hkix 100g network internet traffic due to world cup
play

HKIX 100G Network & Internet Traffic due to World Cup HKNOG 6.1 - PowerPoint PPT Presentation

May 02, 2023 •44 likes •384 views

HKIX 100G Network & Internet Traffic due to World Cup HKNOG 6.1 Kenneth CHAN HKIX www.hkix.net 7 Sep 2018 HKIX Today Supports both MLPA (Multilateral Peering) and BLPA (Bilateral Peering) over layer 2 Supports IPv4/IPv6

  1. HKIX 100G Network & Internet Traffic due to World Cup HKNOG 6.1 Kenneth CHAN HKIX www.hkix.net 7 Sep 2018

  2. HKIX Today • Supports both MLPA (Multilateral Peering) and BLPA (Bilateral Peering) over layer 2 • Supports IPv4/IPv6 dual-stack • More and more non-HK participants • 290+ different networks (autonomous systems) connected • 500+ physical connections in total § 30 100GE , 300+ 10GE & 150+ GE • 1.17+Tbps (5-min) total traffic at peak • Annual Traffic Growth ~30%

  3. Current HKIX Traffic Daily Graph (5-min average)

  4. Current HKIX Traffic Yearly Graph (1-day average) Peak Traffic: 1.17T

  5. Trend of 100GE connections Total HKIX 100G Ports Connected (2016 OCT - 2018 AUG) 35 30 30 Number of Connections 28 25 25 23 23 23 22 21 20 20 19 17 15 14 14 12 11 10 9 9 7 7 7 5 5 3 0 0 V N R G V N R G T C B R N L P T C B R Y N L Y U U C O E E A P E C O E E A P A A U U A U U A O D F A J S O D F A M J M M N J M J A N J J A - - - - - - - - - - - - - - - 7 7 8 - 7 7 - - 8 8 - - 6 6 - 7 7 7 7 - 8 8 - 6 1 7 7 8 1 8 1 1 7 1 1 1 8 1 1 1 7 1 1 1 1 1 1 1 1 1 1 0 1 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 2 0 0 2 0 2 2 0 2 2 2 0 0 2 2 2 2 2 2 2 0 2 2 2 2 2 2 2 2 2 Year-Month 100GE

  6. HKIX 100GE Participants Akamai • Amazon • AOFEI • BGP Consultancy • China Mobile International • CloudFlare • Facebook • Google • HKBN • Hurricane Electric • Limelight • PCCW IMS • Telstra • Tencent • TVB • Udomain • Valve • Yahoo •

  7. New HKIX Dual-Core Two-Tier Spine-and-Leaf Architecture For 2014 and Beyond HKIX1 Core Site @CUHK HKIX1b Core Site @CUHK ------(<2km)------ Core Core Core Core Switch Switch Switch Switch @HKIX1 @HKIX1 @HKIX1b @HKIX1b n x 100GE/10GE n x 100GE/10GE Inter-Switch Inter-Switch Links Links Access Access Access Access Access Access Switch(es) Switch(es) Switches Switches Switch(es) Switch @HKIX-R&E @HKIX m @HKIX2 @HKIX1 @HKIX1b @HKIX n 100GE/10GE/GE 100GE/10GE/GE Links Links ISP 1 ISP 2 ISP 3 ISP 4 ISP 5 ISP 6 ISP 7

  8. New New 100G 100G Switch Switch R R R R 100G 100G Participants Participants

  9. Multiple HKIX Satellite Sites • Allow participants to connect to HKIX more easily at lower cost from those satellite sites in Hong Kong • Open to commercial data centres in HK which fulfil minimum requirements so as to maintain neutrality which is the key success factor of HKIX • Create a win-win situation with satellite site collaborators • Named HKIX2/3/4/5/6/etc Latest updates: – HKIX2 has been migrated from old model to HKIX Satellite Site – HKIX3/4/5 are new Satellite Sites and they are Ready for Service now • HKIX1 and HKIX1b (the two HKIX core sites located within CUHK Campus ) will continue to serve participants directly

