IXP from scratch: Part 1 — Building a new IXP

By on 9 Dec 2024

Category: Tech matters

Tags: , , , ,

Blog home

Believe it or not, the Internet is still a community project. The Internet is a network of networks and Internet Exchange Points (IXP) are a crucial part of the underlying infrastructure. They facilitate public and local interconnections between networks, which increases resiliency because of higher interconnectivity and reduces delays because of vicinity. They are a place where networks meet technically and non-technically.

In September 2023, we founded the DD-IX Dresden Internet Exchange association with the objective of improving interconnectivity in Dresden, and the region of Saxony, in Germany. Now that we are going into operation, we would like to share how we designed and implemented DD-IX. In this series, we will discuss various technical aspects from the perspective of a small IXP, such as:

  • Network and security design
  • Peering LAN hardening
  • Configuration automation
  • Observability and validation

Before we go into more technical details in the following posts, let’s talk about a few non-technical points, too.

Disclaimer: In this and future posts, we do not argue that our design decisions are perfect or the only way to go, even though we thoroughly thought about them. If you have different opinions or want to share other experiences, we look forward to your comments below.

Keep local traffic local

DD-IX was founded by a grassroots community that believes in the key principle of an IXP: Keep local traffic local. There are various Internet providers and network operators of different sizes in Dresden and the larger region of Saxony. Direct interconnectivity, however, was (or still is) very low. We are dissatisfied that traffic between providers in the city often leaves even the federal state and travels several hundred kilometres, only to be routed, for example, from Berlin or Frankfurt back to Dresden.

In addition to lower latencies, supporting the principle of keeping local traffic local brings another benefit — diversity in the peering infrastructure and, as a consequence, robustness. Local peering facilities operated by independent associations, companies, or other organizations are in contrast to telecommunication providers aiming for consolidation. Having a single point of contact may seem convenient for a customer, especially when you need to span multiple geographical regions, but relying on a single organization fosters monopolies. At DD-IX, we believe in the advantages of diversity.

Being a neutral peering platform

DD-IX is operated by an association registered in Germany whose members are exclusively private individuals. Our Statutes and Code of Conduct ensure that the IXP stays a neutral and independent peering platform. Members of the DD-IX association have voting rights to steer the association.

Peering at DD-IX does not require one to be a member of the association. Our Peering Policy governs conditions and guidelines for peering at DD-IX.

Services we provide

First and foremost, an IXP is a peering platform. It provides Layer 2 connectivity based on one or multiple switches and a route server to ease the setup of Border Gateway Protocol (BGP) sessions. Operating such a peering infrastructure requires other internal services, which are not directly offered to members or peers but necessary to run the daily business.

 Figure 1 — Infrastructure required for an IXP.
Figure 1 — Infrastructure required for an IXP.

External services

We decided to start operations at two Points of Presence (PoP) from the beginning, due to the requirements of our peers. Both PoPs are equipped with a route server and are connected redundantly. To find potential PoPs and members in your region, PeeringDB is of great help if you run your own network, and maintain your entries.

We have decided to officially not offer physical 1GbE ports in order to simplify upgrades of our switching hardware. We plan to offer private VLAN interconnects between our peers in the near future.

DD-IX also operates an anycast nameserver instance of the AS112 project to resolve reverse lookup queries for non-unique IP addresses locally. We announce AS112 on our route servers to all peers.

Internal services

Internal services include a firewall, authentication handling, cloud services to share documents, a documentation platform, DNS, email, and so on. When we designed our local network, we explicitly decided to rely on IPv6 only, which was partly a challenge on its own.

To conclude, running an IXP is more than just providing some switch ports. We will write about the technical details and lessons learned in future RIPE Labs articles. Just look for IXP-from-Scratch.

Hardware we received

We started operation thanks to the support of several organizations that provided us access to hardware, including:

Figure 2 — DD-IX lab switches.
Figure 2 — DD-IX lab switches.
  • Server hardware to run our route servers, a firewall, and a virtualization server
  • Co-location rack space in two data centres
  • Arista DCS-7050SX switches supporting BGP eVPN
  • Flexoptix SFP+ transceivers
  • Arista 7148S Layer 2 switches

This enabled us to start directly with a network design that can be easily scaled up later on.

Acknowledgements

The Internet is a community project, and we consider ourselves lucky to have experienced this directly since the DD-IX journey started. Many people, ISPs, and IXPs have encouraged us to continue. Thanks!

Several companies supported us in a very early stage. Thanks BCIXDSIIBHSachsenGigaBitFlexoptix. We would like to use the opportunity to thank Christian Seitz, Steffen David, André Grüneberg, and René Fichtmüller for fruitful discussions.

Rate this article

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

Top