What is IIX?
The Israeli Internet eXchange is the central meeting point of the Internet Service Providers in Israel. Its purpose is to route all intra-Israel Internet traffic, among the operators, as efficiently as possible.
Physical Components of IIX
The IIX is a actually a layer-3 switching device (router). IIX Peers connect directly to this router. This can be done in several ways:
- Via a direct transmission line, from a licensed carrier.
- Via a LAN based connection, from a licensed carrier.
Routing at the IIX
The IIX routes intra-Israeli Internet traffic, only. International traffic is not allowed at the IIX. IP address blocks that are announced to the IIX must be registered to an Israeli owner.
Peers exchange routing information with the IIX using BGP4, exclusively. The peer is expected to report all the IP networks it wants to route, by way of a BGP session, to the IIX router. The IIX has its own BGP Autonomous System Number (ASN), and thus becomes a routing entity (transit AS). This removes the need for any special peering arrangements (Many-to-One peering).
The IIX filters all incoming routing information, based on network ownership information. This filtering is strict and takes into account CIDR aggregation considerations. The filtering is done on input only, so that the IIX routing tables remain in sync.
The IIX uses only routing filters – no packet filters. This setup was devised to minimize the overhead imposed by the filters on the routing engine; Under normal operating conditions, the BGP sessions at the IIX are rather “quiet” and so the router incurs very little overhead.
The filters are used for two main purposes: First, to make the IIX (and peers) immune to errors made by a peer. Erroneous routes, or routes that a peer hears from their up-Internet connection, are rejected. Second, we use filters to enforce IIX policy, according to which no IP Service Provider can carry traffic of another IP Service Provider through the IIX. The filters disallow that.