Presentació a càrrec de Maria Isabel Gandia, cap de Comunicacions, duta a terme a la comunitat usuària de LAC-IX (Latin America and Caribbean IXPS) el 30 d'abril de 2021 en format virtual.
2. Agenda
1. Who are we?
2. CATNIX Timeline and Evolution
3. Interconnection and Peering-related Services
4. Additional Services
5. Other activities at CSUC & CATNIX
Restricted
5. CSUC
CSUC is a Consoritum of 10 Universities and the Catalan Government, whose
mission is to identify, design and execute shared projects in a collaborative way to
allow the Catalan universities increase their efficiency by exploiting economies of
scale and synergies.
8. Timeline
1999
2002 2008
2021
CATNIX is born
6 participants
BW > 256 kbps
1 Gbps
European
Peering Forum
10 years
22 participants
BW >10 Mbps
10 Gbps
3 sites
Route
servers
20 years
46 participants
BW >1 Gbps
100 Gbps
RIPE
meeting
2017
ESNOG meetings
Euro-IX Forums
2011 2015
DNS Root
servers
2005
2 sites
2003 2009
2016 2018
2014
2019
2007
9. CATNIX Facts
CATNIX was born in 1999, as an initiative of the Catalan government
and several ISPs in Catalonia (12 entities).
CATNIX is today a self-sustained IX.
It is managed by a non-profit organisation linked to the R&E
environment (Many examples in Europe: BNIX, BR-IX, CIX, DIX,
GIGAPIX, GR-IX, SFINX, TOPIX, VIX, VSIX, etc).
According to the Euro-IX Benchmarking Club Report Round 15 (2020),
CATNIX is #62 (of 215) in number of participants in Europe (46 ASNs).
Its traffic is equivalent to other internet exchanges of the same size
(100 Gbps peak traffic).
Our members decide what they want us to do: Technical and Strategic
Commission.
10. Iporium
CTTI
CATNIX: Current members
Orange
1 Gbps
Sarenet
T-Systems
Telefónica
Colt
Adam
Google VozTelecom
Acens
Nexica
Orange-BS
Equinix
RedIRIS
Adamo
Claranet
Guifi.net
Airenetworks
Hurricane Electric
Altecom
Vodafone
2 – 3 Gbps
10 Gbps
Microsoft
Bitnap
Sered
Cloudflare
E-ports
NTT
Akamai
Andorra Telecom
Eurona
20 – 30 Gbps
IMI
Altercom21
EveryWAN
Vola
x2
x2
40 Gbps Subspace
Operadors.cat
Evolutio
16. Peering: two flavours
Bi-lateral
Through one of the three route-servers:
• Campus Nord: bird on a VM.
• bitNAP: Cisco ISR443.
• Equinix: GoBGPd on a VM
Bio-diversity: The route-servers infrastructure is completely
independent in each node.
17. Enhanced Security: Blackholing Service
Useful to mitigate DDoS attacks at the IX.
Members can simply label their attacked prefixes in bilateral peerings and
through the route servers.
We use RFC7999 (blackhole community):
BLACKHOLE (= 0xFFFF029A)
The traffic directed to the attacked host is dropped at the IX, avoiding the
congestion in the member’s link at CATNIX.
Restricted
18. Security and Resiliency: RPKI Filtering in all the Route Servers
Resource Public Key Infrastructure (RPKI) is a cryptographic method
for signing records that associates a BGP route with its autonomous
system number (AS).
BGP does not provide a security system to ensure that the network
announcement via the protocol BGP is from the correct original AS.
This relationship is defined as Route Origin Authorization (ROA).
CATNIX has the ability on the three RPKI route-servers, to ensure the
relationship between the network and the source AS and thus
implement security for all participants who are part of the IX.
Restricted
19. Myportal
CATNIX members have a private space called My portal. This portal includes tools to check the quality of the
service, such as a weathermap, traffic volume information, collision and CRC statistics, a peering matrix,
the Looking Glass service, the Ookla speed test, the M-Lab node, NDT, etc.
Restricted
21. Quality of Service Measurement
CATNIX measures the following parameters for each port:
• Input and output traffic, indicating peaks
• CRC (Cyclic Redundancy Check)
• Collision
• Announced prefixes
These measures are used by the technical team to proactively detect
incidents and prevent an impact on the service.
