Upload
truongkhue
View
218
Download
0
Embed Size (px)
Citation preview
NIX.CZ,NIX.SKandprojectFENIX
MartinSemrad
SEE5
Tirana,19.4.2016
NIX.CZintroduction
• Opennon-profitassociation• Foundedin1996• Neutralpeeringplatforms• CzechRepublicandSlovakia• Euro-IXmember
Currentstatus
• 139networks• 44international• 428Gbps• Functionalcommunity• Co-operationinregion
Co-operation
• PeeringDays–withBIXandVIX– 4thinBudapest30-31/3
• Montenegro–startofnewIXPinPodgorica
TopologyNIX.CZ2016
NIX.SK
• StartedMarch2015• 31networks• Buildingcommunity• Keeplocaltrafficlocal• Geographicredundancy
NIX.SK
• 2PoPs• OnlyoneIXPwithgeoredundancy• 1stpublicDNSROOTinSK• NotinterconnectedwithPrague
TopologyNIX.SK2016
FENIX
• ReactiontoDOSattacksin3/20134dayslong
• MultipleCZtargetsmedia,banks,cellphoneoperators,Seznam.cz(CZ“Google”)
• SourceofattacksoutofCZ• NothingfromCZ• ThroughupstreamandNIX.CZ• Noresponsesource
FENIX
• Clubof“trustworthy”companies• Technicaltool“SecureVLAN”• Eyeballscanconnecttolocalcontent
homebanking,media,email…
• Islandmodelastresort
• Fasterthanregulations• Highjoiningcriteria
FENIXstart
• 6foundingcompanies–January2014Active24CESNET(NREN)CZ.NICDialTelecomO2CzechRepublic(incumbentoperator)Seznam.cz
• NIX.CZsupervisoroverrules
FENIXorganizationrules
• Endusertermsandconditionsspam,attacks
• 24x7technicalconditionsnoIVR
• CSIRTteamlistedbyTrustedIntroducer,Terena
• Activeparticipation• Recommendationfrom2members,noveto
FENIXtechnicalrules
• BCP-38/SAC004–granularity/24(/48)• RTBHfilteringusingRS• IPv6,DNSSEC• FullredundancyonNIX.CZ• Networkmonitoring(MRTG,NetFlow,...)• ControlplanepolicyRFC6192• DNS,NTP,SNMPamplificationprotection• Securityincidenttime<30min• BGP–TCPMD5
Howitworks
Mynetworkupstream upstream
Howitworks
upstream upstreamMynetwork
Howitworks
upstream upstreamMynetwork
Howitworks
Mynetwork
FENIXSlovakia
• StarteddiscussionsinSlovakia• MoUwithCSIRT.SK• NextworkinggroupMay/June
Savethedate:24thNovember2016
20yearsanniversaryeventinPrague
Followus
..andatwww.nix.cz/www.nix.skJ
Questions?