If you want to advertise prefixes from another network (ASN) to your embedded OCA(s), you should first ensure that you have created an AS-SET in your internet routing registry (IRR) record that includes the ASN(s) that are associated with those prefixes.
Note: In addition to the AS-SET record, you will also need to create an "aut-num" object (routing record) that describes the routing policies for your ASN. Both records (AS-SET and aut-num) must have the same "mnt-by" handler (also known in some internet registries as the "admin-c") so that our systems can recognize and associate them.
Important: We will flag and filter any prefixes advertised to your OCAs from an ASN that you do not own or have not properly documented in an AS-SET hierarchy.
What is the benefit of using an AS-SET?
AS-SETs provide a mechanism for publicly documenting a customer relationship between autonomous systems (ASNs). By creating an AS-SET with a members attribute that includes each network (ASN) with which you have an established relationship (transit, peering, and so on), you can formally document the networks that are authorized and expected to be served from your OCA(s). As a result, Netflix will receive an unambiguous signal that all prefixes associated with the ASNs in your AS-SET are not leaked routes, but fully authorized and expected.
This will prevent us from erroneously filtering potentially leaked routes.
For more information on the importance and benefits of using AS-SETs, see this article: https://www.manrs.org/2022/12/why-network-operators-should-use-hierarchical-as-sets/
How can I verify that my AS-SET is set up correctly?
To verify that your AS-SET is correctly defined, you can run a query via RADb.
How can I tell which of my advertised prefixes are being flagged or filtered?
Use the Discover Unregistered Routes report and the View Filtered Routes report in the Partner Portal Route Optimizer to identify the prefixes that we are flagging, and prefixes that we are filtering. Currently, we will open a ticket to you if we flag any unregistered (potentially leaked) routes, and we will begin filtering them 30 days later if the problem persists.
What if I have a downstream customer, and they also have downstream customers?
In this case, you should add a reference to your downstream customer's AS-SET in your AS-SET. Their AS-SET should in turn list all of the downstream ASNs that they have a relationship with.
Isn't my peeringDB record sufficient to document my network relationships? Do I really need to create an AS-SET?
PeeringDB stores information about peering relationships, and we do use peeringDB as a source to determine ASN ownership of prefixes. However, it is not sufficient as a single data source. We use registered AS-SET hierarchies to verify relationships between ASNs.
For more information about AS-SETs, see these additional resources: