1. General Overview

This BGP peering policy outlines the requirements and expectations for establishing BGP peering with other networks at VoIP-IX.net. The goal of this policy is to ensure reliable and efficient routing between our network and other networks.

2. BGP Peering Requirements

2.1. IP Addressing:

Before establishing BGP peering, each member will be assigned a unique, valid public IP address by VoIP-IX.net. Members are responsible for ensuring that their BGP router is configured with the assigned IP address.

2.2. BGP Version:

Both parties must use compatible BGP protocol versions. We recommend using the latest version of BGP that is supported by all parties.

2.3. AS Numbers:

Each party must have a unique and valid Autonomous System (AS) number. This number must be registered with a recognized Internet registry such as:

African Network Information Center (AFRINIC)
American Registry for Internet Numbers (ARIN)
Asia-Pacific Network Information Centre (APNIC)
Latin American and Caribbean Internet Addresses Registry (LACNIC)
Réseaux IP Européens Network Coordination Centre (RIPE NCC)
2.4. Routing Policies:

Each party must define and implement their routing policies. These policies must be agreed upon by both parties and must not conflict with each other. The policies should include:

The list of prefixes to be advertised and received
The maximum number of prefixes that can be advertised and received
The preferred path for inbound traffic
The preferred path for outbound traffic
The use of community attributes
2.5. Security:

Both parties must implement security measures to protect their BGP peering connections. These measures may include access lists, authentication mechanisms, and encryption. 

2.6. Member's Requirements:

In addition to the above requirements, members must also meet the following criteria:

Have a public Autonomous System (AS) number 
Have up-to-date PeeringDB and RIR Whois information
Have at least one IPv4 /24 or IPv6 /48 to announce
Be able to use the route servers available
Only send traffic to destinations advertised by BGP on the Peering LAN
Will not advertise or export the VoIP-IX.net prefixes externally

2.7. Route Server:

VoIP-IX.net offers the possibility to its members to peer with one or two route servers. The route server allows members to reduce the number of BGP peering sessions required to peer with other members on the exchange. Instead of peering directly with every member, a member can peer with the route server and receive the BGP routes from all other members peering with the route servers.

The route servers IPv4 are:

185.0.24.254
185.0.24.253

The VoIP-IX.net BGP ASN is:

AS64479

2.8. Quality of Service (QoS):

VoIP-IX.net applies specific QoS rules for VoIP traffic to ensure high-quality voice communications by prioritizing VoIP traffic over other types of traffic.

VoIP-IX.net monitors the network and may adjust QoS rules as necessary to ensure the highest quality of VoIP traffic.

2.9. Open Policy:

VoIP-IX.net has an open peering policy, which means that we welcome peering requests from any interested party that meets our peering requirements. We believe in the importance of open peering to promote the growth and stability of the Internet.

To request peering with VoIP-IX.net, interested parties should contact our peering team and provide the following information:

ASN
IP addresses to be announced
Peering policy (including prefix limits, filtering, etc.)
PeeringDB entry
We will evaluate each request based on our peering requirements and network topology. If the request is accepted, we will work with the party to establish BGP peering.

We encourage members to engage with us to ensure that we continue to meet the changing needs of the Internet and to promote the growth of the global network.

2.10. Default Route:

Members must not point a default route to VoIP-IX.net.
Members must send traffic to prefixes that are being advertised by members exclusively.

3. BGP Peering Configuration

3.1. Physical Connectivity:

The physical connectivity between the two BGP routers must be established before configuring BGP peering.

3.2. BGP Peering Parameters:

The following BGP peering parameters must be configured on both sides:

The IP address of the neighbor router (assigned by VoIP-IX.net or route server)
The AS number of the neighbor router
The BGP version to be used
The routing policies to be implemented
3.3. BGP Peering Monitoring:

BGP peering must be monitored regularly to ensure that it is functioning properly. Monitoring should include:

Tracking the number of BGP prefixes received and advertised
Checking the BGP peering status
Analyzing BGP logs for errors or anomalies

4. BGP Peering Troubleshooting

If there are issues with BGP peering, both parties should work together to troubleshoot the problem. This may include checking the BGP configuration, monitoring logs, and performing tests.

5. Question, remarks, suggestions

Please address them to peer@voip-ix.net

At VoIP-IX.net, we take the security of our platform and our users' data very seriously. We have implemented a number of security measures to protect against unauthorized access, disclosure, or destruction of data. This policy outlines the measures we have put in place to ensure the security of our platform and our users' data.

Access Control: Access to our platform and user data is restricted to authorized personnel only. All employees, contractors, and third-party service providers are required to sign confidentiality agreements and comply with our security policies. Access to our platform and data is granted on a need-to-know basis, and all access is monitored and logged.

Data Encryption: All user data is encrypted in transit and at rest using industry-standard encryption protocols. We use SSL/TLS encryption for all data transmitted between users and our servers. Data at rest is encrypted using AES 256-bit encryption, and encryption keys are securely managed.

Data Backup and Recovery: We perform regular backups of our data to ensure that data can be recovered in the event of a disaster or system failure. Backups are stored offsite in secure facilities and are encrypted for added security. We have also implemented disaster recovery plans to ensure that our platform can be quickly restored in the event of a catastrophic event.

Physical Security: Our servers and data centers are physically secured to prevent unauthorized access. We use state-of-the-art data centers that are equipped with redundant power supplies, climate control, and fire suppression systems. Access to our data centers is restricted to authorized personnel only, and all access is monitored and logged.

Vulnerability Management: We regularly scan our platform for vulnerabilities and implement measures to mitigate any identified risks. We also perform regular penetration testing to identify and address any potential security issues.

Incident Response: In the event of a security incident, we have established procedures in place to contain the incident, assess the damage, and take corrective action. We will promptly notify affected users of any breach of their personal data as required by law.

Exchange Security Measures: In addition to the above measures, we have implemented the following security measures specifically for the exchange:

• Only one MAC address is allowed per port. Traffic from any unknown MAC address will be dropped, providing additional protection against unauthorized access.
• Port dampening will disable your port for 5 minutes after 10 transitions within 60 seconds, preventing network flooding and disruption.
• The peering VLAN can only be used for IPv4 and IPv6 unicast traffic, providing additional protection against malicious traffic.
• Storm control is implemented to prevent network congestion and disruption caused by broadcast, multicast, or unicast storms.

Compliance: We comply with all applicable data privacy and security regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant laws and regulations.

This security policy is regularly reviewed and updated to ensure that it reflects the latest security best practices and industry standards. We are committed to providing a secure and reliable platform for our users, and we will continue to invest in security measures to maintain the integrity of our platform and protect our users' data.