[AusNOG] Victorian Peering Point

Andy Davidson andy at nosignal.org
Wed Mar 28 20:21:42 EST 2012


Hi, Joe --

On 28 Mar 2012, at 02:34, Joe Wooller wrote:

> The hardware used is Juniper EX series switches for the fabric and J-Series for the Route Servers. The IX is dual stacked of course.

Firstly -- good luck with your new exchange project !

Which EX platform did you select for the IX switch operation ?  The chassis version or 1u version ?  I evaluated them both for an exchange point refresh project around 18 moths ago and felt disappointed by the availability of port-security options in both at the time, and I would love to know if the situation has changed now, or whether you are using a different port-security strategy ?  

The 1U version does port-sec just fine on access ports, but we had about 30% of members already connected and making use of 1q vlan features to consider it.  I helped an exchange in Africa build around the EX4200, they decided not to offer 1q services, and found the switch to be excellent for startup exchange use.  Junos is such a pleasure to configure too, I think you probably made a good choice.

However, on the subject of the route-servers, could I recommend that you maybe consider building a route-server system around the BIRD and OpenBGPd platform ?  The reason I suggest this is :
 - You can configure software that is specifically designed to be an IX route-server to be transparent, i.e. hide its own AS number in the AS-path.  This is relevant given the exchange will be forming forwarding adjacencies between your customer's routers, so the forwarding path and as-path path matching helps people make sane decisions from a TE point of view.
 - You can configure a RIB for every AS connected to the exchange with these platforms.  This is an advantage if you offer filtering - in order to prevent shadowing of exchange prefixes in the event that multiple peers transit an AS and the route-server's best path is filtered by others.  I can send you some presentations which explain this in more detail.
 - It is easier to configure bird and openbgp via scripts so that human hands do not need to touch the route-server config.  We think that at LONAP this has helped to avoid some accidents in the two or so years that we have offered route-servers. :-)  I can send you our scripts that manage route-server config, they are open-source and in use by about a dozen exchange points now.
 - You can run these pieces of software on kit able to do much faster RPSL filtering, so that you can do prefix-validation on routes that your peers offer.  We do this so that peers who don't really trust each other can build trust over a mutual third party operated platform, and an adjacency can exist where one might not have done otherwise.

I am really happy to help with any route-server or startup exchange project.

Best wishes,
Andy


More information about the AusNOG mailing list