|
On this page you can find answers to frequently asked questions:
In order to use Global Transit you need (1) a router that supports the BGP protocol,
(2) your own AS number and (3) your own block of at least 256 consecutive IP addresses.
If you don't have an AS number and/or IP addresses yet, we can register them
for you with
RIPE.
By default we register Provider Independent (PI) type addresses, so
you can always take them with you if you change provider. For registration
RIPE requires you use 1/4th of the requested space (at least 256 IP's)
immediately and 1/2nd within one year.
If you already have IP addresses, please check what type they are:
Provider Independent (PI) or Provider Aggregatable (PA). In the latter
case please contact the provider that registered them for you and check
if they allow you to announce them in BGP under your own AS number.
The 95% model is a method to determine the traffic volume on a connection
over a calendar month and is used for billing purposes:
-
Every 5 minutes two measurements (transmit and receive) are made of the
total traffic that has passed over the port since the last measurement.
-
At the end of the calendar month all measurements (the highest of transmit
and receive) of that month (generally 12*24*30=8.640) are lined up and
sorted from high to low.
-
The highest 5% of the measurements (so generally 5% * 8.640 = 432)
is dropped, and the next highest measurement defines the 95% traffic
level on which the billing for that month is based.
Practically this means you can burst for (432 * 5 minutes / 60 =)
+/- 36 hours per month without any impact on the monthly bill.
All transit products (except KPN AS286 Wholesale transit products) feature a
mix of multiple upstreams.
Each upstream is selected
for it's geographic and market coverage: while one upstream is very strong in one
location (e.g. Europe, US, Asia, Middle East, South america, Africa, etc.) or market,
another is stronger in a different location or market. This mix guarantees that for
each destination (over 350.000) on the Internet, the shortest possible path is selected.
And, during maintenance or outages at one of the upstreams, traffic is automatically
rerouted via the other upstreams.
All Joint Transit products (not the KPN Wholesale AS286 products) offer dual session routing standard. This
means that on your port you have two BGP session to two different Joint Transit
routers for improved resilience. If one of the Joint Transit routers
is under maintenance or experiences a problem, you still have full routing
available via your session with the other router.
In addition to dual session routing, which provides full global routing
including all Dutch Internet destinations, with it's Carrier, Telco and Wholesale products
Joint Transit offers a separate third BGP session over which only Dutch routes
are announced.
This feature gives you the possibility to set separate BGP routing policies (e.g. localpref) for these Dutch destinations, for example to guarantee that
the shortest possible route to Dutch destinations is always used. As Dutch traffic
is handled by a separate dedicated router, this feature also provides extra
resilience.
In addition to dual session routing to Joint Transit AS24785, you can add a third (fourth)
BGP session with full global routing directly through a KPN Wholesale AS286 router over the
same port.
This feature provides both direct access to all Dutch and International
KPN providers and business ans residential customers, as well as offers you a independent second
source of full global routing.
On the Carrier and Provider products (not the Telco and Business products)
and the KPN Wholesale AS286 products,
a dual port configuration is optionally available for optimum
redundancy. The product is then delivered over two seperate physical ports, with
a set of dual BGP sessions on each port. The second port can
be on the same
datacenter
or on a different datacenter.
This setup provides redundancy
for the customer router, physical ports on both sides, the patchcable inbetween and,
in case of ports on different datacenters, also redundancy for the Joint Transit switch
and the datacenter (power, cooling, etc.) availability.
On the customer side two seperate routers are connected. These routers do have to run
under the same AS number.
The 95% traffic level is calculated over the sum of the traffic
on both ports.
For optimum resilience, customers can implement port redundancy
with one port using a Joint Transit AS24785 routed upstream service, and a secondary
physical port, preferably either on a different datacenter or terminated via a dedicated WDM
or fiber circuit, with a KPN Wholesale AS286 routed upstream service.
This combination offers both physical redundancy as well as redudancy for the Autonomous Systems
(network) providing the transit (Joint Transit AS24785 v.s. KPN Wholesale AS286).
Commercially this requires a Joint Transit Carrier, Telco or Wholesale product, with both the additional
port redundancy and the additional AS86 BGP Session fee's options.
Normally Joint Transit and KPN Wholesale (AS286) transit services are deliverded over a switched
ethernet network infrastructure.
If you use the
port redundancy
or
dual carrier, dual port redundancy option, and want to use both ports
on the same datacenter, it is advisable to use optional WDM of fiber access on either port, as
otherwise the same (ethernet) switch infrastructure is used for both connections, undermining
the redundancy.
However, WDM of fiber access is a dedicated circuit and therefor generally is relatively expensive.
Alternatively you select a third transit provider over different access infrastructure as emergency
bckup transit. We can help you with this selection.
When you buy a product with a certain traffic commitment, this means
all traffic upto this level is already included in the fixed monthly
price. The burst fee of the product is only applicable for traffic over
the commitment level. A few examples:
- If you have a 5 Mbit/s commitment and actually use 7 Mbit/s, in addition
to the fixed monthly fee you pay for 7-5= 2 Mbit/s of burst traffic;
- If you have a 15 Mbit/s commitment and use 12 Mbit/s, you only pay
the fixed monthly fee and no burst traffic.
The fixed monthly fee is billed in advance. Burst traffic, if applicable, is
calculated and billed in arrears.
When you don't know in advance how much traffic you will do, or how the traffic volume
develop in the future, a service with 0 Mbit/s traffic committment is very usefull.
Because 0 Mbit/s commit Joint Transit services are still 100% burstable, they are
also perfectly suited a backup facility.
Some parties are vulnerable for (Distributed) Denial Of Service attacks.
Especially if you provide public communication services (chat sites, mailing
lists, discussion groups, Usenet News), gaming services or if you are, or have
customers who are, 'publically known' either in the real world or on the Internet,
you could become victim of such an attack.
On Carrier products Joint Transit offers a 'distributed drop' (d-drop) service which enables
you, while under attack, to have traffic for attacked IP addresses automatically be
dropped very early on the Internet, close to the source (on the backbone routers of upstreams) using a
specific BGP community, in order to prevent your own network from becoming virtually
unusable dure to extreme congestion, and to prevent your traffic costs to explode.
Further, on all products it is possible to use
port redundancy
to seperate (D)DOS and normal traffic coming into your network over seperate ports, so your network
is not congested for normal traffic on the primary port, and you can possibly filter out (D)DOS
traffic intelligently using for example a Firewall or Cleanpath technology.
On your port we configure port security, which allows only one ethernet MAC adress
to be visible on the connection: the MAC of your router. If you connect your router
via one or more layer2 switches, please make sure these switches are configured such
that they stay quiet and don't send any multicast or broadcast traffic (e.g. spanning
tree/STP, Cisco discovery protocol, VLAN trunking protcol/VTP, etc).
Joint Transit filters out Bogon routes from the global routing table
before redistributing the joint table to customers. These addresses are commonly found
as the source addresses for (D)DOS (resource-saturation) attacks like SYN flooding. CleanTable™
safeguards customers from such abuse and from bogon-induced routing problems.
Further CleanTable™ cleans up the announcement by filtering out Tinyspace blocks.
How much does it help to filter the bogons? In one study conducted by Rob Thomas of a frequently
attacked site, fully 60% of the abuse packets were obvious bogons (e.g. 127.1.2.3, 0.5.4.3, etc.).
Filtering inludes Bogon routes and Tinyspace.
A Bogon prefix is a route that should never appear in the Internet routing table and includes Martians
and Unallocated space. Description:
-
Martians (Bogon)
-
This term describes private addresses (described in RFC1918 e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
and adresses reserved for specialized purposes (described in RFC3330) like local use
(described in RFC1700 e.g. 0.0.0.0/8, 127.0.0.0/8, 169.254.0.0/16), a test-net for documentation and examples
(192.0.2.0/24), etc.
-
Unallocated (Bogon)
-
These are netblocks that have not been allocated to a regional internet registry (RIR) by the
Internet Assigned Numbers Authority (IANA) yet. IANA maintains a convenient IPv4 summary page listing allocated and reserved
netblocks.
-
Tinyspace
-
Blocks smaller then a /24 (256 IP addresses) are generally not globally routable. These tiny blocks are filtered
out by CleanTable™.
Transit sessions are provided on both IPv4 and IPv6 by default.
However, we still see many customers initially only using IPv4, so please let us know if you want to use IPv6 as well
and we will enable the service.
| 
