[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[af-ix-discuss] Your help please

At JINX (Johannesburg, South Africa), services like the Looking Glass,
Route server and Time server are all on the same IP address range as the
customers peering at the IXP. There were a number of other "services"
available - such as some AnyCast instances of root name servers. These
though were behind their own ASNs and simply peered as any other IXP
customer. There was also a CO.ZA Zone secondary - also behind its own ASN.

ISPs peering at JINX would be able to see all these services - though
for some, they would have to have a peering connection - for example the
AnyCast root nameservers. This would also work fine for customers of
those ISPs. It wouldn't work though for other ISPs who are not peering
at the IXP. For example, our national Telecom operator did not have
presence at JINX.

I'm not sure having Reverse DNS at the exchange makes sense - except
perhaps for the IXPs own number range. You should note that although
there was a CO.ZA instance located at JINX - there were other default
routes so the likes of our national operator could also route to that
same machine albeit via a much longer and slower route.

For a developing economy - I personally quite liked it when the
Tanzanian regulator insisted that all ISP operators must peer at the
Tanzanian exchange point (there was only the one at the time). Peering
is without exception a very healthy thing to do - even for the ISP
operators who believe themselves to be above such matters.

I would not be surprised if management at JINX simply uses the same
block of IP addresses, I believe it certainly used to. Services such as
AnyCast root nameservers need a management (or rather, routeable) IP -
so data can be update. The IXP block will not be world routeable.
Management could also be on RFC1918 address space and simply not
routeable - making it safer against attacks.

If you want anyone to be able to see certain things like a Web Page
describing the services available (to entice new peers) or Stats (very
important!) - then that must be on its own world routable address space.

Then again - I may be wrong about all the above - but am sure someone
will correct me!


On 30/05/2018 18:25, Benny.MBOKO at arpce.cg wrote:
>
> Hello Dear All,
>
> We want to add different sevices (root server, reverse DNS, Looking
> glass, etc.) to our IXP.
>
> Can we use the/24 peering for these services? If so, why? If not, why?
>
> In addition to IP resources (IPv4, IPv6, and ASN) for peering, should
> all IXP also have other IP resources (IPv4, IPv6, and ASN) for management?
>
> This management network is cut out for the management and services of
> the IXP. Is that the way it is? A few comments please.
>
> ?
>
> Thanks
>
> ?
>
> Best regards
>
> ?
>
> Benny MBOKO
>
> ARPCE/Congo
>
>
> ______________________________________________________________________
> This email has been scanned by the IT101 Email Security System.
> For more information please visit http://www.it101.be
> ______________________________________________________________________
>
>
>
> _______________________________________________
> af-ix-discuss mailing list
> af-ix-discuss at af-ix.net
> http://af-ix.net/mailman/listinfo/af-ix-discuss_af-ix.net

-- 
Mark James ELKINS  -  Posix Systems - (South) Africa
mje at posix.co.za       Tel: +27.128070590  Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://af-ix.net/pipermail/af-ix-discuss_af-ix.net/attachments/20180530/e2047584/attachment.html>