Additional services

CATNIX members enjoy a series of added value services:

Multicast

A multicast testbed began in 2000 with the participation of several CATNIX entities. Currently, there's a separated VLAN available for the participation of those members that ask for it, both in IPv4 and IPv6.

Up

IPv6

CATNIX infrastructure allows IPv6 traffic exchange and it has been actively used for IPv6 events such as the IPv6 Summit, included in the Internet Global Congress 2005, or for the World IPv6 Day and World IPv6 Launch Day. The first IPv6 exchanges were made in 2005.

Up

NTP Server

It has two NTP time servers with totally independent connections. Acting as a primary server there is a Meinberg M200, located at Itconic (CSUC-T). The second one, a Meinberg M300, is located at Campus Nord (CSUC-CN), and acts as a backup. Both servers are Stratum 0/1 and are synchronized with the satellites to which they have visibility at any moment (between 3 and 8).

Up

IXP-Watch Server

The IXP-Watch tool, initially created by Rob Lister, from LINX, is designed to monitor on layer 2 and detect potentially dangerous traffic that could affect the performance of the IX (broadcast traffic, non-IP traffic...).

This tool allows the members to know the purity of the traffic inside the exchange and identify strange patterns, usually caused by a misconfiguration on the equipment of one of the members.

Up

F-root Name Server

Since 2005 CATNIX has a F-root name server replica managed by the Internet Systems Consortium (ISC).

This server accepts both IPv4 and IPv6 queries and it allows not only to improve the quality of service in the response time for the DNS queries but also to increase the security, because it guarantees the service operation in case of DDoS attacks.

Up

Looking Glass

In operation since the creation of CATNIX, this tool is used to send interactive queries to some of the routers, as well as for tracking routing problems. Using Looking-Glass from any device, users can check those routes that are visible in CATNIX and place orders, such as traceroute. The interface allows having a history of orders, to perform route maps (bgpmap) and to make 'whois' queries to provide information about routes and Autonomous Systems.

Up

Out-of-band Access

In order to access the equipment without using the regular interfaces, there's an out-of-band router available to CATNIX members since 2002.This service is especially useful in case of network or router problems, because it allows technicians to make a quick diagnosis.

The access is done in a secure way, exclusively with ssh and limited by IP.

Up

J-root server

J-root name server replica is available at CATNIX since the end of 2010, and VeriSign is in charge of its management. With this and other available replicas, response time to the DNS (Domain Name System)  queries is improved and security is increased, because the global impact in case of DDoS (Distributed Denial-of-Service) attacks is reduced.

Up

.com and .net replicas

HP DL360p Gen8 server, installed in 2015, provides .com and .net TLD (Top Level Domain) replicas. Having these and other replicas, response time to DNS (Domain Name Server) queries is improved, as well as security increases because the global impact in case of DDoS (Distributed Denial-of-Service) attacks is reduced.

Up

24x7

In order to guarantee the maximum availability and reliability in the access to the equipment and services of the Centre, we have at the disposal of our members a 24 h service to attend the incidences occurred out of our office hours.

Up

Speed Test

This tool is designed to measure the quality of the internet connection in an easy way for users, showing the upload and download speeds in megabits per second (Mbps) and the latency in milliseconds (ms). The software, widely spread around the world, has been developed by Ookla, a leader company in appications of bandwith and network diagnostics founded in 2006 in the USA.

Up

L-root Name Server

Since June 2012 CATNIX has at its disposal a new L-root name server mirror, managed by the Internet Corporation for Assigned Names and Numbers (ICANN). This new mirror, together with other available replicas, improves the response time to DNS queries and increases security because the service in case of distributed denial-of-service attack (DDoS) is guaranteed.

Up

K-root Name Server

Since August 2015, CATNIX hosts a replica of K-root name server, operated by RIPE. In addition to this K-root replica, CATNIX allocates replicas of 3 other root name servers: L-root name server, operated by the Internet Corporation for Assigned Names and Numbers (ICANN); F-root server, operated by the Internet Systems Consortium; and J, .com and .net root servers, operated by VeriSign. They improve DNS response times and increase security as they guarantee the service in case of Distributed Denial of Service Attacks (DDoS).

Up

RIPE RIS

RIPE RIS, collects and stores Internet routing data from several locations around the globe, being CATNIX one of them. RIPE Routing Information Service (RIS) is a useful tool to identify rounting modifications. It allows users to see and download historical data and follow-up those changes to solve routing problems, draw maps of connectivity, monitor prefixes, etc. Data, opened to the community, is also useful for academic research.

Up

Monitoring panel

The new monitoring panel has real time statistics of all these connections. Information regarding traffic between nodes –Campus Nord, Itconic and bitNAP–, and of each router port, is available through this panel showing online occupancy rates. Also, the panel can indeed check the operating status of the connection and the capacity of the link that is being used both for sent or received traffic.

Up

LISP DDT

The LISP DDT root (Locator/ID Separation Protocol Delegated Database Tree) aims at experimenting with a network architecture and set of protocols that implements a new semantic for IP addressing. Implemented in 2014, it is based on the separation of the current IP addresses in two namespace: the relatively static Endpoint Identifiers (EID), the 'who', and the Routing Locators (RLOC), the 'where'.

LISP DDT is a distributed and hierarchic database which embodies the delegation of authority to provide mappings from LISP Endpoint Identifiers (EIDs) to Routing Locators (RLOCs), in a quite similar way in how DNS servers work.

Up

M-Lab Pod

M-Lab platform includes tools to test network connection, quality and neutrality. One of the most outstanding tools included in M-Lab platform is the NDT Speed Test and Diagnosis. The Network Diagnosis Tool (NDT) provides information on the configuration and performance of the user network, it compiles the test results and records the user's IP address, upload and download speed, the header and the transmission control protocol (TCP) variables of the test. In addition to the NDT, M-Lab platform includes other tools such as the NPAD (Network Path & Application Diagnostics), Neubot, BISmark, Paris Traceroute, OONI, MobiPerf, Reverse Traceroute and SideStream.

M-Lab performs active measurements. This means that tests only run when people decide to run them. They do not passively monitor your connection. M-Lab hosted tests do not download or upload files to or from your device. Instead, tests measure the way in which the network responds to a synthetic stream of data that is generated by the individual test specifically for the purpose of measurement.

Up

Route-server

This service facilitates the reception and advertisement of routes for new members and the establishment of peerings at CATNIX. This route-server operates on a Bird platform, its IPv4 address is 193.242.98.98/24, its IPv6 address is 2001:7f8:2a:0:1:1:6:0082/48 and the Autonomus Sytem is AS60082.

In order to perform all the functions of bilateral peerings (prepends, network filtering, not announcing to a peer...) you can signal it via communities. If you want to use it or have any questions, you can contact us at catnix@suport.csuc.cat.

By using BGP communities (or BGP large communities for 4-bytes AS), CATNIX members that peer to the route server can control the redistribution of their announcements or add prepends to the routes of their prefixes. The list of BGP communities that CATNIX offers to its members is:

Action BGP Standard
Community (RFC 1997)
BGP Extended
Community (RFC 4360)
BGP Large Community
(RFC 8092)
No export 65535:65281 rt:65281:peer_as 65535:65281:peer_as
No advertise 65535:65282 rt:65282:peer_as 65535:65282:peer_as
Not announce anyone 0:60082 rt:0:60082 60082:0:0
Not announce a peer 0:peer_as rt:0:peer_as 60082:0:peer_as
Announce to a peer 60082:client_asn rt:60082:client_asn 60082:1:client_asn
Prepend to a peer 65511:peer_as rt:65511:peer_as 60082:101:peer_as
2 prepends to a peer 65512:peer_as rt:65512:peer_as 60082:102:peer_as
3 prepends to a peer 65513:peer_as rt:65513:peer_as 60082:103:peer_as
Prepends everyone 65501:60082 rt:65501:60082 60082:101:0
2 prepends to all 65502:60082 rt:65502:60082 60082:102:0
3 prepends to all 65503:60082 rt:65503:60082 60082:103:0

Our bird route server at Catnix supports checks and implements the following filtering rules:

  • It only accepts valid next hops (customer address is in the CATNIX LAN).
  • It does not accepts as-path longer than 32 hops.
  • It checks the customer AS is the first in the path.
  • It checks there are not invalid ASN's in the path.
  • It filters bogon IPv4 and IPv6 addresses.
  • It filters BGP announcements based on IRRDB data (aut-num and as-set objects indicated in the PeeringDB), building the filters every day based on the changes made in the IRR databases.
  • It checks if the RPKI is correct (ROA or Route Origin Authorization).

The AS-SET that includes the peers at the CATNIX Route-server is AS-CATNIX-RS and AS-CATNIX-IP6-RS.

Up

Protection of the peering LAN

Some traffic on the peering fabric can be dangerous for CATNIX and its members. That's why CATNIX performs the following actions:

  • Ports between the customers and the switches at CATNIX must be in access mode (no trunk  mode allowed).
  • Only one known MAC address per port is allowed (port-security).
  • LLDP is not allowed.
  • BPDU are not allowed.
  • Multicast storm-control is configured in the switch ports.

Moreover, CATNIX continuously monitors layer 2 traffic on the exchange by taking traffic samples of broadcast and flooded traffic, using the IXP-watch tool. This tool generates alerts when one of the following conditions occurs: Excessive ARP, Excessive traffic captured, Spanning Tree, Non-IP/IPv6 Traffic (for example CDP), Multicast/Traffic directed to 255.255.255.255 - DHCP/OSPF/IGP etc, Stray SNMP. It also generates reports with the number of ARP Queries, ARPs per minute, IPv4 Packets, IPv6 Packets, ICMP Packets, NON-IP Packets, ARPs Sponged and Dead BGP Peers).

Up

Peering matrix

Peering matrix is based on sampled flow (sFlow) data, a package sampling technology included in the CATNIX switches, and has granularity to show all traffic exchanges, only the bilateral ones or only those run through the route-server. This tool is accessible through the private statistics portal offered by CATNIX.

Up