Operations of Global Internet
Download
Report
Transcript Operations of Global Internet
Hong Kong
Network Updates
– Interconnections in HK
Che-Hoo CHENG 鄭志豪
The Chinese University of Hong Kong /
Hong Kong Internet Exchange
05 MAR 2009
Introduction of HKIX (1/2)
Set up by The Chinese University of Hong Kong (CUHK) in Apr
1995
MLPA Internet Exchange over Layer 2 Infrastructure with BLPA
support
MLPA
• Mandatory for Hong Kong routes only
• HKIX MLPA Router Server: AS4635
AS4635 seen in AS Path
• IPv4 Route filters implemented strictly
By Prefix or by Origin AS
But a few trustable participants have no filters except max
number of prefixes
Support BLPA
• One AS hop less than MLPA
• May get more routes from your peers than MLPA
2
• HKIX encourages BLPA over HKIX
Introduction of HKIX (2/2)
202.40.161/24
Port Security (one MAC address per switch port) implemented
strictly
Our service is basically free of charge as we are not-for-profit
• But there will be charge for 10GE port or >2 x GE ports if
traffic volume is not high enough to justify the resources
Provide colo space for strategic partners such as root / TLD DNS
servers & APNIC
Still located and operated by CUHK
Considered as Critical Internet Infrastructure in Hong Kong
We are confident to say that with HKIX, more than 98% of intraHK Internet traffic is kept within HK
More info on www.hkix.net
3
HKIX Model —
MLPA over Layer 2
(with BLPA support)
ISP A
Routes of
ISP A
ISP B
ISP C
Routes of
ISP C
Routes of
ISP B
Routes of All
ISPs in HKIX
Routes of All
ISPs in HKIX
Routes
from All
ISPs
•
•
MLPA traffic exchanged directly over
layer 2 without going through MLPA
Route Server
BLPA over layer 2 without
involvement of MLPA Route Server
ISP D
Routes of
ISP D
Routes of All
ISPs in HKIX
Routes of All
ISPs in HKIX
Routes of All
ISPs in HKIX
Switched Ethernet
MLPA
Router
Server
4
HKIX2
Announced on 25 Nov 2004
HKIX2 site in Central as redundant site of HKIX
Linked up to HKIX by 2 x 10GE links
• It is Layer 3 connection
• Same AS4635 MLPA
• Different broadcast domain from HKIX
218.100.16/24
• Participants cannot do BLPA across HKIX and HKIX2
Free of charge for up to 2 GE ports unless traffic volume
justifies
IX portion managed by CUHK
5
Quick Updates (1/2)
2 x Cisco Catalyst 6513 at HKIX and 1 x Cisco Catalyst
6513 at HKIX2
Most connected to HKIX switches without co-located routers
• Cross-border layer 2 Ethernet connections to HKIX
possible
Ethernet over MPLS or Ethernet over SDH
Officially allow overseas ISPs to connect now
• Those overseas ISPs may not have Hong Kong routes…
• Major overseas R&E networks connected in 2008
110 AS’es connected at HKIX + 18 AS’es at HKIX2 now
• 16 AS’es at both HKIX2 & HKIX for redundancy
18 x 10GE + 175 x GE/FE ports served
>23,000 IPv4 prefixes carried by HKIX MLPA
• More non-HK routes than HK routes
Peak 5-min traffic >75 Gbps now
6
Quick Updates (2/2)
A small HKIX POP with Cisco 7603 (as layer 2 switch) has
been set up in Mega-i with GE link (layer 2) back to HKIX at
CUHK but it is for academic network connections only
Basic Set-up:
• First 2 GE ports at HKIX and First 2 GE ports at HKIX2
free of charge with no question asked and no agreement
Advanced Set-up:
• If 10GE port or >2 GE ports are needed, agreement is
needed and there will be a small port charge unless
aggregate traffic volume of all ports exceeds 50% (95th
percentile)
See http://www.hkix.net/hkix/connectguide.htm for details
7
Usage Statistics of HKIX
8
Plan for 2009
Order has been placed to replace one Cisco Catalyst 6513 at HKIX
with a brand new high-end switch
• To support 128 line-rate 10GE ports
• To support LACP with port security over GE & 10GE ports
Remote participants have to check whether their tail
providers can support LACP with enough transparency
• sFlow equivalent
• To be in production in May 2009
MLPA: Support daily automatic route filter updates from routing
registry database
MLPA: Support BGP community for easier traffic load balancing
Portal for Participants
Improve after-hour support
We continue to encourage BLPA
Suggestions are welcome
