Action 1: Filtering of Route Announcements
NAPAfrica route servers perform filtering and validation in the following sequence:1. Drop prefixes that are too long (/25-/32 for v4 and /49-/128 for v6)
2. Drop prefixes considered as martians/bogons
3. Drop prefixes where the AS path length is too short
4. Drop prefixes where the first AS in the path is not the peer AS
5. Drop prefixes with well known transit AS numbers in the path
6. Drop prefixes where the AS path is too long
7. RPKI Route Origin Validation – Drop invalid prefixes, Accept valid prefixes. RPKI unknowns will be subject to IRR filtering
Action 2-1: Offer assistance to its members to maintain accurate routing information in an appropriate repository (IRR and/or RPKI)
NAPAfrica encourages routing hygiene. During the onboarding process, new members are given guidance on creating IRR records, RPKI ROA, and are encouraged to register with peeringdb.com.Some of these are mandatory for peering with the NAPAfrica route servers.
Action 2-3: Indicate MANRS participation on the member list and the website
The NAPAfrica member list, including MANRS status can be found at the following places:
1. http://ix.nap.africa/customer/details
2. https://www.napafrica.net/who-is-peering/
Action 2-4: Provide incentives linked to MANRS readiness
NAPAfrica encourages knowledge sharing in partnership with Teraco's quarterly "Tech-Days" training events, where industry experts cover routing best practices.
Action 3: Protect the peering platform
All NAPAfrica peering ports have the following applied by default:
1. Port security only allows 1 MAC address per peering port. Exceptions will cause the port to be errdisabled for 5 minutes before reset.
2. IP access-list, which drops undesired traffic, including, but not limited to OSPF, MNDP, DHCP, etc.
3. IPv6 access-list, which drops undesired traffic, including, but not limited to IPv6 RA, OSPF, MNDP, etc.
4. MAC access-list, which drops undesired traffic, including, but not limited to STP, discovery protocols, MPLS, OAM, etc.
Action 4: Facilitate global operational communication and coordination between network operators
All NAPAfrica members are required to provide a valid e-mail address for the NAPAfrica mailing list ([email protected]).
NAPAfrica also provides the opportunity for members to create accounts on NAPAfrica's implementation of IXPManager (https://ix.nap.africa).
NAPAfrica requires that networks are registered on peeringdb.com with valid contact information, as these records are used to populate accounts on ix.nap.africa.
Action 5: Provide monitoring and debugging tools to the members
NAPAfrica has a public looking glass service for our route servers: http://ix.nap.africa/lg