All members’ use of NL-ix infrastructure shall conform to the relevant standards as laid out in STD0001 and associated Internet standardisation documents.
Each participant’s network must have an ASN (Autonomous System Number) assigned by an appropriate LIR or RIR (Regional Internet Registry), being either ARIN, RIPE-NCC, APNIC or LACNIC. During the application process this assignment will be checked.
Ethernet ports into NL-ix are offered in following configurations:
1GE – 1000Base-LX
10GE – 10GBASE-LR
Nx10GE – Link Aggregated
100GE – 100GBASE-LR4
Nx100GE – Link Aggregated
NL-ix supports standard single-mode (10km 1310nm) optics by default. For an additional charge, customer may request specialised optics, including extended reach optics in any common 100 Ghz DWDM or CWDM bands.
By default, NL-ix Peering will be offered at line rate. **
**Other bandwidths available via our resellers
Peering VLAN ports (VLAN 7) must always be tagged.
This differs per NL-ix service. E.g. VPLS’s do get tagged by default. VLL’s do not get tagged by default; only when you have multiple services on your NL-ix interface. We use industry standard IEEE 802.1q VLAN trunking, please see your vendor manual for information on how to tag your frames.
Media Access Control
Only 1 MAC address is permitted per IX port.
Frames forwarded to NL-ix must only have one of the following Ethertypes:
Any frames not matching the above Ethertypes will be discarded.
Not allowed traffic
The following traffic is explicitly not allowed on the NL-ix Peering VLAN 7:
NetBIOS and IPv6 Router Advertisements
Information Regarding MAC Filtering
As noted under “Media Access Control” section above, NL-ix only permits 1 MAC address per port so any intermediate switches should be made silent.
During turn up, customer’s routing equipment is put into quarantine status to check for common configuration mistakes and to prove that it is suitably configured to participate in the peering fabric. Once verified, customer is placed out of quarantine, moved into production VLAN, and the MAC address of customer’s Routing equipment will be noted and configured. The configured MAC address will stay locked and enforced using L2 ACL. No frames with different source MAC addresses are allowed to enter the peering fabric.
The implementation of MAC filtering is important to protect the NL-ix Peering infrastructure against loops. Customers who intend to swap Routers or otherwise change their MAC address should coordinate this change in advance with the NL-ix NOC or by configuring the new MAC in the My NL-ix portal. In the event of an after-hours emergency necessitating our help on a MAC change, please call our NOC
Connecting Directly to the IX
Contact us by emailing sales@NL-ix.net. Together we will gather all the necessary information in order to help your business as best as we can.
Once your order is placed, NL-ix will forward you a CFA/LOA for you to order a cross-connect into the IX node present in your selected facility. You are responsible for arranging and paying for the cross-connect to reach the IX fabric. To ease the cross-connect process, NL-ix is aggressively installing patch panels along various suites and Meet Me Areas in each facility, in coordination with the building owner. Contact our sales team if you have any questions regarding cross-connects at a particular facility.
Connecting through a reseller
Another way to join the NL-ix is via an authorised reseller. NL-ix is actively signing additional partners and resellers – check back with us often for an updated list.
Interconnecting internationally to other networks via a Transit provider with a full or partial Routing BGP-table is a very effective Routing option. It can be used in combination with Peering either to improve and stabilise critical routes or to cut costs. Using multiple Transit providers over different ports guarantees redundancy. Open Peering is a tried and tested service offering full European coverage with the best routes available. It gives direct access to any network that peers on the Route Servers of all the major European exchanges, supplemented with bilateral peering sessions and the PNI’s of the Open Peering initiative.
Make sure that:
You can blackhole traffic in EU-routing by adding community 20562:0 to your prefix. Below is an example for a Cisco router.
Cisco router example
ip route 192.168.1.1 255.255.255.255 Null0
router bgp 6500
network 192.168.1.1 255.255.255.255 route-map blackhole
route-map blackhole permit 10
set community 20562:0
Joint Transit offers the best IP Transit option. We have created a unique blend from geographic Tier 1 and Tier 2 Transit specialists that guarantee the best routes to specific regions. Users can connect from around datacenters in most important European metropolitan markets in 7 countries, receiving more than 600.000 IPv4 prefixes.
Below is an example on how to configure your Joint Transit service. This config snippet can also be used to configure your Open Peering product.
Cisco router - BGP
router bgp 65000
bgp router-id 22.214.171.124
bgp maxas-limit 50
address-family ipv4 vrf internet
neighbor 213.207.12.x1 remote-as 24785
neighbor 213.207.12.x1 description eBGP with Transit Nikhef
neighbor 213.207.12.x1 version 4
neighbor 213.207.12.x1 activate
neighbor 213.207.12.x1 remove-private-as
neighbor 213.207.12.x1 soft-reconfiguration inbound
neighbor 213.207.12.x1 route-map BGP-NLix-1-Ingress in
neighbor 213.207.12.x1 route-map BGP-NLix-1-Engress out
neighbor 213.207.12.x1 maximum-prefix 750000
neighbor 213.207.12.x2 remote-as 24785
neighbor 213.207.12.x2 description description eBGP with Transit Telecity2
neighbor 213.207.12.x2 version 4
neighbor 213.207.12.x2 activate
neighbor 213.207.12.x2 remove-private-as
neighbor 213.207.12.x2 soft-reconfiguration inbound
neighbor 213.207.12.x2 route-map BGP-NLix-2-Ingress in
neighbor 213.207.12.x2 route-map BGP-NLix-2-Engress out
neighbor 213.207.12.x2 maximum-prefix 750000
maximum-paths eibgp 4
Please note that that Transit is always redundant. You can configure a session to both Nikhef and Telecity 2.
Cisco router - Prex Lists
ip prefix-list BGP-Engress-Out-Filter seq 1 permit 203.0.113.0/24 le 32
ip prefix-list BGP-Ingress-In-Full-Routing-Table seq 2 deny 0.0.0.0/0
ip prefix-list BGP-Ingress-In-Full-Routing-Table seq 4 deny 10.0.0.0/8 le 32
ip prefix-list BGP-Ingress-In-Full-Routing-Table seq 6 deny 172.16.0.0/12 le 32
ip prefix-list BGP-Ingress-In-Full-Routing-Table seq 8 deny 192.168.0.0/16 le 32
ip prefix-list BGP-Ingress-In-Full-Routing-Table seq 10 deny 126.96.36.199/4 le 32
ip prefix-list BGP-Ingress-In-Full-Routing-Table seq 12 deny 240.0.0.0/4 le 32
ip prefix-list BGP-Ingress-In-Full-Routing-Table seq 14 deny 127.0.0.0/8 le 32
ip prefix-list BGP-Ingress-In-Full-Routing-Table seq 16 deny 169.254.0.0/16 le 32
ip prefix-list BGP-Ingress-In-Full-Routing-Table seq 18 deny 192.0.2.0/24 le 32
ip prefix-list BGP-Ingress-In-Full-Routing-Table seq 20 deny 198.51.100.0/24 le 32
ip prefix-list BGP-Ingress-In-Full-Routing-Table seq 22 deny 203.0.113.0/24 le 32
ip prefix-list BGP-Ingress-In-Full-Routing-Table seq 24 deny 188.8.131.52/24 le 32
ip prefix-list BGP-Ingress-In-Full-Routing-Table seq 26 deny 198.18.0.0/15 le 32
ip prefix-list BGP-Ingress-In-Full-Routing-Table seq 99 permit 0.0.0.0/0 le 24
route-map BGP-NLix-1-Engress permit 10 match ip address prefix-list BGP-Engress-Out-
route-map BGP-NLix-2-Engress permit 10 match ip address prefix-list BGP-Engress-Out-
Filter set as-path prepend 206730
route-map BGP-NLix-1-Ingress permit 10 match ip address prefix-list BGP-Ingress-In-
set local-preference 100
route-map BGP-NLix-2-Ingress permit 10 match ip address prefix-list BGP-Ingress-In-
Please make sure to filter both inbound and outbound as shown above. This way you cannot inadvertently announce and receive prefixes you do not want. We recommend you filter bogon-prefixes from Team Cymru www.team-cymru.org.