MoeIX
Moe Internet Exchanges
- A non-commercial Internet exchange point
- Operated by MoeQing Network
Introduction
MoeIX is a non-commercial Internet Exchange Point (IXP) established in 2020. It provides traffic exchange services mainly for small ISPs, private networks. MoeIX is for learning and experimentation only and is not allowed to be used for commercial services and has no SLA.
Current Location
- Seattle, Washington, USA
Join
- Join via VM
- Join via tunnel
Requirement
- Has a valid Public ASN
- Has at least /48 IPv6 address
- Have up-to-date PeeringDB information (preferably)
- Have up-to-date RIR Whois information
- Only send traffic to destinations advertised by BGP on the Peering LAN
- Does not send any multicast (except ARP/IPv6 ND) packets
IX LAN prefix
- IPv4:
23.146.72.192/26
- IPv6:
2a0a:280:f000:3::/64
Configure
We have three route servers, with 2 different policies
If you don't know what this is, please establish sessions to RS Regular
only
-
RS1, RS2
- AS210979
- Regular route server
- Filtering Policy
- Communities
- In a nutshell: Config the RS session as peering session
- You can connect to this RS without any concern, we will do IRR and RPKI validation for you.
- A BGP connection with
RS1
is mandatory and you must announce at least one IPv6 route from your own network. - IPv4:
- RS1:
23.146.72.193
- RS2:
23.146.72.194
- IPv4 session is optional
- RS1:
- IPv6:
- RS1:
2a0a:280:f000:3::1
- RS2:
2a0a:280:f000:3::2
- RS1:
-
RS3
- AS210979
- Transit route server
- Your route will be transit to limewave via MoeQing Network
- Filtering Policy
- Communities
- In a nutshell: Config the RS session as upstream
- IPv4:
- RS3:
23.146.72.195
- RS3:
- IPv6:
- RS3:
2a0a:280:f000:3::3
- RS3:
Members
See members list: Members
Limitations
IX LAN
There are some security regulations for the IX peering LAN and the IX access port (usually eth1 for the IX VM).
- Only permitted MAC addresses will be allowed
- arp-proxy and ndp-proxy must be disabled on the IX port. You can only respond the Neighbor Discovery packet that was sent to the Poema IX allocated
IX LAN
IP. - L3 joining only. Bridging our port to other switches are not allowed.
- Participants must not announce ("leak") Poema IX peering LAN to other networks to reduce the potential attack surface.
- MOE IX does NOT support trunk port or VLAN mapping to our switches.
- Ethertypes: All forwarded frames must have one of the following ether types:
- 0x0806 - ARP
- 0x0800 - IPv4
- 0x86dd - IPv6
- Link-local traffic:
- Only the following link-local traffic is allowed:
- ICMPv6 Neighbor Solicitation / Advertisement
- BGP session over link-local address in the IX peering LAN.
- All other types of link-local traffic are prohibited, including but not limited to:
- IGP traffic (e.g. OSPF, ISIS, IGRP, EIGRP)
- BOOTP/DHCP
- ICMPv6 Router Advertisement
- ICMP redirects
- Discovery Protocol:CDP, EDP
- VLAN/trunking protocols:VTP, DTP
- Only the following link-local traffic is allowed:
- Unicast/Multicast/Broadcast:
- Only unicast traffic is allowed.
- Frames forwarded must not be addressed to a multicast or broadcast MAC destination address except as follows:
- ICMPv6 Neighbor Solicitation / Advertisement
- Multicast/broadcast packet traffic must not exceed 1kbps
- Abuse on network infrastructure of IXP members is not allowed. Including but not limited to the following acts:
- Setting up default route or unauthorized routes to IXP member is prohibited.
- Sending routes that has malformed nexthop attribute such as point to other member is prohibited.
- Sending ICMP redirects packets to redirect your traffic to other members is prohibited.
- BGP hijacking without the authorization of the resource owner is prohibited. Including but not limited to the following behaviors
- Prefix hijacking
- ASN origin spoofing
- AS path manipulation
Special Thanks
- AS203472 KSKB for Technical support