Tanzania Internet eXchange -- TIX

How to connect to TIX:

  1. If you don't have already, consider to get an ASN number from AfriNIC),
  2. read and understand the MoU, if you agree, fill it and ...
  3. ... you will get :
  4. designate a router you will place at TIX (must be able to speak BGP and must have 1 interface to connect to your network and 1 other ethernet interface to connect to TIX switch)
  5. configure the 1st interface to talk to your central infrastructure, configure the 2nd interface with your exchange-IP and according to AUP.
  6. configure dynamic routing between your central infrastructure and your TIX-router. When the link to TIX goes down, the TIX-router MUST _not_ know anything about your other routes and it must withdraw your routes from the TIX route reflector.
  7. ensure TIX router gets routing information updated from your core router
    (below examples use BGP for that - you are free to use any dynamic protocol for that part)
  8. configure BGP4 on your TIX-router using your ASN.
  9. the latest now you should get some kind of link into the TIX (Posta House, DSM).
    Use wireless, leased line, fiber, laser, UTP, etc - your choice. It should scale to an unpredictable or even higher bandwidth.
  10. Kindly ask your TIX router to also have a eBGP chat with 196.223.5.1 and 196.223.5.2 in ASN 33791
  11. plug a straight UTP cable into the ethernet interface of your TIX-router and into the port of the TIX-switch designated to you.

config snippets that should help

assuming:

on your TIX-router (note that this is a suggestion at most, no guarantees, your milage may vary):


ip cef
service nagle
!
interface Ethernet0/0
 description to ISP - core
 ip address a.b.c.e 255.255.255.252
 
!
interface Ethernet0/1
 description ISP-Tix - IXP Switch
 ip address <I> 255.255.255.0
 ip access-group 150 in 
 ip access-group 160 out 
 no ip proxy-arp
 no cdp enable
!
router bgp <A>
 no bgp enforce-first-as
 no synchronization
 bgp log-neighbor-changes
 neighbor TIX-RS peer-group
 neighbor TIX-RS remote-as 33791
 neighbor TIX-RS version 4
 neighbor TIX-RS soft-reconfiguration inbound
 neighbor TIX-RS prefix-list prefixlist-from-tix in
 neighbor TIX-RS prefix-list prefixlist-to-tix out
 neighbor a.b.c.d remote-as <A>
 neighbor a.b.c.d description ISP-Core
 neighbor a.b.c.d version 4
 neighbor a.b.c.d next-hop-self
 neighbor a.b.c.d soft-reconfiguration inbound
 neighbor a.b.c.d prefix-list prefixlist-to-tix in
 neighbor a.b.c.d prefix-list prefixlist-from-tix out
 neighbor 196.223.5.1 description TIX Route Reflector 1
 neighbor 196.223.5.1 peer-group  TIX-RS
 neighbor 196.223.5.2 description TIX Route Reflector 2
 neighbor 196.223.5.2 peer-group  TIX-RS
 no auto-summary
!
ip classless
no ip http server
!
ip prefix-list prefixlist-from-tix description prefixes from TIX
ip prefix-list prefixlist-from-tix seq 5 permit 196.223.5.0/24
...
ip prefix-list prefixlist-from-tix seq 100 permit 0.0.0.0/0 ge 8 le 29
ip prefix-list prefixlist-from-tix seq 110 deny 0.0.0.0/0 le 32
!
ip prefix-list prefixlist-to-tix description prefixes from core to tix
ip prefix-list prefixlist-to-tix seq 5 permit <your-Network1>
ip prefix-list prefixlist-to-tix seq 10 permit <your-Network2>
...
ip prefix-list prefixlist-to-tix seq 100 deny 0.0.0.0/0 le 32
!
access-list 150 deny   ip host 0.0.0.0 any
access-list 150 deny   ip 10.0.0.0 0.255.255.255 any
access-list 150 deny   ip 127.0.0.0 0.255.255.255 any
access-list 150 deny   ip 169.254.0.0 0.0.255.255 any
access-list 150 deny   ip 172.16.0.0 0.15.255.255 any
access-list 150 deny   ip 192.168.0.0 0.0.255.255 any
access-list 150 deny   ip 223.255.255.0 0.0.0.255 any
access-list 150 deny   ip 224.0.0.0 31.255.255.255 any
access-list 150 deny   ip <your-Network1> <Wildcard1> any
access-list 150 deny   ip <your-Network2> <Wildcard2> any
access-list 150 permit ip any any
!
access-list 160 deny   ip host 0.0.0.0 any
access-list 160 deny   ip any 10.0.0.0 0.255.255.255 
access-list 160 deny   ip any 127.0.0.0 0.255.255.255 
access-list 160 deny   ip any 169.254.0.0 0.0.255.255 
access-list 160 deny   ip any 172.16.0.0 0.15.255.255 
access-list 160 deny   ip any 192.168.0.0 0.0.255.255 
access-list 160 deny   ip any 223.255.255.0 0.0.0.255 
access-list 160 deny   ip any 224.0.0.0 31.255.255.255  
access-list 160 permit ip <your-Network1> <Wildcard1> any
access-list 160 permit ip <your-Network2> <Wildcard2> any
access-list 160 deny   ip any any

no cdp run

on your CORE-router (note that this is a suggestion at most, no guarantees, your milage may vary):

ip cef

interface core-to-tix-int
 description ISP-Core to TIX
 ip address a.b.c.d 255.255.255.252
 no ip directed-broadcast
!
router bgp <A>
 no synchronization
 bgp log-neighbor-changes
 network <your-Network1> mask <Mask1>
 network <your-Network2> mask <Mask2>
 neighbor a.b.c.e remote-as <A>
 neighbor a.b.c.e version 4
 neighbor a.b.c.e next-hop-self
 neighbor a.b.c.e soft-reconfiguration inbound
 neighbor a.b.c.e distribute-list 100 in
 neighbor a.b.c.e distribute-list 100 out
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 <censored>
ip route <your-Network1> <Mask1> Null0                               ! see here (search: 6.6)
ip route <your-Network2> <Mask2> Null0
ip route <some other as you require>
no ip http server
!

access-list 100 deny   ip host 0.0.0.0 any
access-list 100 deny   ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 100 deny   ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 100 deny   ip 169.254.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 100 deny   ip 17.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
access-list 100 deny   ip 192.168.0.0 0.0.255.255 255.255.255.0 0.0.0.255
access-list 100 deny   ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 deny   ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255
access-list 100 permit ip any any

Also see:

for more info, please contact us:

TISPA
PO Box 80449
Dar es Salaam
Tanzania

WWW: http://tix.or.tz/
Email: info@tix.or.tz
r/> Tanzania

WWW: http://tix.or.tz/
Email: info@tix.or.tz