Frankfurt (Germany), 06 December 2022: DE-CIX, the world’s leading operator of Internet Exchanges (IXs), has successfully completed the most comprehensive network upgrade in the company’s history at its global Internet Exchanges. During live operation over the last month, DE-CIX has upgraded its award-winning Apollon platform to “Peering LAN 2.0”, which includes improved stability and additional security features, as well as migrating all connections to an Ethernet Virtual Private Network (EVPN). The introduction of EVPN reduces unnecessary network noise on the platform, thus lowering the load on all connected routers and strengthening the security of DE-CIX IXs. The version of EVPN now deployed on the DE-CIX Exchanges is based on an extension of the protocol (RFC 9161) including additional security features – a project in which DE-CIX played a major role. Work on the “Peering LAN 2.0” migration started in early November with the upgrade at the Phoenix (Arizona) and Frankfurt sites, and was successfully completed last night with the migration of the last private “Closed User Groups (CUG)” operating on the Apollon platform.
Migration during ongoing operation
The “Peering LAN 2.0” migration took place within nightly maintenance windows during otherwise normal operation. To ensure seamless implementation, the DE-CIX team mapped the entire peering LAN of all DE-CIX IXs virtually in software, and used this virtualized environment for testing purposes. This enabled the testing for any impacts of the reconfiguration, without interfering with ongoing operations.
“A migration during ongoing operations is always a challenge, because it’s like open-heart surgery,” explains Dr. Thomas King, Chief Technology Officer at DE-CIX. “I am immensely proud of my team, who prepared this step conscientiously and implemented it professionally all the way. With the migration, we are making our Internet Exchanges around the globe more secure, increasing their performance, and making management easier for our customers. In addition to our automation initiatives and the continuous upgrades – including, for example, making our platforms fit for 800 Gigabit Ethernet – the move to ‘Peering LAN 2.0’ is an essential step on our way to creating the Internet Exchange of the future.”
Network noise in large peering LANs, such as at Internet Exchanges, is caused by the Address Resolution Protocol (ARP) for IPv4 and the Neighbor Discovery Protocol (NDP) for IPv6. Due to the nature of these protocols, many requests are sent simultaneously to all connected customer routers. The larger the platform, the greater the volume of requests. With the extended EVPN version implemented at the DE-CIX IXs, all requests are intercepted by the DE-CIX routers. The DE-CIX routers either respond to the requests or discard them, significantly reducing the number of ARP and NDP requests that each individual customer router is required to handle. This increases efficiency for all 2,600 networks connected across the Apollon platform globally, because the respective routers on the customer side need much less computing power to filter out relevant requests. In addition, EVPN prevents certain attack vectors as well as sources of errors, thus increasing the security and robustness of the entire platform.
“Customers tell us that the CPU usage on their routers connected to DE-CIX has dropped by as much as 25 percent due to the elimination of ARP/NDP noise. This is an impressive increase in efficiency a, especially in times when there is an ever-growing focus on the energy efficiency of data centers and IT in general,” King continues.