  10. Setup Multiple HKIX Satellite Sites Hong Kong, 08 Feb 2017 HKIX announces that 3 new satellite sites will be established in collaboration with 3 commercial data centres which provide colocation services as well as easy connections to HKIX. Satellite Satellite Site Collaborator District Ports Supported Status Site HKIX2 CITIC Telecom International Kwai Chung GE/10GE HKIX3 SUNeVision / iAdvantage Fo Tan GE/10GE/100GE 100G Ready HKIX4 NTT Com Asia Tseung Kwan O GE/10GE/100GE 100G Ready HKIX5 KDDI / Telehouse / Tseung Kwan O GE/10GE/100GE 100G Ready HKCOLO.net For connections to HKIX at Satellite Sites, special connection charges will be charged by relevant operators, • in addition to the port charges charged by HKIX. For HKIX participants not co-located at HKIX satellite sites, they can still connect to any of the two HKIX core • sites, i.e. HKIX1 and HKIX1b sites by local loops via local loop providers.

  11. HKIX Traffic During World Cup Round of 16 Daily Graph (5-min average) Jun 30 Jul 1 Jul 2 30 Jun 2018 22:00 HKT (Sat) 1 Jul 2018 22:00 HKT (Sun) 2 Jul 2018 23:00 HKT (Mon)

  12. HKIX Traffic During World Cup Final Games Daily Graph (5-min average) ~300G Jul 14 Jul 15 14 Jul 2018 22:00 HKT (Sat) 15 Jul 2018 23:00 HKT (Sun)

  13. HKIX Planned Works for 2018/19 • Improved Stability o Better Control of Proxy ARP o New Route Server for peering • Improved Services o Rollout portal for HKIX participants / R&E participants o True 24x7 NOC (both email & hotline support) o Improve after-hour support o Introduce advanced Route Server functions o Automatic network filter update (support updates from IRR) • Improved Security o ISO27001 o Better support for DDoS mitigation o Implement MANRS IXP Programme for routing security o Implement RPKI on HKIX Route Servers to enhance routing security

  14. Better – Automatic Detection of Proxy Control of ARP (implemented) • Based on duplicated IPv4 ARP Proxy ARP entries learned on HKIX Route Servers – Automatic shutdown switch port of HKIX peer causing Proxy ARP (will be implemented) – Email notification to NOC of HKIX peer causing Proxy ARP

  15. Better Control of Proxy ARP – Recommendation: • Disable Proxy ARP COMPLETELY!! • No restricted or unrestricted Proxy ARP – Cisco IOS: • Configuration at interface: – no ip proxy-arp • Verification: – show ip interface | include Proxy ARP – “Proxy ARP is disabled” – Juniper JUNOS: • Proxy ARP is not enabled by default • So do NOT configure restricted or unrestricted mode Proxy ARP

  16. L2 Control for HKIX Peering LAN – Traffic Allowed in HKIX Peering LAN: • Ethernet Types – 0x0800 - IPv4 – 0x0806 - ARP – 0x86dd - IPv6 • Unicast Only – No multicast or broadcast except ARP broadcast • Port Security Always On – One MAC address one port

  17. Advanced Route Server Feature Feature BGP Standard Community Send prefix to all 4635:4635 Send prefix to $Peer-AS only 4635:$Peer-AS Do not send prefix to all 0:4635 Do not send prefix to $Peer-AS 0:$Peer-AS - Production in Q1 2018 - Support 2-byte AS numbers only - Default sending prefix to all if no BGP community is tagged

  18. DDoS Attack Towards a HKIX Participant on 9 Aug 2018 Total of Traffic ~75Gbps

  19. Support of Blackholing for Anti-DDoS on HKIX Route Servers HKIX route servers support Remote Triggered Black Hole Filtering (RTBH) for announcement of black-hole filtering http://www.hkix.net/hkix/anti-ddos.htm No. of ASNs Participated : 43 How it works? The victim’s address must be included in the participant filter on the HKIX route servers for BGP • announcement • Participant tag the /32 prefix with 4635:666 for its customer • HKIX route servers set the prefix with next hop 123.255.90.66 Other HKIX participants accept the /32 prefix and set the next hop address for 123.255.90.66 to null • Expected Results: • Only the victim (/32) will be unreachable via HKIX network while saving the others • The DDoS traffic will be black-holed at the side of the participating routers which are closer to the DDoS traffic sources

