Connecting to a busy IXP can be of great benefit to network operators, especially for smaller or non-major networks. They can provide a good mix of traffic and content types, a neutral environment in many cases, and the ability to save operators money by keeping local traffic local. But an IXP is not a magic wand. Before they can achieve the critical mass of participants needed to deliver on their promise, IXPs must overcome a number of challenges.
Competition from alternative services such as private peering and the declining cost of transit services has long been present. Recently, though, the number of content caches being deployed inside access networks has increased, which can also impact the appeal of connecting to an IXP.
Besides the competition from alternative services, IXP operators must be able to mitigate technical vulnerabilities that sharing a switch among multiple users presents, such as shared buffers, flooding, and customers leaving Proxy ARP enabled!
There are also physical security vulnerabilities to consider. Since IXPs’ locations are known, they are potentially a target, so measures must be taken to protect things like lead-ins and manholes outside of the data centre.
In addition to all this, IXP operators should be considering their approach to scaling an IXP across multiple switches ahead of time, since there is no one-size-fits-all architecture.
At the upcoming TWNOG 3.0 in Taipei, Taiwan, APNIC’s Infrastructure and Development Director, Che-Hoo Cheng, will be talking about these challenges and more, and sharing his experience of establishing and operating an IXP. He will discuss different models for running an IXP, and provide a series of possible steps that a new IXP may want to consider when starting out. Che-Hoo will also share his suggestions on the way forward forward for IXPs.
APNIC’s Services Director, George Kuo will also present at the TWNOG meeting, in the New Technology session, introducing the local community to some of APNIC’s new information products. These products are supported by APNIC’s new product management framework, which was implemented in order to better address Member challenges and help serve the greater Internet community.
Some of the APNIC products George will discuss include:
- Internet Directory, which provides a dynamic visual representation based on APNIC’s daily-generated statistics. It provides quick access to information about IPv4, IPv6 and ASN delegation and usage. The charts are able to be broken down by subregion or economy, and can be downloaded or embedded in webpages.
- Dashboard for Autonomous System Health (DASH), which leverages the APNIC Community Honeynet Project to allow users to see if any malicious traffic is originating from prefixes they manage. This information allows them to mitigate attacks and prevent them in the future. Currently in the MVP (Minimum Viable Product) phase, the tool detects SSH attacks and will expand to cover other attack types in the future.
- Network Operators ToolbOX (NetOX). Developed in collaboration with the RIPE NCC, NetOX provides whois, routing status and history, and reverse DNS information to users through a single web interface. NetOX is also an MVP.
In addition to the Networking and IX and New Technology sessions, TWNOG 3.0 will focus on cloud computing and network security. The Cloud Computing session will include speakers representing international heavyweights AWS, Google and Cisco, who will discuss load balancing, multi-cloud environments and connecting cloud workloads.
The Network Security session will emphasize preventative action through responsible routing practices, such as BGP filtering best practice (Cloudflare) and MANRS (ISOC). These presentation topics are particularly timely in the wake of the recent Quad101 hijack.
TWNOG 3.0 will take place in at NTUH International Convention Center in Taipei on 21 June 2019. For more information, head to the TWNOG web page.
Contributor: Che-Hoo Cheng
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.