230 likes | 476 Views
Hong Kong Network Updates – Interconnections in HK. Che-Hoo CHENG 鄭志豪 The Chinese University of Hong Kong / Hong Kong Internet Exchange 05 MAR 2009. Introduction of HKIX (1/2). Set up by The Chinese University of Hong Kong (CUHK) in Apr 1995
E N D
Hong Kong Network Updates– Interconnections in HK Che-Hoo CHENG 鄭志豪 The Chinese University of Hong Kong / Hong Kong Internet Exchange 05 MAR 2009
Introduction of HKIX (1/2) • Set up by The Chinese University of Hong Kong (CUHK) in Apr 1995 • MLPA Internet Exchange over Layer 2 Infrastructure with BLPA support • MLPA • Mandatory for Hong Kong routes only • HKIX MLPA Router Server: AS4635 • AS4635 seen in AS Path • IPv4 Route filters implemented strictly • By Prefix or by Origin AS • But a few trustable participants have no filters except max number of prefixes • Support BLPA • One AS hop less than MLPA • May get more routes from your peers than MLPA • HKIX encourages BLPA over HKIX
Introduction of HKIX (2/2) • 202.40.161/24 • Port Security (one MAC address per switch port) implemented strictly • Our service is basically free of charge as we are not-for-profit • But there will be charge for 10GE port or >2 x GE ports if traffic volume is not high enough to justify the resources • Provide colo space for strategic partners such as root / TLD DNS servers & APNIC • Still located and operated by CUHK • Considered as Critical Internet Infrastructure in Hong Kong • We are confident to say that with HKIX, more than 98% of intra-HK Internet traffic is kept within HK • More info on www.hkix.net
HKIX Model — MLPA over Layer 2 (with BLPA support) ISP A ISP B ISP C ISP D Routes of ISP C Routes of ISP B Routes of ISP D Routes of ISP A Routes of All ISPs in HKIX Routes of All ISPs in HKIX Routes of All ISPs in HKIX Routes of All ISPs in HKIX Routes from All ISPs Switched Ethernet Routes of All ISPs in HKIX MLPA Router Server • MLPA traffic exchanged directly over layer 2 without going through MLPA Route Server • BLPA over layer 2 without involvement of MLPA Route Server
HKIX2 • Announced on 25 Nov 2004 • HKIX2 site in Central as redundant site of HKIX • Linked up to HKIX by 2 x 10GE links • It is Layer 3 connection • Same AS4635 MLPA • Different broadcast domain from HKIX • 218.100.16/24 • Participants cannot do BLPA across HKIX and HKIX2 • Free of charge for up to 2 GE ports unless traffic volume justifies • IX portion managed by CUHK
Quick Updates (1/2) • 2 x Cisco Catalyst 6513 at HKIX and 1 x Cisco Catalyst 6513 at HKIX2 • Most connected to HKIX switches without co-located routers • Cross-border layer 2 Ethernet connections to HKIX possible • Ethernet over MPLS or Ethernet over SDH • Officially allow overseas ISPs to connect now • Those overseas ISPs may not have Hong Kong routes… • Major overseas R&E networks connected in 2008 • 110 AS’es connected at HKIX + 18 AS’es at HKIX2 now • 16 AS’es at both HKIX2 & HKIX for redundancy • 18 x 10GE + 175 x GE/FE ports served • >23,000 IPv4 prefixes carried by HKIX MLPA • More non-HK routes than HK routes • Peak 5-min traffic >75 Gbps now
Quick Updates (2/2) • A small HKIX POP with Cisco 7603 (as layer 2 switch) has been set up in Mega-i with GE link (layer 2) back to HKIX at CUHK but it is for academic network connections only • Basic Set-up: • First 2 GE ports at HKIX and First 2 GE ports at HKIX2 free of charge with no question asked and no agreement • Advanced Set-up: • If 10GE port or >2 GE ports are needed, agreement is needed and there will be a small port charge unless aggregate traffic volume of all ports exceeds 50% (95th percentile) • See http://www.hkix.net/hkix/connectguide.htm for details
Plan for 2009 • Order has been placed to replace one Cisco Catalyst 6513 at HKIX with a brand new high-end switch • To support 128 line-rate 10GE ports • To support LACP with port security over GE & 10GE ports • Remote participants have to check whether their tail providers can support LACP with enough transparency • sFlow equivalent • To be in production in May 2009 • MLPA: Support daily automatic route filter updates from routing registry database • MLPA: Support BGP community for easier traffic load balancing • Portal for Participants • Improve after-hour support • We continue to encourage BLPA • Suggestions are welcome
