- What is peering?Peering - two or more networks traffic exchange between each other's customers freely, and for mutual benefit using unique IP addressing and global BGP routing protocol.
- What is Internet Exchange?Internet Exchange (IX) - neutral distributed switching fabric for public peering usually based on Layer 2 access technology. At IX locations, multiple carriers, ISPs, Internet businesses and enterprise networks interconnect with others across a single (physical and/or logical) port. Historically, public peering locations were known as network access points (NAPs); today they are most often called exchange points or Internet exchanges ("IXP" or "IX"). Many of the largest exchange points in the world can have hundreds of participants, and some span multiple buildings (data-centers).
- What is Autonomous System Number (AS number) and how to get one?An Autonomous System (AS) is a group of IP networks with a single, clearly defined routing policy. Each AS is identified by a unique number: the Autonomous System Number (ASN). Any organization can request an ASN via completing special form. This requires a contractual agreement with a sponsoring LIR or regional Internet registry (RIPE NCC for our region).
- What is MSK-IX?MSK-IX is a neutral organization operating Internet Exchanges and providing peering services, colocation and private interconnect in Moscow and in 8 major cities across Russia from St. Petersburg to Vladivostok.
- Who is connected to MSK-IX?MSK-IX public participants' list is published on our website.
- How to get connected to MSK-IX?Connecting to MSK-IX is a simple and straightforward process with only two prerequisites for public peering service: you are required to be an established legal entity and possess an IP network with own ASN (Autonomous System Number).
- How to get in touch with an MSK-IX member?Public list of MSK-IX members is available on our web-site with their public contacts (to expand click on a name of organization). Participants may be also reached through group email address email@example.com. Please note that only registered technical and administrative representatives are allowed to use this group address.
- How to change contacts or other information of organization?Please send to IX administrative representatives (at firstname.lastname@example.org) your information update. Please either use your administrative representative's email or post for delivery.
- Do you support ports aggregation?We support ports aggregation into a single Dynamic Ether channel (LACP).
- Are there any technical requirements to my network from MSK-IX?Technical requirements to IX members are published here.
- Whom should I contact with service related issues?Please contact our Technical Support.
- Yes. Virtual channels and private networks are standard service (802.1Q VLAN), priced based on ports usage type and quantity.
- How to get additional IP addresses allocation?
Please send us your request at email@example.com from your technical representative's email with the following information:
- explanation of need for more IP addresses;
- domain name of your router (Fully Qualified Domain Name) to fill out PTR record in reverse DNS zone;
- indication whether requested IP addresses are to be used with Route Service.
- How to set up IPv6 peering services?
Please send your request to us (at firstname.lastname@example.org) from your technical representative's email with the following information:
- IX connection ID;
- domain name of your router (Fully Qualified Domain Name) for us to fill out PTR- record in reverse IPv6 DNS zone;
- indication whether you are intended to use Route Service with IPv6.
- I set up secondary IP address on my interface, however BGP sessions with Route Server and other members of designated IP subnet do not work despite they are reachable by ping.Possibly you are using Cisco command "neighbour X.X.X.X update-source ..." where source address is set up. In case of eBGP usage such command needs to be removed from execution.
- Does MSK-IX provide any means of DDoS-attacks protection?MSK-IX offers customer-managed blackholing mechanism of protection from DDoS-attacks to all participants. The mechanism allows the participant at the time of the attack to activate traffic blackholing for the attacked network prefix using special BGP-Blackhole community 65535:666 with the Route Server. For further information on Blackhole community please see Route Server (RS) service description.
- Is there any negative impact of execution of command "no bgp enforce first-as" on BGP session with Route Server that may affect security of other BGP sessions given all Cisco routers (as an example) apply such command to all BGP sessions being run (IPv4)?
From our experience execution of command "no bgp enforce first-as" on most routers (of most vendors) affects all BGP sessions. However it is possible to address this issue through direct mentioning "first-as" for peering sessions with BGP usage. Here is an illustration:
ip as-path access-list 1 permit ^1111(_.*)?_(2222|3333|4444|5555|6666)$We believe it is not essentially, however fully up to you.
- I set up secondary IP address for my interface; however other members of such IP subnet are not reachable when sending a ping.
Cisco and some other vendors by default send data packets from primary IP address on the interface. Should you need to send ping request from secondary IP address execute ping with enforced secondary IP address usage option.
- How to upgrade service from single channel to two aggregated channels (EtherChannel)?
Here is the process:
Upon your request MSK-IX allocates new EtherChannel (single port at this step) connected to quarantine VLAN and notifies Member.
Member tests EtherChannel until it is accepted and notifies MSK-IX when ready to proceed further.
MSK-IX performs new connection tests as per Technical Requirements and upon successful pass transfers EtherChannel to appropriate target VLAN, then notifies Member.
Member moves service to EtherChannel from existing channel.
MSK-IX and Member adjust setting of existing channel and it is being added into EtherChannel.
Note. In case Member’s MAC addresses are the same on both existing and new EtherChannel, existing channel is being blocked for the period of time starting from EtherChannel transfer to target VLAN (point 3 above) until completion of existing channel integration into EtherChannel.
- How does public peering work at MSK-IX?
Peering relations between MSK-IX participants are based on direct bilateral agreements. Once an agreement is reached, networks can connect using the BGP protocol. MSК-IX does not influence the participants’ peering policy. Those participants who want to peer with the most networks possible can use Route Server.
MSK-IX offers its clients the opportunity to send other MSK-IX participants newsletters with peering offers. The newsletters are available in Russian and English, and have correct access credentials to set up BGP sessions.
In order to send a standard peering offer to a MSK-IX participant, choose Peering Policy in your MY.IX.RU Customer Portal, then Peering Control. You can manage your peering requests in Peering Policy → Peering Settings.
- How to change Autonomous System Number (ASN) used in MSK-IX peering?
The procedure for peering VLAN participant's Autonomous System Number change is the following:
The participant's ASN is being changed in MSK-IX informational system in the morning of the negotiated day.
After RS2 finishes its reconfiguration the current BGP session with old ASN is torn down and the session with new ASN is ready to be established. The RSs reconfiguration schedule is here: https://kb.msk-ix.ru/en/ix/services/route-server/#config
The participant configures its side for this session using new ASN and the session with RS2 re-establishes. The session with RS1 is still running using participant's old ASN at the moment.
RS1 finishes its reconfiguration in the afternoon and steps 3-4 should be repeated for this session as well. That is, the ASN change is done without any service interruption and fits into a day's timeframe.
Note: Don't forget to update the new ASN's policies with Route Server ASN's in IRR, otherwise your prefixes will be rejected.
- Which of Internet Routing Registries (IRR) are supported by MSK-IX Route Server?
- How to change MAC address of router connected to MSK-IX?
You can manage MAC addresses in the Customer Portal in the section Network - MAC-addresses - MAC-address manager https://my.ix.ru/network/mac/control/.
Do not forget to delete the old MAC after you replace your hardware.
Or you can ask MSK-IX support to manage your MAC-adrresses:
Please send us your request from valid email address of your administrative or technical representative at email@example.com with the following information:
- your connection ID with us;
- existing MAC address (if known);
- new MAC address;
- scheduled time frame for MAC change.
Afterwards you will receive an email confirmation from us for both MAC addresses simultaneous usage for period not exceeding 5 days. Please proceed with MAC change on your side upon receipt of confirmation email.
Please inform us at firstname.lastname@example.org on MAC change completion so we delete old MAC from our database.
- How can I enable BFD protocol with the Route Server? What are BFD protocol timers and configurations?
- Where can I get current state of BFD sessions with the Route Server?At Looking Glass MSK-IX, under Summary and Neighbor Info.
- How to reset (shut, no shut) my BGP sessions with Route Servers?
- What are the BGP session filter settings?
As-path and prefix list filters at Route Server side build according specified AS-SET or ASN.
Route Server supports three modes to specify your AS-SET/ASN:
- IRR (RIPE, RADB etc)
- manual (you can specify different AS-SETs for IPv4 and IPv6)
- How to manage user rights in the Customer Portal?
An administrator manages user rights in the organization account (MAIN account).
In order to work with user rights, choose Users section and then click the Edit button for the desired user. In order to allow a user to access the Customer Portal, add this user to the appropriate groups:
- adm - access to Company, Contracts, Members, Equipment Placement; limited access to Network;
- bill - access to Contracts;
- oper - access to Company, Network, Members, Equipment Placement;
- tech - access to Company, Network, Members, Equipment Placement.
In order to give a user the right to file requests for Equipment Placement, activate the Requests field.
Click the Save button to save the changes.
- What is the MY.IX.RU Customer Portal?
The MY.IX.RU Customer Portal shows information about the MSK-IX services provided, and allows users to manage the service settings and the organization account as well as to submit requests to the M9.PLUS data center’s technical service.
The account also has information about the services on the Internet eXchange and Medialogistika platforms as well as equipment placement at data centers.
- How to get access to the Customer Portal?
Access to the MY.IX.RU Customer Portal is provided to representatives of the organization that purchased MSK-IX services. In order to receive administrator credentials (MAIN account)), an organization representative must contact MSK-IX administrative representatives. Additional user accounts in the organization’s account can be created by the administrator in the Users section.
Users’ logins in the Customer Portal look like USER@ORGID, where USER is the user’s name and ORGID is the organization’s ID. An administrator’s login looks like MAIN@ORGID.
Access credentials (login/password) are automatically sent to the user’s email address, which is stated during registration.
- What information is available in the Customer Portal?
Company – General information about the client’s organization
Contracts – Information about the organization’s current contracts and services
Network – Technical information on the client’s connection to the MSK-IX network
Members – The list of MSK-IX participants and public technical information about their connection to the MSK-IX network
TV VLAN – The catalogue and access management to signals on the Medialogistika platform
Equipment Placement – (for the М9.PLUS data center) Equipment placement coordinates and online application form
Peering Policy – Newsletter service with the client’s peering offers to other MSK-IX participants
Users – Users’ account management (only available to administrators)
Settings – Personal account settings
- Where can I see the list of available television signals?
- Where can I get the group number and other technical parameters for television signals?
- Which settings are required for television signals?
Multicast is delivered to the customer’s port under a static subscription on a continuous basis. No setting up of PIM, MSDP or MP-BGP is required.
An easier and more reliable way to get television signals is to set up TV VLAN from the point of reception to the destination point. IGMP snooping must be disconnected. For OS Linux, disconnecting rp_filter may be necessary.
If the customer needs to receive television signals via router, make sure a successful RPF Check is conducted. One option is to request IP address from the 126.96.36.199/24 sub-network from MSK-IX technical representatives.
- What technologies are used to deliver streams?
IP multicast technology is used to deliver and receive streams through dedicated communication channels (or isolated VLANs). If it is necessary to increase the reliability of delivery and reception of data transmission, by agreement of the parties, the use of Forward Error Correction (FEC) technologies are possible.
To deliver streams to consumers through the public Internet (in unicast mode), HLS, DASH, RTMP and SRT streaming technologies are used. To optimize network connectivity when delivering over the Internet, it is recommended that the consumer connect to public peering VLAN MSK-IX.
Note: if you have a need to transmit or receive streams in other formats, contact the administrative and technical representatives of the Medialogistika project.
- What services are available in Medialogistika project?TV VLAN - Medialogistics stream connection service. VLAN Multimedia - stream transmission from broadcasters to Medialogistics.
- I get a picture but after a few minutes it stops. What could be the reason?Most likely, the streams are blocked by IGMP snooping. If you do not need IGMP snooping you can switch it off. However, if you do need it, switch on IGMP Querier for TV VLAN.
- I followed all recommendations but could not achieve the desired quality of TV signal reception. What should I do?Please contact the MSK-IX Technical Support for diagnostic help.
- My picture is breaking up. What can I do?
Check the monitoring data for the television signal in question in the MY.IX.RU Customer Portal, in the section TV VLAN / Your TV VLAN. The data are updated in real time. If the data match your monitoring, please contact the MSK-IX 24/7 Technical Support.
If MSK-IX monitoring does not identify any problems, note that Multicast is transmitted using UDP, and so it is very important to ensure no loss during transmission. Throughout the route from the junction with MSK-IX to the reception point, the following conditions must be ensured:
- Switchboards and routers must be free of CRC errors (and other errors cased by the data transmission environment).
- There must be no errors caused by switchboard/router buffer threshing. Using QoS successfully tackles the problem.
- Storm-control multicast must be set up correctly.
- Communication channels must not be overloaded with traffic which has a priority equal to or higher than the priority of multicast streams with television signals.
If there is a transit operator between MSK-IX and the customer, these requirements are also valid for transit.
- Do I need a designated switch port to connect to TV VLAN?
You can use both a designated and a shared switch port to connect to TV VLAN. A designated port ensures best quality thanks to better isolation and prevents the impact of other services. Therefore, a designated switch port is recommended.
Designated switch port. Set it up in access mode.
Shared switch port (common peering VLAN, private VLAN). In this case, the switch port must be in trunk mode. Numbers for TV VLAN and the services need to be agreed with the MSK-IX Technical Support.
- Do I need a designated switch port to connect to VLAN Multimedia?
You can use both a designated and a shared switch port to connect to VLAN Multimedia. A designated port ensures best quality thanks to better isolation and prevents the impact of other services. Therefore, a designated switch port is recommended.
Designated switch port. Set it up in access mode.
Shared switch port (private VLAN). In this case, the switch port must be in trunk mode. Numbers for VLAN Multimedia and service need to be agreed with the MSK-IX Technical Support.
Note: VLAN Multimedia does not match with common peering VLANs.
- How do I connect new or disconnect existing services or television signals?
- How can I file a request for Equipment Placement?
In order to file a request to bring in/take out equipment, for entry or for technical support, choose Equipment Placement → Requests → New request and choose the application type:
- Technical support (remote hands)
- Equipment installation
- Equipment deinstallation
- Site access request
For requests to install/deinstall the equipment, fill out the following fields:
Pop: M9.PLUS equipment location.
Accompanying persons: Names. A passport scan is necessary for people who are not Russian citizens.
Car with equipment: Plates, car model and driver’s name are necessary for the car to enter the cargo zone.
Date and time of visit: Сhoose the date and time of the visit. Access is guaranteed if the application is filed at least three working days ahead of the visit for Russian citizens and at least 12 working days for foreign nationals.
Reason for taking out the equipment: Attach a scan of the current contract or other documents confirming the attendants’ rights to act on behalf of the client organization without proxy (decision on the appointment of the CEO).
Equipment: The full list of the equipment including name and serial number.
Total number of packages: The total number of packages (boxes) with equipment, spare parts and cables.
Add attachment: You can attach document scans with additional information to the application.
Additional information: You can add information on the application here.
For a remote hands request, fill out the following fields:
Pop: M9.PLUS equipment location.
Equipment: Information on the equipment in question: name, serial number and rack number.
Add attachment: You can attach document scans with additional information on the application.
Operation details: A full, detailed and precise description of the actions required. An equipment reset application must include:
- the equipment MSK-IX ID;
- the unit’s number in the rack;
- the reset way: power down/up or the Reset button.
The M9.PLUS data center fulfills the following remote hands applications 24/7:
- Equipment reset
- Checking the client’s interconnection lines
- Checking the indicators on the equipment’s front and/or back panel
- How can I access sites to place equipment?
Representatives of client organizations can access MSK-IX sites in order to place equipment on working days from 10 am to 6 pm local time. Visits at a different time must be agreed upon separately.
Clients’ representatives who come to carry out operations must have their Russian passport and electrical safety license with them.
Only representatives with a third-level electrical safety qualification (up to 1,000V) or higher confirmed by an excerpt from the client’s performance review journal are allowed to work with the equipment.