High Level Description
Introduction
The GÉANT IP service provides high-bandwidth, international Internet connectivity for over 50 million users through GÉANT, the pan-European research and education network that interconnects Europe's National Research and Education Networks (NRENs).
The service has been designed to provide general-purpose, IP transit services between participating NRENs and other approved research and education partners and providers. Its core function is to provide a private service for IP traffic, separated from general-use Internet access.
Offering a neutral IP routing facility, without constraints imposed on access control, protocol or inter-domain routing, the award-winning network natively supports both IPv4 and IPv6 to offer NRENs maximum flexibility.
A wide range of connectivity up to 100Gbps per port and resiliency options to support NREN data connections across Europe is on offer.
With interconnectivity between GÉANT and all the major R&E networks, GÉANT IP breaks down geographical boundaries and supports advanced research worldwide.
The service available to members of the GÉANT community, and is co-funded by the NRENs and the European Union's Horizon 2020 Programme. Access is available to non - GÉANT NRENs only by special agreement.
Technical Description
IPv4 and IPv6 support.
Access Description
The GÉANT IP service can be provided at capacities up to 100Gbps over a single interface. The capacity available to each NREN will depend on the capacity at the nearest GÉANT IP PoP or, if the GÉANT PoP is not co-located with suitable NREN access equipment, the available capacity of dedicated circuits from the NREN access equipment and the GÉANT IP PoP.
An NREN can connect to the GÉANT IP service following one of the three scenarios highlighted below:
- NREN on dark fibre: Where dark fibre is available in Location A and B, an NREN is connected to GÉANT in Location B through the Juniper MX for its primary connection. The backup connection is delivered through its Juniper MX in location A via the Infinera optical platform (DTN-X).
This configuration is the most resilient setup, with service availability of 99.999%, and the capability to deliver capacity up to 100Gbps per port.
Figure 1: NREN is connected to GÉANT through the Juniper MX
- Multi-homed NRENs: If an NREN is collocated in Location A and wants to connect to a location where dark fibre is not available,the back-up is provided through another Juniper MX in the same location.
This configuration is a highly resilient setup, with 99.99% service availability and delivered capacity up to 100Gbps per port.
Figure 2: Multi-Homed NRENs backup
- Single homed NRENs: If an NREN wants to connect to a location where dark fibre is not present but they are collocated with the GÉANT PoP and require long-haul connectivity provided by a sub contracted provider.
This scenario can be implemented with or without backup, depending on the requirements.
This configuration can be as resilient as required but availability figures will depend on the exact setup and the selected provider. Capacity up to 100Gbps per port is available on GÉANT equipment.
Figure 3: Example of long-haul connectivity
Load Sharing
When an NREN connects to more than one PoP, it is possible to request for the load to be shared across the number of accesses available, as seen below in Figure 4.
Figure 4: Example of load sharing on multiple PoPs
Load sharing is achieved by setting both IP access with the same Border Gateway Protocol (BGP) local preference and letting BGP select the best Autonomous System Border Routers (ASBR).
When load sharing is enabled, the total volume of traffic across all the active accesses must remain within the NREN-subscribed IP capacity.
Routing Information
GÉANT maintains prefix lists on each NREN peering, to ensure integrity of the route announcement. Each of these lists are built on the RIPE object maintained by the NRENs to ensure the latest information is used. It is the NRENs responsibility to ensure the RIPE information are kept up to date.
More information regarding the GÉANT routing policies can also be found here:
Security
As an IP transit service, GÉANT IP provides security by monitoring the network for suspicious behavior and the GEANT CERT is the Computer Emergency Response Team (CERT) makes sure that an appropriate response is given to possible threats. The team will inform NRENs if any security incident affecting them is detected. NRENs are also able to subscribe to the Network Security Handling and Response Process (NSHaRP), without incurring any additional cost.
By subscribing to the NSHaRP service, the NRENs will be able to decide which events they want to be informed about and will start receiving automated emails informing about anomalies. More information on NSHaRP is available at:
http://www.geant.org/Networks/Network_Operations/Pages/NSHaRP.aspx
Demarcation Points
The management demarcation point between GÉANT and the NREN network is a port on the Optical Distribution Frame (ODF) rack, as described in Figure 8, below. The exact port will be specified at the time of the connection.
Figure 5: Illustration of the management demarcation point
The responsibility of the GÉANT Operations Centre (OC) ends at the declared demarcation point. Patching beyond this point is the responsibility of the ordering NREN.
Configuration Details
The following configuration details will be provided by GÉANT:
IP addresses to be used in the GÉANT network and on the NREN access router. IP address space to be used for the access link. Authentication Server (AS) number of the GÉANT network. Domain Name Service (DNS) record, corresponding to GÉANT network address space. Message Digest Algorithm 5 (MD5) password for the BGP session (unless the NREN prefers not to use MD5). MSDP peer address (if multicast is being supported). Any other interface-specific configuration.
The NREN must specify:
AS number of customer NREN. RIPE DB as-set (as-macro) to be accepted by GÉANT. MSDP peer address (if Multicast is being supported).