We often get requests from networks that want to peer because they've read that this can enhance your network. We are great proponents of peering, and believe that this can truly change your network, but, like all things, the key to success is planning. We've put together a simple 12 step plan that you can follow if you are an absolute newbie to peering, and don't know where to start below.
- Decide if this is what you really want to do. You gain network autonomy and freedom to move and scale as your network grows, but this comes at the cost of both some complexity (you have to run this schmancy protocol called BGP) and cost (paying a RIR for resources). Our advice here is that it’s always better to have the ability to be autonomous, because that gives you network agility. And BGP is not difficult if its setup properly once, and templatised correctly.
- If you're reading on, you've decided to peer. Congratulations! The next step in the process is to apply to your RIR (AfriNIC, for Africa) for Internet number resources. You can't peer at an IX, if you don't have an Autonomous System Number (ASN) and your own IP addresses. For AfriNIC, the starting point is the AfriNIC new membership form, located here. In addition, you should also make sure that you have:
- A network plan for how you would use the address space.
- Proof of evidence that you are a legal organisation (CIPC certificate; ICASA license; basically, something to show that you are a registered entity in the country)
- Proof of evidence that you have network infrastructure in place (or are planning to do this). Proof of contracts with your transit provider, and evidence to show that you have bought servers/routers/etc to support your network rollout all help
- Remember to ask for IPv6 as well. You don’t need to submit a detailed plan if you don’t plan on using more than a /32. That’s more than enough for you, for now, and for a long, long time, so get the space now, and let your techies start to experiment with using it. It’s free, and easy to do, if you do it in one go (no need to do more paperwork)
- Afrinic will ask you if you are a LIR or EU (end-user). If the IP address that you want, will be on infrastructure that is not being owned/run by you (e.g. a VPS/VM) you’re a LIR. An EU registration is one where the end-user of the address space is inside your organisation; like a branch office, or single-entity organisation
- Because you need an ASN, AfriNIC will ask you who you plan to peer with. If you've already spoken to our helpful support team about getting connected to JINX, you can simply tell AfriNIC “We plan to peer at the Johannesburg Internet Exchange Point (JINX). You may contact firstname.lastname@example.org to confirm that they have a request from us to do this”. AfriNIC, in turn, will then confirm that you have intent to peer.
- Assuming that you have submitted an address plan that makes sense to them, AfriNIC will allocate you an ipv4 /22, and an ASN. Take a minute to confirm that you already remembered to get an IPv6 /32 as well. Trust us, it’s just easier to do this now! AfriNIC will also give you access to their member portal - https://my.afrinic.net, which is what you’ll need to complete some of the work elements below. And let us (INX) know what your shiny new ASN is! You can simply send an update to the ticket you logged above.
- Now that you have the address space, and the ASN, you will want to do several things to make sure that your “paperwork” on the Internet is in place. Still working from the mindset that it’s easier to do the admin work in one go, here are specific things that you will want to get done:
- Register your prefixes in an Internet routing registry (IRR). We'd recommend you use the AfriNIC IRR database. There’s a simple-to-use GUI available via the AfriNIC portal
- Register an account for your organisation on PeeringDB (https://www.peeringdb.com). This is an address book for networks that are engaged in peering and interconnection. During your registration, there’s a field that says : “Allow IX to update” and we'd recommend ticking that. This allows responsible IXPs (like INX :-)) to update your port speed, ip address information, and whether, or not, you are a BGP-RS peer, via a JSON export that we send nightly to peeringdb. We only get to update those fields, and automation is good!
- Get your reverse DNS subnets working via the afrinic portal
- Get your IP prefixes “signed” using PKI technologies, like RPKI. This is complicated to write-up here, but I would *strongly* suggest you get this done as it will help to prevent your address space from being hijacked by another other party
- Once you have setup a peeringdb account, you will be able to use the same set of authentication credentials to get access to the INX portal at https://portal.inx.net.za. We can also setup users for you, but we really prefer that you are able to setup and manage your own users, so that is a good thing for you to test!
- Now, we are ready to start routing :-) At this point, you’ll likely need someone to help your team setup and manage BGP for you, to both the IX, and to your upstream provider. Your upstream provider might make noises about contract issues and having to do BGP with you. Feel free to threaten to leave them for another if they do! It is your *right* to self-determine as a network, and if they want to start charging you for things like BGP setup, that’s usually where we start to walk. The colo provider can give you a list of other reputable IP transit providers that are in their facility. If you have the capital, we really suggest you try to separate out your “peering at the IX router” to the border router that you use to connect to your IP transit provider. In the BGP classes that we teach, we always say: everything fails; so design to minimise that impact. A good network consultant will help you ensure that you have sufficient resiliency in your design.
- Peering is only as useful as you make it to be for you. We provide you with easy to use services at INX, like redundant BGP route servers (a “peer-with-one-but-get-the-benefit-of-many service) but it’s still important to go through the process of building relationships with peers and setting up direct, peering relationships with them. We call these bilateral sessions. This is something that you can templatise, and whenever you have a new direct relationship you want to make, simply apply the template, with the respective peer’s IP address.
Along with what we wrote above, when the world does eventually return to a more normal environment, we’ll hold several events, where we invite peers to attend. It’s useful to come and meet people because it’s much easier to build those peering relationships on routers, if you can make/set those relationships in real-life. Also, we have great single-malt whisky meetups. Make sure to attend / send your technical team. There’s usually a short talk about something technology related and then…well, just socialising. It’s a great way to pickup on trends in the industry, make friends, and even get help for things that you’re trying to get done.We would strongly advise getting a consultant to spec out a work plan early in the project, because they can help you with a lot of the work here. Because this is a foundational building block of your network, and, like any good foundation, if you set this correctly, at the start, there’s little reason to go back later to redo anything!