OcNOS Data Center for Meeting IXP Network Design Challenges IP Infusion

IXP Network Design Considerations

An IXP, or Internet Exchange Point, is a data center network that routes traffic between different participants’ networks. The most prevalent IXP architecture is based on Layer 2 Ethernet networks to which the participating networks connect their routers or switches. Each participant maintains a single connection to the network, which simplifies the routing and management of traffic. VLANs can be used on the Layer 2 network to segment and manage traffic.

Designing an IXP involves several important considerations to ensure its efficiency, scalability, and reliability:

Managing a large L2 broadcast domain and scaling VLANs
Auto-discovering to enable dynamic and automated network provisioning, configuration, and management
Having redundant access links and network paths to ensure high availability
Allowing for easy expansion as the traffic and participants grow

Some of the existing architectures used by IXPs, such as VPLS, Spanning Tree and MC-LAG, have inherent limits. These architectures either lack redundancy, auto-discovery, or both. Furthermore, all of them rely on data plane flooding of unknown unicasts for MAC learning, which limits the number of MACs and the scale of the network.

Advancements in networking technologies have led to new architectures and solutions for IXPs. In this blog, we will describe IP Infusion’s EVPN VxLAN based solution for IXP network design.

IP Infusion IXP Solution

IP Infusion’s OcNOS Data Center, an open networking OS for the data center, is a great solution for IXP applications. OcNOS Data Center is a proven EVPN VxLAN with MP-BGP based solution, with successful deployments by worldwide IXPs including a Tier-1 provider. It addresses all the design considerations mentioned in the previous section.

EVPN, defined in RFC 7432, is an advanced networking technology that provides both Layer 2 and Layer 3 VPN services over an IP network infrastructure. EVPN is designed to address the evolving connectivity and scalability requirements of modern data centers, service providers, and enterprise networks. It brings together the benefits of traditional Layer 2 VPNs with the flexibility and efficiency of Layer 3 routing.

Control Plane Learning

EVPN uses BGP (Border Gateway Protocol) to distribute MAC addresses and IP prefix reachability information across the network. By centralizing MAC address learning and distribution, control plane learning helps address the limitations of data plane learning for scalability, consistency, and resource consumption. It provides a more efficient and manageable way to handle MAC addresses in larger and more dynamic network environments.

Network Segmentation and Virtualization using VxLAN

VxLAN is designed for creating virtual overlay networks that extend Layer 2 segments across Layer 3 boundaries, providing enhanced scalability, flexibility and multi-tenancy traffic segmentation for modern network architectures. VxLAN is a tunneling protocol where the customer traffic can be tunneled across the underlay IP network without reconfiguration. IP routing is a proven, stable, and scalable underlay network which takes advantage of ECMP to utilize all available network paths. Running on top of a routed IP network, VxLAN increases scalability of Layer 2 domains up to 16 million using 24-bits VxLAN Network Identifier (VNI/VNID). VxLAN overcomes the 4K limitation faced by classic VLANs.

Public and Private Peering

Let’s take a look at how OcNOS Data Center uniquely manages the VxLAN VNI or overlay L2 domain assignment or mapping for both public and private peering services.

Public Peering: In this arrangement, multiple networks connect to a shared Layer 2 domain and exchange traffic with each other. Public peering is open to any network and allows networks to exchange traffic with a wide range of other participants, including internet service providers (ISPs), content providers, and mobile operators. To participate in a public peering LAN, the traffic is typically untagged at the IXP network access port.

Private Peering: Private peering involves a direct, private connection between two networks within the same IXP’s infrastructure shared with public peering. It offers greater control over the quality of the connection and may provide improved performance compared to public peering. Each peering member is assigned a unique VLAN tag that corresponds to their private peering connection to access the IXP network.

For public peering service, all participant traffic can be identified based on the assigned IXP network access port or redundant ports and being untagged. All participant traffic for public peering will be mapped to a unique VNI assigned for the public peering service.

For private peering service, the traffic of the participants can be identified based on the VLAN tag uniquely assigned to a private peering service. The traffic of the two participants for a private peering will be mapped to a unique VNI assigned for the private peering service. For two reasons, this way of mapping may not be the most efficient and flexible. A participant may want to retain its assigned VLAN tag when changing to a different private peering arrangement with another participant. The other reason is that a typical available VLAN range at an IXP is smaller than 4K, which would limit the scale of the private peering service and other services requiring VLAN use.

IP Infusion OcNOS Data Center provides a unique solution for these two scenarios. OcNOS Data Center can identify participant traffic through a port+VLAN combination, as opposed to just VLAN alone, when mapping to a service VNI. For example, participant A and participant B are in a private peering service with VNI 10110 ID. They also have access ports 3 and 4, respectively on the same access switch A1, both using 110 VLAN tag for the traffic being exchanged through the private peering service. Participant A now wants to change private peering to be with participant C under a new service with VNI 10120 ID. OCNOS Data Center can now make the following new mapping arrangement:

In the above example, Participant A can retain the existing VLAN tag and does not need to make any change when making a new private peering arrangement. For the IXP provider, only a new switch/port/VLAN to VNI mapping needs to be provisioned and no new switch needs to be used to support overlapping VLAN IDs across different private peering services. By supporting overlapping VLAN IDs on the same switch based on unique port+VLAN to VNI mapping, OcNOS Data Center allows the IXP to scale the service while minimizing the number of switches required for a much-improved TCO.

Multihoming for Redundancy

OcNOS Data Center supports all-active EVPN multihoming to allow devices to be connected to multiple Provider Edge (PE) routers, or IXP network access switches, for redundancy and load balancing. It ensures seamless failover and mobility while maintaining consistent MAC and IP address distribution. In the event of a PE router or access link failure, traffic is redirected without disruption. When a device moves from one PE router to another (e.g. during service upgrade to a higher speed access port), EVPN ensures that the device’s connectivity is maintained and seamlessly transferred to the new PE router. The failover and migration process is dynamic and managed by the EVPN control plane. All-active EVPN multihoming also allows for load balancing of traffic between multiple PE routers to achieve better performance and improved utilization of bandwidth.

Auto-discovery

OcNOS Data Center EVPN VxLAN supports auto-discovery of VXLAN tunnels and MAC address reachability information among the participating network devices. This enables devices to establish VxLAN tunnels and exchange traffic without requiring manual configuration of each individual connection, primarily through BGP signaling.

OcNOS Data Center EVPN VxLAN extends auto-discovery to handle scenarios where devices are multi-homed across different access switches. When a participant’s router or switch is connected to multiple IXP network access switches for redundancy, EVPN VxLAN auto-discovery ensures that the MAC address information is dynamically updated and correctly distributed to all relevant access switches.

OcNOS Data Center EVPN VXLAN auto-discovery can be integrated into network automation and orchestration tools, providing a unified view of the network for real-time monitoring and streamlined management.

Easy Network Expansion

Many modern data centers adopt a leaf-spine network architecture for scalability and simplicity. The IXP participants connect their equipment to the IXP network’s leaf switches, while spine switches provide high-speed connectivity between leaf switches. This design minimizes latency and enables easy expansion.

The distributed nature of the spine-leaf architecture complements the scalability and multi-homing features of EVPN. EVPN can be used to provide efficient and seamless Layer 2 and Layer 3 connectivity across the spine-leaf fabric, facilitating mobility, redundancy, and efficient use of network resources. The combination of EVPN and spine-leaf architecture helps data centers achieve the performance required to support modern applications, cloud services, and multi-tenant environments. The OcNOS Data Center powered IXP EVPN network not only provides a well-connected and resilient environment for IXP participants, but can offer additional services such as colocation and private VLAN.

OcNOS Data Center is available as a “whitebox” leaf and spine switching platform. OcNOS Data Center HW and SW products enable IXPs to build and expand the network using switches with the latest generation speeds and support access link speeds up to 400Gbps.

Traffic and Flooding Management

IXPs requires traffic engineering to optimize traffic flows in the network to minimize latency and congestion. OcNOS Data Center supports fine grained QoS policies using ingress/egress traffic policing to manage member traffic.

When it comes to mitigating the vulnerability to traffic injection from peers and non-peers as a security threat, OcNOS Data Center supports storm control with rate limiting.

OcNOS Data Center also provides a set of features to minimize ARP and ND flooding. By supporting EVPN learning from ARP requests, it can prevent flooding ARP requests and replies that can cause significant broadcast traffic and negatively impact network performance. OcNOS Data Center uses EVPN MP-BGP to distribute ARP information to only the relevant network segments or devices to reduce unnecessary traffic, improving network efficiency and stability.

A public peering LAN at a large IXP would inevitably become very large with hundreds or even over a thousand participants. Since all participants of a public peering LAN are in a single VNI or L2 domain, when an access link goes down unexpectedly, the traffic destined to that access link could start flooding to all other ports as part of BUM treatment. To avoid such flooding, OcNOS Data Center supports MAC hold timer to hold the MAC in hardware for some time until the control plane communicates to all devices to remove the unicast entry.

To Learn More about IP Infusion OcNOS Data Center

Additional information about OcNOS Data Center can be found in the following documents available on the IP Infusion website.

For more information, Contact us today to learn more about OcNOS Data Center.

Alan Huang is the Senior Product Manager, Data Center for IP Infusion.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wordpress_test_cookie	session	This cookie is used to check if the cookies are enabled on the users' browser.

Cookie	Duration	Description
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
visitorId	1 year	ZoomInfo sets this cookie to identify a user.
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.

Cookie	Duration	Description
_gat	1 minute	This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	Google Analytics sets this cookie, to determine new sessions/visits. __utmb cookie is created when the JavaScript library executes and there are no existing __utma cookies. It is updated every time data is sent to Google Analytics.
__utmc	session	The cookie is set by Google Analytics and is deleted when the user closes the browser. It is used to enable interoperability with urchin.js, which is an older version of Google Analytics and is used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmz	6 months	Google Analytics sets this cookie to store the traffic source or campaign by which the visitor reached the site.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_144639687_1	1 minute	Set by Google to distinguish users.
_ga_VZ8HYV5ELY	2 years	This cookie is installed by Google Analytics.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
__utmt_sfga	10 minutes	Set by Google Analytics and Google Tag Manager to enable website owners to track visitor behaviour and measure site performance.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.

IP Infusion OcNOS Data Center for Meeting IXP Network Design Challenges

Aug 7, 2023

Cookie	Duration	Description
AWSALBAPP-0	7 days	No description
AWSALBAPP-1	7 days	No description
AWSALBAPP-2	7 days	No description
AWSALBAPP-3	7 days	No description
DEVICE_INFO	5 months 27 days	No description
guestidc	session	No description
ln_or	1 day	No description
lpv900271	30 minutes	No description
visitor_id900271	10 years	No description
visitor_id900271-hash	10 years	No description
_cfuvid	session	No description