Principle of Internet Exchange Operation

1. Objective

To construct a neutral and impartial internet exchange environment and promote sound development of Internet exchange in Taiwan, Taiwan Network Information Center (TWNIC) formulated the operation principles of Internet Exchange (hereinafter referred to as the "IXP").

2. Definition of Internet Exchange

The Internet Exchange referred by this document should be compliant with the following basic principles:

  1. Provide service of internet data exchange in a neutral operation environment.
  2. Have a clear and public peering policy.
  3. Have reciprocal peering of at least 15 ISPs.
  4. Have a clear operation scope of IXP.

3. Standards of IXP

  1. Facilities
    • 1.1 Electricity
      The equipment room should provide a 24-hour Uninterruptible Power Supply (UPS) and 99.9% electric backup system to support 110V and 220V power depending upon the demand of clients
    • 1.2 Air conditioner
      In the equipment room, constant temperature should be maintained at 25℃ and constant humidity should be maintained below 70%.
    • 1.3 Security
      The equipment room should be a independent partition with fire-fighting facilities. Besides 24-hour secure guards, there must be door access controls systems and 24-hours camera surveillance system.
    • 1.4 Network equipment
      The IXP should adopt a dual-system backup design including Router Reflector and Ethernet switch to ensure high availability of the system.
  2. Service Rules of Data Exchange
    • 2.1 The IXP should provide switching service of ISO layer 2 above. Ethernet switching mode is recommended.
    • 2.2 The IXP should support patching of the optic fiber and UTP digital circuit. Depending upon the demand of clients for out-of-band network management, the IXP should also support installation and patching of voice circuits.
    • 2.3 According to the development of Internet technology, the IXP should provide the latest service of route exchanging.
  3. Service Standards
    • 3.1 The IXP should provide 7x24, 365 days specialists for assistance in troubleshooting.
    • 3.2 The IXP should provide a web-based looking glass tool to support troubleshooting of clients.
    • 3.3 The IXP should provide remote manual troubleshooting assistance. Clients could inform TWIX Work Force Group of some troubleshooting actions, such as reporting the status of equipment lamps, rebooting the equipment, and looping test of communication interfaces etc.
    • 3.4 The IXP should publicize overall traffic statistics periodically.
    • 3.5 The IXP could design deferent charge plans according to different Service Level Agreements.
    • 3.6 There must be service standards for each service which should be reviewed periodically to meet clients' demand in practice.
  4. Rules for Self-Circuiting Connection
    • 4.1 IXP should provide at least two-rack space for the client with self circuits and equipments. The related expense should be paid by the applicant.
    • 4.2 The client with self circuits should prepare and install necessary equipments and be responsible for the connection to IXP equipment room.
    • 4.3 Those IXPs approved by TWNIC before are not limited by these rules.
  5. Rules of IXP peering
    • 5.1 It is suggested that the IXP should at least peer with one another IXP based on an impartial and reasonable principle. In emergency cases, IXPs should provide staffs and equipments for backuping each other to maintain the availability of Taiwan's internet.
    • 5.2 It is suggested that two IXPs should share the circuit cost based on a reciprocal principle. Details of operation could be negotiated by both IXPs.

4. Administration of IXPs

  1. To ensure the fairness and neutrality of IXPs, the operation of IXPs is supervised by "IP Address and Protocol Committee in TWNIC".
  2. The affairs administrated by IXPs include requirements of peering, pricing, QoS and other related items.
  3. In principle, the operation of IXPs should be reviewed at least every two years or aperiodically if necessary. If the operation of an IXP is not compliant with these rules, the IXP should solve the problem as soon as possible. In serious cases, TWIX could revoke its qualified certification.

5. Appendix

  1. Operation principle of Internet Exchange will put into practice after approved by "IP Address and Protocol Committee in TWNIC" as well as the modification.

6. Technical principle

  1. Ethertypes
  2. All frames forwarded must have one of the following Ethertypes:

    - 0x0800 - IPv4
    - 0x0806 - ARP
    - 0x86dd - IPv6
  3. Link-local traffic
  4. Traffic for link-local protocols shall not be forwarded.

    The following link-local protocols but are not limited to, are not allowed:

    - IRDP
    - ICMP redirects
    - IEEE 802 Spanning Tree
    - Vendor proprietary protocols. These include, but are not limited to:
    - Discovery protocols: CDP, EDP
    - VLAN/trunking protocols: VTP, DTP
    - Interior routing protocol broadcasts (e.g. OSPF, ISIS, IGRP, EIGRP)
    - PIM-SM
    - PIM-DM
    - DVMRP
    - ICMPv6 ND-RA
    - UDLD
    - L2 Keepalives

    The following link-local protocols are exceptions and are allowed:

    - ARP
    - IPv6 ND

  5. Unicast/Multicast/Broadcast
  6. Only unicast traffic is allowed.

    Frames forwarded must not be addressed to a multicast or broadcast MAC destination address except as follows:

    - broadcast ARP packets
    - multicast ICMPv6 Neighbour Discovery packets. This DOES NOT include Router Discovery packet

  7. Member border routers at TPIX generally “should NOT” be configured with a default route or carry the full Internet routing table. Carrying default or full table means that this router and the ISP network is open to abuse by non-peering IXP members. Correct configuration is only to carry routes offered to IXP peers on the IXP peering router.
  8. Participants should connect with L3 port to TPIX to avoid spanning tree and L2 security issues. Without doing this, secured mac addresses might move among ports on TPIX platform and TPIX will treat this as a loop and cause platform to automatically shutdown the port other secured mac addresses moved to without prior notification. To protect the peering platform, TPIX allow single MAC Address per port, and this will help gain the security and limit the risk of loop in TPIX.
  9. ROV policy: Routes with RPKI status INVALID_ASN strongly indicate a serious problem. ROV(Route Origin Validation) is deployed on TPIX.