  20. Support of Blackholing for Anti-DDoS on HKIX Route Servers (BEFORE)

  21. Support of Blackholing for Anti-DDoS on HKIX Route Servers (AFTER)

  22. Support of Blackholing for Anti-DDoS on HKIX Route Servers Enhancement of RTBH on HKIX route servers : • Only registered members can tag the blackhole routes • Only /32 is accepted for the prefix (e.g. victim’s IP address) • Announce your own network prefix only (very important!!!) • Register your AS-Set in internet routing database and use IRR filtering on HKIX route servers (it can minimize the risk from accidentally announced a black-holing route that you are not allowed to advertise) • HKIX may shutdown the connection if improper use of the RTBH reported

  23. Portal for HKIX Participants • Login Page (URL: https://portal.hkix.net/)

  24. Portal for HKIX Participants – https://portal.hkix.net – Basic Functions (Currently Available) 1. Change Port Security 2. MRTG Statistics § Physical port § LAG port § Aggregated per Customer 3. Schedule Maintenance Window – Planning Features • Port Application • Site Access Application • Filter Update • Fault Case Reporting

  25. HKIX Portal – Port Security • Change port security

  26. HKIX Portal – MRTG Statistics • Review an individual statistics / HKIX total statistics

  27. HKIX Portal - Maintenance Window • Schedule Maintenance Window Contact provision@hkix.net for your portal account. It’s free!

  28. 24x7 HKIX NOC – Full operation starting from 1-Jan-2017 – Contact us at noc@hkix.net for operational related matters – Use Fault Reporting Form to open a ticket www.hkix.net -> Fault Case Report Form – 24x7 NOC hotline: 6890-9900 (effective from 1-Oct-2018) – Keep your contact point at HKIX updated for operational and security incident reporting

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hong Kong Internet Exchange (HKIX) http://www.hkix.net/ What is HKIX? HKIX is a Public

Hong Kong Internet Exchange (HKIX) http://www.hkix.net/ What is HKIX? HKIX is a Public

Hong Kong Internet Exchange (HKIX) http://www.hkix.net/ What is HKIX? HKIX is a Public Internet Exchange Point (IXP) in Hong Kong it is not a Transit Provider HKIX is the major domestic Interconnection point in HK where ISPs in HK

524 views • 41 slides
Hong Kong Internet Exchange (HKIX) http://www.hkix.net/ What is HKIX? HKIX is a public

Hong Kong Internet Exchange (HKIX) http://www.hkix.net/ What is HKIX? HKIX is a public

Hong Kong Internet Exchange (HKIX) http://www.hkix.net/ What is HKIX? HKIX is a public Internet Exchange Point (IXP) in Hong Kong HKIX is the main Interconnection point in HK where ISPs in HK can interconnect with one another and

512 views • 36 slides
Best Practices for HKIX Peering ISP Symposium 2017 Kenneth CHAN Team Lead, HKIX www.hkix.net

Best Practices for HKIX Peering ISP Symposium 2017 Kenneth CHAN Team Lead, HKIX www.hkix.net

Best Practices for HKIX Peering ISP Symposium 2017 Kenneth CHAN Team Lead, HKIX www.hkix.net 18 Dec 2017 What is HKIX? Established in Apr 1995, Hong Kong Internet eXchange (HKIX) is the main layer-2 Internet eXchange Point (IXP) in Hong

601 views • 42 slides
HKIX Platform Upgrade &amp; Bilateral Peering Che-Hoo CHENG Hong Kong Internet Exchange

HKIX Platform Upgrade &amp; Bilateral Peering Che-Hoo CHENG Hong Kong Internet Exchange

HKIX Platform Upgrade &amp; Bilateral Peering Che-Hoo CHENG Hong Kong Internet Exchange (HKIX) The Chinese University of Hong Kong (CUHK) 02 MAR 2010 Introduction of HKIX (1/2) HKIX is a Settlement-Free Layer-2 Internet Exchange Point

600 views • 30 slides
HKIX Upgrade Plan in 2013 Che-Hoo CHENG The Chinese University of Hong Kong (CUHK) /

HKIX Upgrade Plan in 2013 Che-Hoo CHENG The Chinese University of Hong Kong (CUHK) /

HKIX Upgrade Plan in 2013 Che-Hoo CHENG The Chinese University of Hong Kong (CUHK) / Hong Kong Internet Exchange (HKIX) www.hkix.net What is HKIX? HKIX is a public Internet Exchange Point (IXP) in Hong Kong HKIX is the main

528 views • 25 slides
HKIX Updates at HKNOG 7.0 Kenneth CHAN HKIX www.hkix.net 1 Mar 2019 HKIX Today Supports