9
IPv6 at HKIX
CUHK/HKIX is committed to help Internet development in
HK
IPv6 supported by HKIX since Mar 2004
• Dual stack
Today, 24 AS’es have been assigned addresses at
HKIX/HKIX2 and have joined MLPA
• BLPA encouraged
Root server instance F supports IPv6 transport at HKIX
Dual stack so cannot know for sure how much IPv6 traffic
in total
• Should be lower than 1% of the total traffic
• Hopefully with the new switch, we can have more
detailed statistics
10
IPv6 Participants at HKIX (1/2)
APAN-JP (AS7660)
APNIC (AS18366)
ASCC-ASNET (AS9264)
Bhutan Telecom (AS17660)
China Mobile-Peoples (AS9231; at HKIX2 only)
CITIC1616 (AS17554; at HKIX2 only)
CNGI-6IX (AS23911; IPv6 only)
CUHK (AS3661 & AS4641)
Diyixian (AS9584)
Globalnet (AS17990)
Google (AS15169; at both HKIX & HKIX2)
Hurricane Electric (AS6939)
Hutchison Global Communications (AS9304)
11
IPv6 Participants at HKIX (2/2)
ISC (AS23709)
Internode (AS4739; to be connected soon)
JUCC-HARNET (AS3662)
KREONET2 (AS17579)
NTT Com (AS2914)
Reliance Globalcom / FLAG (AS15412)
Samsung (AS6619)
SCIG of HK Government (AS9732)
Telstra-CSL (AS38819)
TIC (AS1836)
Good mix of academic networks and commercial networks
All joined MLPA
Can set up BLPA with them over HKIX
12
Recent IPv6 Work at HKIX
Remove route filters for IPv6 at MLPA route server
• Still provides minimal protection such as bogus routes
• Total number of routes on MLPA >1,000 now
Add BGP community tagging to distinguish upstream routes
for transit purpose from downstream routes for peering
purpose
• 4635:900 - Upstream / peer routes announced by free
IPv6 transit providers for use by those HKIX participants
which seek for free IPv6 transit over HKIX MLPA
• 4635:800 - Downstream / internal routes seeking for
peering only over HKIX MLPA but not for transit
• 4635:700 - Downstream / internal routes seeking for
transit over HKIX MLPA
See http://www.hkix.net/hkix/route-server.htm for details
13
Mega-i
Located in Chai Wan in Eastern part of HK Island
Important Carrier Hotel in HK
Essentially all submarine / terrestrial cable
operators have presence there
Good for physical interconnections
But colo space is running out
• Colo and Cross Connect charges increasing
CUHK/HKIX has a small POP there to serve R&E
networks only
• One GE link back to HKIX should serve multiple
interconnection requirements
14
R&E Networks in Mega-i
ASCC/ASNET: 5/F
ASGC: 12/F inside PACNET
CERNET/CERNET2/CNGI-6IX: 8/F
CSTNET/GLORIAD: 32/F Meet-Me Room
CUHK/HKIX: 32/F Open Farm
KISTI/KREONET2: 12/F inside PACNET
NICT: 10/F
TEIN3: 8/F
15
Fiber Cross Connect
Inside Mega-i
Same charge for MMF & SMF
Ordering may be complicated if more than
one party is involved
iAdvantage now have monthly charge
even for Fiber Cross Connect within the
same floor
If not a lot of traffic, HKIX switch at Megai can be used for interconnections among
R&E networks to avoid managing and
paying multiple fiber cross connect cables
16
Wharf T&T
AS9381
…..
NTT
AS2914
ASCC
AS9264
CERNET
AS4538
CERNET2
AS23910
CNGI-6IX
AS23911
Other
Universities
in HK
at CUHK
at HKU
HARNET
AS3662
at CUHK
HKIX Layer 2
(MLPA:AS4635)
at Mega-i
CUHK
AS3661
APAN-JP
AS7660
TEIN3
AS24489
Internet2
AS11537
PCCW
Global
AS3491
ASGC
AS24167
CSTNET
AS7497
KREONET2
AS17579
Interconnections between NICT and CSTNET in Mega-i
NICT
on 10/F Mega-i
GE(SX)
untagged
GE(SX)
VLAN Trunk
on 32/F Mega-i
GE
untagged
Cisco 7603 of CUHK
CUHK/HKIX on 32/F Mega-i
in 32/F Mega-i
GE Link of HKIX
Between Mega-i and CUHK
19
CUHK – PWH Hospital (1/2)
PWH is the teaching hospital of CUHK
7km away from Main Campus
• Little chance to lay our own fibers
Leasing 300Mbps bandwidth over GE now
• Can be upgraded easily if needed
Networks within PWH is complicated as Hospital Authority is
there also
When doing telemedicine, CUHK network resources
(AS3661) will be used
CUHK/AS3661 has direct interconnections with APAN-JP,
ASCC, ASGC, CNGI-6IX, CSTNET, HARNET & KREONET2 to
ensure more direct routing path is selected
20
CUHK – PWH Hospital (2/2)
21
300Mbps Link of CUHK
Between Main Campus
and PWH
22
Thank You