Embed Size (px)
Citation preview
HKIXUpdatesatAPIXMeeting#15
RyanNGwww.hkix.net26Feb2017
WhatisHKIX?
• EstablishedinApr1995,HongKongInterneteXchange(HKIX) isthemainlayer-2InterneteXchangePoint(IXP)inHongKongwherevariousautonomoussystemsinterconnectwithoneanotherandexchangetraffic
• HKIXisnowownedandoperatedbytheHongKongInterneteXchangeLimited(awholly-ownedsubsidiaryofTheChineseUniversityofHongKongFoundationLimited)incollaborationwithInformationTechnologyServicesCentre ofTheChineseUniversityofHongKong
• HKIXservesbothcommercialnetworksandR&Enetworks• Theoriginalgoalistokeepintra-HongKongtrafficwithin
HongKong
ISP DISP A ISP B ISP C
Routes of ISP A
Routes of All ISPs in HKIX
Routes of ISP B
Routes of ISP C
Routes of ISP D
Routes of All ISPs in HKIX
Routes of All ISPs in HKIX
Routes of All ISPs in HKIX
MLPARoute
Servers
Routes of All ISPs in HKIX
Routes from All ISPs Switched Ethernet
HKIXModel—MLPAoverLayer2+BLPA
• MLPA traffic exchanged directly over layer 2 without going through MLPA Route Server
• BLPA over layer 2 without involvement of MLPA Route Server
• Supports both IPv4 and IPv6 over the same layer 2 infrastructure
HelpKeepIntra-AsiaTrafficwithinAsia
• WehavealmostalltheHongKongnetworks• So,wecanattractparticipantsfromMainlandChina,Taiwan,
Korea,Japan,Singapore,Malaysia,Thailand,Indonesia,Philippines,Vietnam,IndiaandotherAsiancountries
• Wenowhavemorenon-HKroutesthanHKroutes• Wedohelpkeepintra-AsiatrafficwithinAsia• Intermsofnetworklatency,HongKongisagoodcentral
locationinAsia• HKIXdoeshelpHKmaintainasoneoftheInternethubsin
Asia• HKIXsupportsbothdomesticandinternationaltraffic
HKIXToday• SupportsbothMLPA(MultilateralPeering)andBLPA(BilateralPeering)overlayer2
• SupportsIPv4/IPv6dual-stack• Moreandmorenon-HKparticipants• 260+autonomoussystemsconnected• 480+connectionsintotal
– 7 100GE,270+ 10GE & 200+GE
• 770+Gbps(5-min)totaltrafficatpeak• AnnualTrafficGrowth=30+%
DailyTrafficStatistics
YearlyTrafficStatistics
NewHKIXDual-CoreTwo-TierSpine-and-LeafArchitecture
For2014andBeyondHKIX1CoreSite@CUHK HKIX1bCoreSite@CUHK
CoreSwitch@HKIX1
CoreSwitch
@HKIX1b
AccessSwitch(es)@HKIX2
AccessSwitches@HKIX1
AccessSwitches@HKIX1b
AccessSwitch
@HKIX-R&E
------(<2km)------
n x100GE/10GEInter-Switch
Links
n x100GE/10GEInter-Switch
Links
ISP1 ISP2 ISP3 ISP4 ISP5 ISP6 ISP7
CoreSwitch@HKIX1
CoreSwitch
@HKIX1b
AccessSwitch(es)@HKIXm
AccessSwitch(es)@HKIXn
100GE/10GE/GELinks
100GE/10GE/GELinks
SettingupMultipleHKIXSatelliteSites
• AllowparticipantstoconnecttoHKIXmoreeasilyatlowercost fromthosesatellitesitesinHongKong
• OpentocommercialdatacentresinHKwhichfulfilminimumrequirementssoastomaintainneutralitywhichisthekeysuccessfactorofHKIX
• Createawin-winsituationwithsatellitesitecollaborators• TobenamedHKIX2/3/4/5/6/etc
Recentupdates:– HKIX2hasalreadybeenmigratedfromoldmodeltonewSatelliteSite
model– HKIX3/4/5sitewillbeReadyforServicebyApr2017
• HKIX1 andHKIX1b (thetwoHKIXcoresiteslocatedwithinCUHKCampus)willcontinuetoserveparticipantsdirectly
SettingupMultipleHKIXSatelliteSites
HongKong,08Feb2017HKIXannouncesthat3newsatellitesiteswillbeestablishedincollaborationwith3commercialdatacentreswhichprovidecolocationservicesaswellaseasyconnectionstoHKIX.