IPv6 at HKIX • CUHK/HKIX is committed to help Internet development in HK • IPv6 supported by HKIX since Mar 2004 • Dual stack • Today, 24 AS’es have been assigned addresses at HKIX/HKIX2 and have joined MLPA • BLPA encouraged • Root server instance F supports IPv6 transport at HKIX • Dual stack so cannot know for sure how much IPv6 traffic in total • Should be lower than 1% of the total traffic • Hopefully with the new switch, we can have more detailed statistics
IPv6 Participants at HKIX (1/2) APAN-JP (AS7660) APNIC (AS18366) ASCC-ASNET (AS9264) Bhutan Telecom (AS17660) China Mobile-Peoples (AS9231; at HKIX2 only) CITIC1616 (AS17554; at HKIX2 only) CNGI-6IX (AS23911; IPv6 only) CUHK (AS3661 & AS4641) Diyixian (AS9584) Globalnet (AS17990) Google (AS15169; at both HKIX & HKIX2) Hurricane Electric (AS6939) Hutchison Global Communications (AS9304)
IPv6 Participants at HKIX (2/2) ISC (AS23709) Internode (AS4739; to be connected soon) JUCC-HARNET (AS3662) KREONET2 (AS17579) NTT Com (AS2914) Reliance Globalcom / FLAG (AS15412) Samsung (AS6619) SCIG of HK Government (AS9732) Telstra-CSL (AS38819) TIC (AS1836) Good mix of academic networks and commercial networks All joined MLPA Can set up BLPA with them over HKIX
Recent IPv6 Work at HKIX • Remove route filters for IPv6 at MLPA route server • Still provides minimal protection such as bogus routes • Total number of routes on MLPA >1,000 now • Add BGP community tagging to distinguish upstream routes for transit purpose from downstream routes for peering purpose • 4635:900 - Upstream / peer routes announced by free IPv6 transit providers for use by those HKIX participants which seek for free IPv6 transit over HKIX MLPA • 4635:800 - Downstream / internal routes seeking for peering only over HKIX MLPA but not for transit • 4635:700 - Downstream / internal routes seeking for transit over HKIX MLPA • See http://www.hkix.net/hkix/route-server.htm for details
Mega-i • Located in Chai Wan in Eastern part of HK Island • Important Carrier Hotel in HK • Essentially all submarine / terrestrial cable operators have presence there • Good for physical interconnections • But colo space is running out • Colo and Cross Connect charges increasing • CUHK/HKIX has a small POP there to serve R&E networks only • One GE link back to HKIX should serve multiple interconnection requirements
R&E Networks in Mega-i ASCC/ASNET: 5/F ASGC: 12/F inside PACNET CERNET/CERNET2/CNGI-6IX: 8/F CSTNET/GLORIAD: 32/F Meet-Me Room CUHK/HKIX: 32/F Open Farm KISTI/KREONET2: 12/F inside PACNET NICT: 10/F TEIN3: 8/F
Fiber Cross Connect Inside Mega-i Same charge for MMF & SMF Ordering may be complicated if more than one party is involved iAdvantage now have monthly charge even for Fiber Cross Connect within the same floor If not a lot of traffic, HKIX switch at Mega-i can be used for interconnections among R&E networks to avoid managing and paying multiple fiber cross connect cables
Wharf T&T AS9381 NTT AS2914 ASCC AS9264 CERNET AS4538 ….. CERNET2 AS23910 CNGI-6IX AS23911 Other Universities in HK HKIX Layer 2 (MLPA:AS4635) HARNET AS3662 at CUHK at HKU at CUHK at Mega-i CUHK AS3661 APAN-JP AS7660 TEIN3 AS24489 PCCW Global AS3491 Internet2 AS11537 KREONET2 AS17579 ASGC AS24167 CSTNET AS7497
Interconnections between NICT and CSTNET in Mega-i NICT on 10/F Mega-i GE(SX) untagged GE(SX) VLAN Trunk on 32/F Mega-i GE untagged Cisco 7603 of CUHK on 32/F Mega-i CUHK/HKIX in 32/F Mega-i
CUHK – PWH Hospital (1/2) • PWH is the teaching hospital of CUHK • 7km away from Main Campus • Little chance to lay our own fibers • Leasing 300Mbps bandwidth over GE now • Can be upgraded easily if needed • Networks within PWH is complicated as Hospital Authority is there also • When doing telemedicine, CUHK network resources (AS3661) will be used • CUHK/AS3661 has direct interconnections with APAN-JP, ASCC, ASGC, CNGI-6IX, CSTNET, HARNET & KREONET2 to ensure more direct routing path is selected