Building network resilience: ensuring rock-solid peering at the Netnod IX
1. Why is redundancy so important for customers connecting to an IX?
Redundancy ensures consistent and reliable network performance. With two independent ports in two separate switch fabrics, customers can avoid single points of failure. This means that if there are any hardware, fibre or routing issues with one port, traffic can reroute through the other port preventing downtime and ensuring service continuity. For networks that need high reliability, the added layer of protection provided by a redundant port is a sensible investment.
2. How does redundancy work at the Netnod IX?
At the Netnod IXes in Stockholm, Copenhagen, and Helsinki, Netnod ensures redundancy by using two separate peering fabrics at each IX. These switch fabrics, named Blue and Green, each have their own dedicated fibre path. This setup ensures continued service even if there is an issue with a customer port, an IX switch or one of the paths to the fabrics.
As you can see above, Network A has redundant ports and connects to the Blue peering fabric with one port and to the Green peering fabric with a second port. Networks B and C use a single connection over a single port to connect to the Blue AND Green peering LANs.
In addition to running multiple switches, LANs and providing multiple routes both within our IXes and between them, Netnod also uses multiple BGP implementations. The diversity across all layers of our IX service means that the Netnod IX has delivered 100% uptime for more than 20 years.
3. What are the key considerations for networks that need rock-solid peering?
First, choose an IX that fits your redundancy needs. If you can only connect to a single port on a single LAN on a single switch, your peering has a single point of failure. Next, weigh up the benefits of adding a redundant port. Yes, the costs will increase, but if you are a network that needs high reliability, this added cost may well be minor compared to the costs of dropped traffic. Look at your connection strategy: do you have diverse paths to your most important peers or are you dependent on the IX for reaching them? How much traffic are you getting from networks announced from the route servers? And how would your network be impacted if you lose access to the route server?
4. What can you do to secure your routes and how does this work at an IX?
The best thing you can do to secure your routes is to use RPKI. This is the only large-scale and production ready way of validating routes and preventing route hijacks on your network.
The MANRS initiative has excellent advice on RPKI and routing security for network operators here.
The Netnod IX route servers support RPKI. This means that we employ RPKI filtering and drop all prefixes which have an invalid Route Origin Authorisation (ROA). Unknowns are checked against the IRR filter of the customers. Therefore, customers connecting to the Netnod route servers should ensure they have signed their prefixes with RPKI and that their AS-SETs are up-to-date.
You can read more about peering with the Netnod route server here.
5. What impact does the new Netnod One Port setup have for customers who need redundant peering at the Netnod IX?
Customers using Netnod One Port will be able to run redundant ports and use them to ensure redundant peering at the Netnod IX exactly as before. If you order a redundant connection, you will need two cross connects and two ports. In that case, you will be guaranteed diverse paths to ensure redundancy. Each port and the peering service delivered over that port will be provided under the Netnod One Port framework, which means you can add other services to the ports if you wish.
Read more about Netnod One Port here.