[afnog] REQUEST OF ADVISE

[Mark Tinka]

On 13/Mar/19 15:44, Rwakagabo Janvier wrote:

> Hi All,
>
> We have implemented an Ubuntu mirror, and it is  located behind our firewall and Edge router, the same router is peering on IXP, 
> I am writing this to request an advise on the setup where we can place ubuntu mirror on the IXP.
> The reason we want to move the ubuntu mirror on the Exchange point is that we are trying to reduce the load/request that will come from the Rwandan Community accessing it thus causing a high latency due to the fact that the firewall throughput is limited to a 450 mbps.
> Do you have any mirror hosted at your IX? How are they connected to the Communtity?
> >From your expierence of exchanges points, what will be your advise?

Simplest thing to do is to take the mirror from behind the firewall and
place it just behind the router instead. Your firewall is likely
stateful, so placing any high-capacity services behind it is asking for
a potential DoS of the firewall itself.

Placing a mirror on the exchange point fabric still requires a router to
get packets to/from it (unless you plan to run a routing subsystem on
the mirror server itself). Provided you have sufficient capacity between
your peering router and the exchange point, I'd leave it behind the
router but out of the firewall's path. It is not a requirement for you
to deploy the mirror physically at/on the exchange point for the
community to benefit from it, especially if bandwidth is not a concern.

Mark.