HKIX Updates at HKNOG 7.0 Kenneth CHAN HKIX www.hkix.net 1 Mar 2019 HKIX Today Supports

HKIX Updates at HKNOG 7.0 Kenneth CHAN HKIX www.hkix.net 1 Mar 2019 HKIX Today Supports both MLPA (Multilateral Peering) and BLPA (Bilateral Peering) over layer 2 Supports IPv4/IPv6 dual-stack More and more non-HK participants

384 views • 24 slides
Peering in Hong Kong Che-Hoo CHENG CUHK/HKIX www.hkix.net How Internet Operates in simple

Peering in Hong Kong Che-Hoo CHENG CUHK/HKIX www.hkix.net How Internet Operates in simple

Peering in Hong Kong Che-Hoo CHENG CUHK/HKIX www.hkix.net How Internet Operates in simple terms Internet is composed of networks of ISPs and users User networks connect to ISPs Small ISPs connect to large ISPs ISPs

577 views • 23 slides
HKIX Updates at JPIX User Meeting Kenneth CHAN Team Lead, HKIX www.hkix.net 5 Jul 2017 About

HKIX Updates at JPIX User Meeting Kenneth CHAN Team Lead, HKIX www.hkix.net 5 Jul 2017 About

HKIX Updates at JPIX User Meeting Kenneth CHAN Team Lead, HKIX www.hkix.net 5 Jul 2017 About me Team Lead of HKIX Planning, design and implementation of HKIX infrastructure and supporting systems In charge of full HKIX operations

1.02k views • 21 slides
HKIX IPv4 Address Renumbering from /23 to /21 Experience Sharing Che-Hoo CHENG CUHK/HKIX

HKIX IPv4 Address Renumbering from /23 to /21 Experience Sharing Che-Hoo CHENG CUHK/HKIX

HKIX IPv4 Address Renumbering from /23 to /21 Experience Sharing Che-Hoo CHENG CUHK/HKIX 08 Sep 2015 www.hkix.net 20 th Anniversary of HKIX HKIX started with thin coaxial cables in Apr 1995 Gradually changed to UTP cables / fibers

508 views • 19 slides
Internet Governance Forum the World Malta Internet Traffic Statistics Introduction

Internet Governance Forum the World Malta Internet Traffic Statistics Introduction

6/7/2011 Outline State of the Internet Internet Governance Forum the World Malta Internet Traffic Statistics Introduction Usage and trends Internet Governance Definition/s History and today Launch of Malta I

84 views • 6 slides
Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance

Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance

Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance analysis Anomaly and intrusion detec=on Network engineering Traffic at different granulari=es IP-level packets Capture per-packet

539 views • 40 slides
Traffic Measurement Lothar Braun Outline Why do we need to measure traffic in the Internet?

Traffic Measurement Lothar Braun Outline Why do we need to measure traffic in the Internet?

Chair for Network Architectures and Services Department of Informatics Technische Universitt Mnchen Traffic Measurement Lothar Braun Outline Why do we need to measure traffic in the Internet? Active measurement vs. passive

771 views • 31 slides
Traffic Measurement Lothar Braun Outline q Why do we need to measure traffic in the Internet?

Traffic Measurement Lothar Braun Outline q Why do we need to measure traffic in the Internet?

Chair for Network Architectures and Services Department of Informatics Technische Universitt Mnchen Traffic Measurement Lothar Braun Outline q Why do we need to measure traffic in the Internet? q Active measurement vs. passive

654 views • 31 slides
Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon,

Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon,

Traffic Measurement Analysis &amp; Robust Methods Modeling Anomaly Detection Traffic Classification Conclusion + Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon, Laboratoire de Physique (UMR

716 views • 60 slides
Using Flow for Realtime Traffic Management in 100G Networks John Gerth Johan van Reijendam

Using Flow for Realtime Traffic Management in 100G Networks John Gerth Johan van Reijendam

Using Flow for Realtime Traffic Management in 100G Networks John Gerth Johan van Reijendam Stanford University Ethernet Speed Evolution 1970s thick ethernet 3 Mbps over 10Base5 coax 1980s thin ethernet 10 Mbps

195 views • 17 slides
HKIX Updates at APIX &amp; APRICOT 2018 Kathmandu, Nepal 24-28 Feb 2018 Kenneth CHAN Team