Links between nodes are also monitored and upgraded when
necessary to avoid any risk of congestion.
CATNIX reports all the operations carried out on the infrastructure and
services, whether they have affected the availability of the services or
not, information on interruptions or incidents when applicable and
number of congestions detected (if any) at the Technical Commission
meetings, twice a year.
The objective is to be as transparent as possible.
Restricted
22. Mutually Agreed Norms for Routing Security
Let’s talk about manners
https://www.manrs.org/
23. CATNIX, Full Member of MANRS as an IXP
MANRS improves the security and reliability of the global Internet routing
system, based on collaboration among participants and shared
responsibility for the Internet infrastructure.
CATNIX is already MANRS compliant.
Protect the
Peering
Platform
The IXP has a
published policy of
traffic not allowed
on the peering fabric
and performs
filtering of such
traffic.
Promote
MANRS*
Four options
including (a)
assistance in
maintaining records,
(b) assistance in
implementing
operator Actions, (c)
indicating MANRS
membership, and
(d) incentives for
MANRS readiness
Filtering*
The IXP implements
filtering of route
announcements at
the Route Server
based on routing
information data
(IRR and/or RPKI)
Monitoring &
Debugging
The IXP provides a
looking glass for its
members.
.
Global
Communi-
cation
The IXP facilitates
communication
among members by
providing necessary
mailing lists, and
member directories.
* Mandatory
24. Automation: Information about the members in JSON format
It includes data about the internet exchange and its members, in order
to facilitate the automation of the configuration:
– Name
– Peering Policy
– URL
– Contact telephone
– Bandwidth at CATNIX
– …
Information about 46 AS available.
http://www.catnix.net/participants.json
CATNIX is in the official page of the Euro-IX JSON schema.
https://github.com/euro-ix/json-schemas
27. Monitoring and Debugging
bird-lg looking-glass:
Command history.
Bgpmap to draw maps.
It performs 'whois' queries to give information about routes and AS.
Accessible from any device.
28. DNS Root Servers
8 DNS root-servers at CATNIX.
Restricted
http://www.root-servers.org
D (University of Maryland): PCH
E (NASA): PCH & Cloudflare
F (ISC): ISC (x2) & Cloudflare
J (Verisign): Verisign*
K (RIPE NCC): RIPE NCC (through Services router)
L (ICANN): ICANN (through Services router)
29. View from RIPE Atlas
All root servers at CATNIX are less than 2 ms away from the
members, most of them are less than 1 ms (view from AS13041)
Restricted
32. We provide our members the necessary information to update PeeringDB
Restricted
PeeringDB
33. Research and Education Synergies: LISP Pilot Network Project (2014-2020)
The LISP Beta Network* was a multi-
company multi-vendor effort to research
real-world behavior of the LISP Protocol.
LISP DDT was a hierarchical and
distributed database that provided a
mapping EID/RLOC.
The node at CATNIX was the root.
It helped testing the protocol and turning
it into a mature technology, with
significant impact on the field of private
VPNs and mobility.
https://tools.ietf.org/html/rfc8111
Restricted
*Participants:
• CATNIX: BT, Equinix, ICANN, ISC, Microsoft, NTT
• Other: Cisco, Facebook, KPN, NYU, Partan, TaTa,
TCH, Qwest, UCLA, UOregon, UPC…
35. The Internet Community
Restricted
Presentations at CATNIX meetings
NetBCN
ESNOG
Euro-IX
RIPE Meetings
RIPE training courses
European Peering Forum
Other activities
40. Other activities at CSUC & CATNIX (I)
Restricted
Cisco award for digital innovation during “La
nit de les Telecomunicacions i la Informàtica”
for CSUC, mention to CATNIX, 2017.
Visit of 4 teams of the Technovation
Challenge. Girls for a change, 2019.
Organisation of the Autumn School “The
Challenges of Internet Governance” with
IBEI and ICANN, 2018.
Round table on Inclusivity: women in
networking, 2020.
20th anniversary Beer&Talk and visit to
UB, 2019.
Open days for the Internet Day and the
Science week, every year.
41. 20 Years of CATNIX
CATNIX is a meeting point, a place with an intense activity
Proximity / Interconnection / Collaboration / Movement
Experts in the territory and in innovation
Emphasizing the “C” for CATNIX, Catalonia, Connection
Going up
Restricted