SatelliteSite
SatelliteSiteCollaborator District PortsSupported Status
HKIX2 CITICTelecomInternational Kwai Chung GE/10GE ReadyforService
HKIX3 SUNeVision /iAdvantage FoTan GE/10GE/100GE Coming(byFeb2017)
HKIX4 NTTComAsia Tseung KwanO GE/10GE Coming(byApr2017)
HKIX5 KDDI /Telehouse/HKCOLO.net
Tseung KwanO GE/10GE/100GE Coming(byApr2017)
• ForconnectionstoHKIXatSatelliteSites,specialconnectionchargeswillbechargedbyrelevantoperators,inadditiontotheportchargeschargedbyHKIX.
• ForHKIXparticipantsnotcolocated atHKIXsatellitesites,theycanstillconnecttoanyofthetwoHKIXcoresites,i.e.HKIX1andHKIX1bsitesbylocalloopsvialocalloopproviders.
SupportofBlackholing forAnti-DDoSonHKIXRouteServers
HKIXrouteserverssupportRemoteTriggeredBlackHoleFiltering(RTBH)forannouncementofblack-holefiltering
No.ofASNsParticipated:27
Howitworks?• Thevictim’saddressmustbeincludedintheparticipantfilterontheHKIXroute
serversforBGPannouncement• Participanttagthe/32prefixwith4635:666 foritscustomer• HKIXrouteserverssettheprefixwithnexthop123.255.90.66• OtherHKIXparticipantsacceptthe/32prefixandsetthenexthopaddressfor
123.255.90.66tonull
ExpectedResults:• Onlythevictim(/32)willbeunreachableviaHKIXnetworkwhilesavingtheothers• TheDDoStrafficwillbeblack-holedatthesideoftheparticipatingrouterswhichare
closertotheDDoStrafficsources
SupportofHidingAS4635onHKIXRouteServers
• HidingAS4635(ASNofHKIXRS)ontheASPathintheBGPannouncement
• SupportbothIPv4and/orIPv6
Steps:1. DisableBGPEnforcetheFirstAutonomousSystemPathonyour HKIX
peeringrouter- configuration:
Router(config)#routerbgp <Your-ASN>Router(config-router)#nobgp enforce-first-as
2. NotifyHKIXforhidingAS4635intheBGPannouncement3. SoftresettheBGPsession4. HKIXwillhidetheAS4635ontheASPathfortheIPv4and/orIPv6routes
sendingfromHKIXrouteserverstoyourHKIXpeering
Near-TermPlan
• 1Q2017– True24x7NOC• 3Q2017– MoreBGPCommunitieswillbesupportedonRouteServersforRoutingControl
• 3Q2017– HKIXPortalforParticipants
ThankYou!
Forenquiries,pleasecontactusatinfoAThkix.net
![HKIX Updates at PHNOG-20150615 [Read-Only] · 2017-01-25 · 20th Anniversary of HKIX • HKIX started with thin coaxial cables in Apr 1995 – Gradually changed to UTP cables / fibers](https://img.pdfslide.us/doc/110x75/5fa7b8d907cb1251b972c67b/hkix-updates-at-phnog-20150615-read-only-2017-01-25-20th-anniversary-of-hkix.jpg)
