[afnog] IXP physical access guidelines
Geert Jan de Groot
GeertJan.deGroot at xs4all.nl
Mon Aug 29 10:38:46 EAT 2005
On Mon, 29 Aug 2005 07:51:02 +0200 "Anthony Muyepa" wrote:
> Is 24 hour access to the IXP housing required? When is access required,
> what are the policies on access to the room? Also consider security
> issues on 24hr access.
> This is one of the issues that we are trying to resolve in Malawi,
> we are trying to establish an IXP. We need more light on this, please help.
There are no Offical Rules for an exchange point. Do whatever the
members of the IXP feel comfortable with.
When in doubt, simplicity is usually best.
After these fuzzy lines, let's be more specific. If you IXP router
crashes Friday at 19.00, do you want to wait till monday-morning
before you can reboot it? If you want earlier access, then 24 hour
access may be a good idea.
Again, it's up to the members to decide on this.
When in doubt, go for simplicity.
But don't go over the top. When I was involved in the Amsterdam Exchange
(that's many years back, now), off-hours access was arranged by having
to get to the security office of the Science Park where it was located,
give your passport, your name was checked on a list and you were
handed a key to open the computer room.
The key to the equipment racks (_all_ of the equipment racks) was in
the top drawer of the desk inside the computer room, and everybody knew
where it was (it may still be there, I don't know).
You just didn't touch someone else's equipment, that was all.
Despite the size and importance of the thing, access was Really Really Simple.
(It so happened that my office was around the corner and every so often
I've received evening calls from folk like: "Hi, can you please go in
and powercycle my router?". Again, trust and simplicity).
So, I don't know if your location has a security office or just a lock
on the door. You're going to depend on eachother anyway, so a simple
procedure (keys and an entry-departure logbook) may be sufficient.
Should you find that you need more elaborate access, then you can
always add it later. If the door has no lock at all, consider an
electronic lock (with ID cards), so that you can log access,
as well as disable a card in case one gets lost.
But don't go over the top. Keep it simple. What you will need depends
a lot on what your experience will be once you get it going.
Most African IXP's I've seen are just a few racks in a room,
and sometimes just equipment on a table or so.
Start simple and adjust as neccessary.
Cheers,
Geert Jan
More information about the afnog
mailing list