcast storm as each broadcast frame is received on all other ports on the network and sent out once again.

Mitigation

BGP.Exchange uses different technologies to combat network loops, layer 2 access control lists. These features should limit the amount of MAC addresses that can be learned behind a port and drops frames with any other source MAC address than the original configured one(s).

Implementation

BGP.Exchange allows for connecting one (1) router to a port or tunnel, Only the peer/member MAC address is allowed on the port, no frames with different source MAC addresses are allowed to enter the network. Layer 2 ACL's prevent several potentially crippling network loops affecting the network.

MAC Address Changes

If a MAC address change is needed, please be adviced that you can replace the existing one or even temporarily add a second MAC address via our portal. We recommend you do that a few hours in advance so the layer 2 ACL's can be updated in time. Should you need any assistance or have problems, you can contact BGP.Exchange by support email or to create a ticket.

Port Flapping

Additionally to port layer 2 ACL's BGP.Exchange also implements port flapping detection on all peer/member interfaces. If a interface transitions from an up to a down state and back more then three (3) times in five (5) seconds, then the interface will be disabled. After sixty (60) seconds the interface will be automaticly re-enabled, if this happens multiple times the interface will be disabled for one (1) hour.

Application Layer

Using application layer protocols to unleash malicious attacks against other BGP.Exchange peers over the network is forbidden. BGP.Exchange reserves the right to disable members ports or tunnels in case of complaints of attacks/abuse originating from such peers.

The follwing list includes, but not limited to some very well-known attacks we do not allow:

• BGP hijacking
• DNS amplification/flood
• HTTP flood
• NTP amplification
• UDP flood
• ICMP flood
• Simple Service Discovery Protocol (SSDP)

Report Abuse

Please get in touch to file a complaint proving information about:

• Timestamp of the event.
• Type of the event.
• The related prefixes/asn.
• Involved peers/members/3th parties.
• Other relevant information about the event/abuse.

This information typically can be found in (but is not limited to) router logs, syslog servers, packet captures, BGP monitoring services. BGP.Exchange will investigate the complained and take appropriate action.