HKIX Updates at APIX &amp; APRICOT 2018 Kathmandu, Nepal 24-28 Feb 2018 Kenneth CHAN Team

HKIX Updates at APIX &amp; APRICOT 2018 Kathmandu, Nepal 24-28 Feb 2018 Kenneth CHAN Team Lead, HKIX www.hkix.net HKIX Today Supports both MLPA (Multilateral Peering) and BLPA (Bilateral Peering) over layer 2 Supports IPv4/IPv6

357 views • 11 slides
Enfield SEND Strategy School Expansions Striving for excellence www.enfield.gov.uk Special

Enfield SEND Strategy School Expansions Striving for excellence www.enfield.gov.uk Special

Enfield SEND Strategy School Expansions Striving for excellence www.enfield.gov.uk Special School Population Increases Between 2010 -2014 the total school population increased by 3.4% Enfield Special Schools population has increased by

249 views • 11 slides
H3C S3100-EI Intelligent Secure Switches Content Introduction Highlight Features

H3C S3100-EI Intelligent Secure Switches Content Introduction Highlight Features

H3C S3100-EI Intelligent Secure Switches Content Introduction Highlight Features Typical Solutions www.h3c.com.cn 2 Content Introduction Highlight Features Typical Solutions www.h3c.com.cn 3 Hardware Specification

553 views • 23 slides
Existing Urban Living Multi-Unit Densities What We Heard - Summary 1. Residents are

Existing Urban Living Multi-Unit Densities What We Heard - Summary 1. Residents are

Existing Urban Living Multi-Unit Densities What We Heard - Summary 1. Residents are supportive of the overall City Centre revitalization vision and plans, as well as increases to density to support the endeavor. 2. Residents wish to retain

282 views • 3 slides
Nine Tips FOR MANAGING LEGAL RISK IN RETURN-TO-CAMPUS INITIATIVES Roy Collins, III University

Nine Tips FOR MANAGING LEGAL RISK IN RETURN-TO-CAMPUS INITIATIVES Roy Collins, III University

21 Nine Tips FOR MANAGING LEGAL RISK IN RETURN-TO-CAMPUS INITIATIVES Roy Collins, III University Administrative Council University General Counsel General Advice 22 Legal Disclaimer this presentation not intended as an exhaustive

464 views • 25 slides
Cement - AFR &amp; Innovation Energy and waste market influences Ed Verhamme Mumbai , 11 10

Cement - AFR &amp; Innovation Energy and waste market influences Ed Verhamme Mumbai , 11 10

Cement - AFR &amp; Innovation Energy and waste market influences Ed Verhamme Mumbai , 11 10 - 2012 Topics of Presentation o Introduction Alternate Resource Partners o What are pricing/ economic factors for AFR ? o Characteristics cement

756 views • 32 slides
ADAMS LSN Problem List Laurie Borski Paralegal Egan Fitzpatrick Malsch &amp; Lawrence PLLC

ADAMS LSN Problem List Laurie Borski Paralegal Egan Fitzpatrick Malsch &amp; Lawrence PLLC

Licensing Support Network Advisory Review Panel Meeting State of Nevada ADAMS LSN Problem List Laurie Borski Paralegal Egan Fitzpatrick Malsch &amp; Lawrence PLLC Rockville, Maryland February 27, 2018 General Concerns 1 Too many

452 views • 21 slides
MOC/PSSR Management of Change/Pre-Startup Safety Review Providing Solutions. Simplifying

MOC/PSSR Management of Change/Pre-Startup Safety Review Providing Solutions. Simplifying

Providing Solutions. Simplifying Regulation. MOC/PSSR Management of Change/Pre-Startup Safety Review Providing Solutions. Simplifying Regulation. Whats the goal? To change the process in a safe manner and update the RMP/PSM/CalARP Program

538 views • 23 slides
IPvlan Eric Dumazet (edumazet@google.com) Mahesh Bandewar (maheshb@google.com) Proceedings of

IPvlan Eric Dumazet (edumazet@google.com) Mahesh Bandewar (maheshb@google.com) Proceedings of

IPvlan Eric Dumazet (edumazet@google.com) Mahesh Bandewar (maheshb@google.com) Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada IPvlan (instead of MACvlan) : Why? Switches may apply policies to disable CAM-table overflow

687 views • 9 slides

More recommend