On 18/04/2024 19:44, Ryan Woolley wrote:
At ARIN 53, John Sweeting asked for clarification from the community
on whether an internet exchange needs IP space beyond that used for
the switching fabric, and whether IP allocations made to an IXP
operator may need to be routable. Additionally, John shared a
suggestion that the historical basis for maintaining a pool specific
to IXPs was to enable the building of filters to prevent those
addresses from being globally routable.
I don't see a problem they being routable as there may be infrastructure
like Portal, Looking Glass, internal Infrastructure etc e and other
tools that need it. In the other hand it is expected that most of the
allocation to be used for connecting members. Issue here is where
micro-allocations would be enough for the second case, they are not for
the first. Another point of attention is what would the risk of abuse
and how feasible to monitor it in order to prevent abuse if necessary.
It doesn't make total sense to me to say that a pool specific to IXPs is
intended only to build filters to prevent those addresses from being
globally routable as there are legitimate cases. Maybe this was
someone's opinion on the past and not a community understanding that
ended up being expected as such.
Community IX operates two IXPs, FL-IX in south Florida and CIX-ATL in
Atlanta. FL-IX was founded in 2015 and now connects 158 member
networks. CIX-ATL began operations in 2019 and currently connects 66
member networks.
Both IXPs have been assigned IP address space from ARIN. Each IXP
uses one prefix for the member LAN, which is not announced outside of
our members’ networks, and a second, routed, prefix for the IXP
infrastructure.
Fair enough, as mentioned above. If the allocation is for allowing to
build a IX which plays a fairly important role in this ecosystem that
should be for whatever is needed and justifiable, and of course there
are means to monitor and make sure one that receives such allocation
doesn't use it otherwise.
The routed prefix supports operations critical to the operation of the
exchange. Our member portal, network management systems, and
equipment loopback addresses are, by need and design, addressed in
routable IP space. For example, route servers build filters based on
ROAs and IRR databases, and configurations are replicated off-site.
Unlike an IXP affiliated with an ISP or data center operator, we have
no line of business which would enable us to borrow IP space from, for
example, a pool maintained for allocation to IP transit customers.
Our transit is provided as a donation by members, who may come or go
as their connectivity needs require, so we cannot reasonably use
non-provider-independent IP space.
Even an ISP that sponsors an private for profit ISP if necessary should
request allocation from this pool as the existence of an IXP, is still
relevant to the Internet ecosystem, but your case is a prefect example
of the usage of this
On the second question of whether space reserved for IXP allocations
should be unroutable as a feature, we have not, in our years of
operation, encountered any issues with reachability for these
allocations. If networks are building filters for this purpose, our
experience suggests that is not a common practice.
IXPs do commonly have a desire to prevent their member LAN prefix from
being routable. The current best practice is that this prefix is
signed in RPKI with an origin ASN of zero (as described in RFC 6483),
and Community IX does this for both our IXPs’ member LANs. To the
extent that filtering based on IP addressing may have been
contemplated in the past, is it now obsoleted by RPKI.
Perfect. Well done.
Fernando
Regards,
Ryan Woolley
Community IX
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please [email protected] if you experience any issues.
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
