Project FENIXby NIX.CZ

Tomas Marsalek

APRICOT 2015Fukuoka, 3. 3. 2015

NIX.CZ introduction

• Neutral platform• 5 data centers in Prague• 123 connected networks• 41 international networks• 360 Gbps peek data flow• Project FENIX

FENIX

• Reaction to DOS attacks in 3/20134 days long

• Multiple CZ targetsmedia, banks, cell phone operators, Seznam.cz (CZ “Google”)

• Source of attacks out of CZ• Nothing from CZ• Through upstream and NIX.CZ• No response source

FENIX

• Club of “trustworthy” companies• Technical tool “Secure VLAN”• Czech eyeballs can connect to local content

home banking, media, email …

• Island modelast resort

• Faster than regulations• High joining criteria

FENIXorganization rules

• End user terms and conditionsspam, attacks

• 24x7 technical conditionsno IVR

• CSIRT teamlisted by Trusted Introducer, Terena

• Active participation• Recommendation from 2 members, no veto

FENIXtechnical rules

• BCP-38/SAC004 – granularity /24 (/48)• RTBH filtering using RS• IPv6, DNSSEC• Full redundancy on NIX.CZ• Network monitoring (MRTG, NetFlow, ...)• Control plane policy RFC6192• DNS, NTP, SNMP amplification protection• Security incident time <30min• BGP – TCP MD5

FENIXstart

• 6 founding companies – January 2014Active 24CESNET (NREN)CZ.NICDial TelecomSeznam.czTelefonica Czech Republic (incumbent operator)

• NIX.CZ supervisor over rules

Year of FENIX

• 3 new members• Technical implementation• RTBH testing• Brand name announcement• Micro web site fe.nix.cz• Island mode test

Members of FENIX

• New candidates

FENIX at Slovakia

• Take over of SITELiX• CSIRT.SK discusions• More info at Peering Day • www.peeringday.eu

Follow us

.. and at www.nix.cz