WIX: a Distributed Internet Exchange
In order to make route changes simpler for the hundreds of WIX users, Citylink has deployed two route servers. Rather than having to peer with every router on WIX, the preference is to peer with only the route servers, dramatically simplifying route table maintenance for everyone. Each client router, then, has to maintain only two BGP sessions—one to each of the two route servers rather than to hundreds of routers.
The route servers (Figure 1) don't carry any traffic at all. They simply reflect routes from one peer to all of the rest. I was surprised to find that the servers are based on the same small footprint diskless 266MHz Pentium board made by Soekris Engineering that is used for the routers. LEAF is installed on compact Flash for reliability and fast booting. The Quagga Routing Software Suite is used to provide BGP services, and the kernel handles packet routing.
Two routers are used for redundancy, for IPv4, and a second set provides services for IPv6. Citylink maintains its own route registry and uses the Routing Policy Specification Language (RPSL) to manage the IPv4 routers. A set of shell and Perl scripts has been developed that use RTCONFIG to construct configuration files for the Quagga software. All this gives Citylink tight control over what peers can announce to the servers and ensures that a replacement can be deployed quickly if required. The whole process is managed with Revision Control System (RCS) to allow backups to be made and to ensure consistency.
Participants on WIX may advertise only those address spaces that are within their own individual network boundaries. The route servers re-advertise what they learn and filter out addresses that should never be routed, which are called Bogons. Examples of these are the loopback address, 127.0.0.1/8; other addresses allocated for private networks, such as 172.16.0.0/12; and non-assigned addresses.
At present, the IPv6 routers are maintained manually. When RPSL for IPv6 is standardised, however, and the amount of work required increases sufficiently, scripts will be used.
One interesting technique deployed on the WIX and its sister exchange, APE, in Auckland, is anycast routing. A good example of anycast routing is the recent addition of a mirror of a root nameserver at WIX. Because of the way BGP and anycast works, a query to the root server goes to the nearest mirror automatically. If an ISP peers at WIX, it can get a 2ms ping time. International paths are over 200ms, so this a huge improvement.
Local media companies also use anycasting to provide content on the exchange at a low marginal cost to ISPs. Rather than having to bring content requested by their customers across expensive international circuits, the ISPs can get it locally.
Anycast also can be used to limit the distribution of the traffic to only local networks. One example of this is The Return of the King premiere parade, which was Webcast using anycast routing from downtown Wellington. Over five hours, about 12 terabytes of data was requested by New Zealand customers, and this content was provided at no cost to ISPs. A mirror of the stream also was provided from a server in the USA for international viewers. Another example is the provision of software mirrors such as one for Debian, the distribution used by Citylink.
One of Citylink's biggest innovations is the provision of wireless Internet connections in cafés and some business premises in Wellington. The first access point was installed in June 2002, and the service was launched officially in November of that year. Currently, more than 200 access points are in operation (Figure 5).
One good example of how this Wi-Fi technology can benefit the community is the recent installation of a wireless access point at the Mary Potter Hospice for terminally ill patients. Two laptops on mobile trolleys are used to allow patients to stay in touch with their families or simply to read material on-line in their own time.
Citylink also operates the Auckland Peering Exchange (APE), which has about 40 peering participants. A recent addition was the Palmerston North Internet Exchange (PNIX), which, although it has only one participant right now, serves as a place for content providers to mirror servers. Other exchanges are planned for other parts of New Zealand in the near future.
Citylink has found that Linux readily is adaptable to whatever the company needs it to do. Having “intelligent” routers running Linux has meant that deeper firewalls can be deployed; it also has given staff access to better debugging tools. For example, TCP Dump can be used to examine traffic through a router in real time if required.
The use of Linux and other open-source software has been a key enabler in creating an affordable public Ethernet and a low cost-of-entry distributed Internet exchange. It will continue to allow the number of exchanges to grow and to fuel innovation and collaboration in other centres around New Zealand.
Resources for this article: /article/8265.
Richard Hulse is a broadcaster based in Wellington, New Zealand. He currently is working on a number of IT projects that involve using Linux to bridge between disparate systems.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- The Death of RoboVM
- The Humble Hacker?
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- ACI Worldwide's UP Retail Payments
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide