How to start peering at DE-CIX

You can order your ACCESS and GlobePEER or GlobePEER Remote services through your sales representative or the DE-CIX Portal.

DE-CIX port turn-up procedure

After you have signed the contract to join DE-CIX, you get an email from the DE-CIX support team. They will lead you through all the necessary steps to get your service up and running.

The DE-CIX port turn-up process ensures proper network connection and enables peering.

1. Physical turn-up
   In the very first step we only check if the fibers are lighted correctly in both directions. No pings or Address Resolution Protocol (ARP) requests are possible. As soon as you are connected and happy with the light level you receive, please notify us so we can go to the next step.
2. Layer 2/ Layer 3 testing
   We now enable your port in our quarantine VLAN. You receive a testing procedure with your IP address. Please configure this address on your router and turn-off all unnecessary features/protocols like:
   • Cisco Discovery Protocol (CDP)
   • Proxy ARP
   • Gratuitous ARP
   • IPv6 router advertisements
   • Protocol Independent Multicast (PIM)
   • etc.
   Notify us when you have configured your IP, and we then test your port. Also, inform us about the Layer 2 Media Access Control (MAC) address of your router and make sure that any equipment between your router and DE-CIX is "silent".
3. Port testing
   We now test your port for compliance in our quarantine VLAN. We might contact you to turn-off unnecessary or unwanted protocols.
4. Going live
   With testing completed we move you to the peering VLAN. You can now peer with other DE-CIX customers and setup sessions to the route servers.

How to start peering at DE-CIX

Prerequisites

Before proceeding with the setup, ensure that the following prerequisites are completed:

1. Your Access is Fully Functional
   Your DE-CIX Access must be active and ready for use. This ensures that your physical or virtual link to the DE-CIX platform is established and tested.
2. GlobePEER or GlobePEER Remote Service is ordered
   You need to have ordered your GlobePEER or GlobePEER Remote service via your sales representative or directly through the DE-CIX Portal.

Why these prerequisites are important: These steps ensure that your connection to the DE-CIX platform is operational and that the necessary peering services are in place to begin exchanging traffic.

Useful tips in advance

1. If you're uncertain about the potential traffic shift, avoid enabling route server peering during peak traffic times.
2. The influx of prefixes from the route servers can lead to significant traffic loads. Be sure to monitor the impact on your backhaul capacity and verify that your ACCESS bandwidth is sufficient to handle the increase.
3. Pay close attention to traffic behavior during subsequent peak hours, as starting during off-peak times may not accurately reflect peak traffic patterns.
4. Be prepared for a substantial number of incoming prefixes. These prefixes will enable outbound traffic to flow efficiently via peering.
5. For inbound traffic, proceed cautiously. Gradually announce prefixes to the route server, starting with key anchor networks. Once stable, expand to include all your prefixes as well as those of your downstream customers. This step-by-step approach ensures a controlled and reliable traffic flow.

1. Configure Route Server Peering or establish Direct Peerings

Once your ACCESS and GlobePEER services are ready, you can start configuring your peering setup. DE-CIX offers two main options for exchanging traffic: connecting to the route server or establishing direct peerings with other networks. These steps can be used together or independently depending on your needs.

Option 1: Route Server Peering

Route servers simplify your peering setup by connecting you to hundreds of networks with minimal effort. DE-CIX operates redundant route servers for both IPv4 and IPv6 to ensure reliability.

Why this is important

• Automatically establishes peerings with the majority of DE-CIX members.
• Saves time and resources compared to setting up individual BGP sessions with each member.

What you gain

• Instant access to dozens or hundreds of networks.
• Optimized traffic paths that reduce latency and improve performance.

How to configure

DE-CIX operates in every metro location for redundancy reasons two route servers

• Follow the DE-CIX Route Server Guide.
• Configure two BGP sessions for IPv4 and two for IPv6

Option 2: Establish Direct Peerings

Not all exchange members use the route server, often due to selective or restrictive peering policies. This means your network has additional peering potential. These additional peers, especially larger networks, can significantly increase your traffic.

Direct BGP sessions with specific networks can enhance your peering performance. Direct peerings are especially useful for key partners or networks with selective peering policies.

Why this is important

• Redundancy: Direct peerings add an extra layer of reliability to your network.
• More Prefixes Some peers offer more prefixes through direct sessions.
• Priority: Peers may offer higher priorities on direct sessions, which can improve performance.

What you gain

• Improved traffic stability.
• Optimized performance for your most critical peers.

How to configure

• Use the DE-CIX Looking Glass and PeeringDB to identify potential peers.
• Check their PeeringDB records for contact information and peering policies.
• Contact networks with high traffic potential or large prefix announcements.

2. Ensure Accurate Prefix Announcements and RPKI Validation

Accurate prefix announcements and robust route validation are critical for ensuring your traffic reliably reaches its destinations. At DE-CIX, we validate prefixes using public routing databases from Internet Routing Registries (IRR), such as RIPE, ARIN, AFRINIC, APNIC, and Merit RADb. Additionally, DE-CIX employs RPKI (Resource Public Key Infrastructure) filtering to enhance security and protect peers connected to our Route Servers.

Why this is important:

• Prevent Traffic Loss: Misconfigured or missing prefix entries can result in traffic loss, degraded network performance, and unreachable destinations.
• Compliance with Peers and Transit Providers: Transit providers and peers may reject your traffic if prefixes are not properly registered or if RPKI validation fails.
• Network Security: RPKI ensures that IP addresses and ASNs are authenticated, reducing the risk of route hijacking or malicious announcements.

What you should do:

1. Register Prefixes in Routing Databases:
   Ensure that all prefixes you use are registered in IRR databases, such as RIPE, and are associated with the correct ASN. This step keeps your prefixes visible and routable.
2. Implement RPKI Validation:
   Sign your prefixes in the IRR database to activate RPKI. RPKI helps verify your right to use IP addresses and prevents invalid routes from being propagated.
3. Update AS-SETs:
   Maintain accurate AS-SET records in routing databases, listing all active ASNs and removing unused entries. Consistent and clean AS-SETs reduce configuration errors and enhance routing accuracy.
4. Monitor Prefix Validation:
   Use the DE-CIX Portal’s advanced monitoring tools or the DE-CIX Looking Glas service to check the status of your prefixes and ASNs. Regular validation ensures compliance and reliability.

What you gain:

• Reliable Routing: Your traffic flows seamlessly across the DE-CIX ecosystem, ensuring high performance and minimal disruptions.
• Revenue Protection: Properly configured prefixes avoid traffic loss and prevent potential revenue loss caused by unreachable networks.
• Enhanced Security: RPKI and accurate IRR entries safeguard your network against route hijacking and malicious activity.

For more information on prefix registration and RPKI setup, please refer to your RIPE database documentation or contact DE-CIX support.

Troubleshoot Prefix Rejections

1. Visit the DE-CIX Looking Glass. to verify your advertised prefixes
   • Confirm that the number of prefixes listed matches your announcements.
   • Verify both IPv4 and IPv6 entries
   Please make sure you select the correct metro location in the upper left corner of the Looking Glass
   Pro Tip: Regularly check the looking glass to monitor your network’s health and identify any prefix propagation issues.
2. If the DE-CIX route server rejects a prefix you announce, check the reason for rejection.
3. Verify both IPv4 and IPv6 prefixes. If the route server shows fewer prefixes than you advertise, correct any errors or missing route objects.
4. Ensure your BGP downstream customers do not have incorrect or missing prefixes.

4. Monitoring and Optimizing Traffic

The DE-CIX Portal provides powerful monitoring tools to help you understand your traffic flows, detect issues, and plan for future growth. The portal’s dashboards offers detailed insights, including:

• Traffic patterns: View data rates for incoming and outgoing traffic.
• Utilization metrics: Identify peak usage times and overall bandwidth consumption.
• Prefix analytics: Monitor prefix advertisements and peer reachability.

Why this is important:

• Proactively identifies potential network issues before they affect performance.
• Provides the data needed to justify capacity upgrades or peer optimizations.

What you gain:

• Real-time insights into your service performance.
• The ability to make data-driven decisions for traffic management.

Learn More

Detailed instructions on how to use these features are available in the DE-CIX Monitoring Documentation.

5. Key Resources and Contacts

• DE-CIX Looking Glass: Access the DE-CIX looking glasses at https://lg.de-cix.net.
• PeeringDB: List your network on PeeringDB for direct peerings with other networks (strongly recommended).
• IRR explorer: Shows the routing, IRR and RPKI status for resources, and highlights potential issues.
• MANRS: Mutually Agreed Norms for Routing Security (MANRS) is a global initiative, supported by the Global Cyber Alliance, that provides crucial fixes to reduce the most common routing threats.