[AusNOG] Victorian Peering Point

[Joe Wooller]

Thanks for the email Andy, 

I have shot you an email off list to continue this discussion :)

Joe

On 28/03/2012, at 5:21 PM, Andy Davidson wrote:

> 
> Hi, Joe --
> 
> On 28 Mar 2012, at 02:34, Joe Wooller wrote:
> 
>> The hardware used is Juniper EX series switches for the fabric and J-Series for the Route Servers. The IX is dual stacked of course.
> 
> Firstly -- good luck with your new exchange project !
> 
> Which EX platform did you select for the IX switch operation ?  The chassis version or 1u version ?  I evaluated them both for an exchange point refresh project around 18 moths ago and felt disappointed by the availability of port-security options in both at the time, and I would love to know if the situation has changed now, or whether you are using a different port-security strategy ?  
> 
> The 1U version does port-sec just fine on access ports, but we had about 30% of members already connected and making use of 1q vlan features to consider it.  I helped an exchange in Africa build around the EX4200, they decided not to offer 1q services, and found the switch to be excellent for startup exchange use.  Junos is such a pleasure to configure too, I think you probably made a good choice.
> 
> However, on the subject of the route-servers, could I recommend that you maybe consider building a route-server system around the BIRD and OpenBGPd platform ?  The reason I suggest this is :
> - You can configure software that is specifically designed to be an IX route-server to be transparent, i.e. hide its own AS number in the AS-path.  This is relevant given the exchange will be forming forwarding adjacencies between your customer's routers, so the forwarding path and as-path path matching helps people make sane decisions from a TE point of view.
> - You can configure a RIB for every AS connected to the exchange with these platforms.  This is an advantage if you offer filtering - in order to prevent shadowing of exchange prefixes in the event that multiple peers transit an AS and the route-server's best path is filtered by others.  I can send you some presentations which explain this in more detail.
> - It is easier to configure bird and openbgp via scripts so that human hands do not need to touch the route-server config.  We think that at LONAP this has helped to avoid some accidents in the two or so years that we have offered route-servers. :-)  I can send you our scripts that manage route-server config, they are open-source and in use by about a dozen exchange points now.
> - You can run these pieces of software on kit able to do much faster RPSL filtering, so that you can do prefix-validation on routes that your peers offer.  We do this so that peers who don't really trust each other can build trust over a mutual third party operated platform, and an adjacency can exist where one might not have done otherwise.
> 
> I am really happy to help with any route-server or startup exchange project.
> 
> Best wishes,
> Andy
> !DSPAM:1,4f72d9fb30917082156091!
> 
>