Internet Exchange Overview

Megaport owns and operates a series of Internet peering exchanges (IXs) in the majority of our global networks. IXs provide greater efficiency between networks and allow traffic to be exchanged directly, reducing latency and bandwidth usage on client Internet connections.

There are two main types of IX peering arrangements: multilateral and bilateral. Multilateral peering is the default when you connect to MegaIX. With multilateral peering, you use BGP to peer with both route servers (RS1 and RS2) for an IX market, you advertise your routes to the route servers, and all routes available from all other multilaterally peered connections are advertised to your peer from the route servers. The second type of peering is bilateral peering. This method is required for peers that do not participate in multilateral peering through the route servers and establishes a direct peering relationship with another entity on the exchange. You can participate in both multilateral and bilateral peering across the Megaport IX infrastructure.

If you are connecting to an AMS-IX location, see AMS-IX Connectivity.

To join an Internet exchange for Megaport and MegaIX locations

  1. In the Megaport Portal, go to the Services page and select the Port you want to use.
    If you haven’t already created a Port, see Creating a Port.
  2. Add an IX connection for the Port.
    Click +Connection, click Internet Exchange, and click Next.
    Add IX connection

  3. Select the IX location and click Next.
    IX location

  4. Specify these connection details:

    • Connection Name – The name of your VXC to be shown in the Megaport Portal.


    Partner managed accounts can apply a Partner Deal to a service. For details, see Applying a Deal to a Service.

    • Service Level Reference (optional) – Specify a unique identifying number for the VXC to be used for billing purposes, such as a cost center number or a unique customer ID. The service level reference number appears for each service under the Product section of the invoice. You can also edit this field for an existing service.

    • Rate Limit – This is the speed of your connection in Mbps. The rate limit for an IX cannot exceed the aggregate port speed for metro connections, and 10 Gbps for non-metro connections.
      Connection details

  5. Click Next.

  6. Specify these IX details:

    • Preferred VLAN – Optionally, specify an unused VLAN ID for this connection. The VLAN ID must be unique on this Port and can range from 2 to 4093. If you specify a VLAN ID that is already in use, the system displays the next available VLAN ID. Megaport validates the VLAN ID before proceeding with the order. If you don’t specify a value, Megaport will assign one. You can also select the toggle to Untag this connection. This selection removes the VLAN tagging for this connection but limits you to only one IX (or VXC) on this Port.

    • ASN – The Autonomous System Number (ASN) of your network. The ASN may be either a 16-bit or 32-bit ASN (2 or 4 byte) but must be a public AS. You cannot change the ASN after deployment.

    • MAC Address – The MAC Address of the Layer 3 device that will establish the BGP peering session with the IX. Connections to the IX on this VXC will be locked to this address for security purposes. If you do not have the correct MAC available at the time of ordering, enter a placeholder MAC (such as 00:01:00:01:12:34) as this field remains editable after deployment.

    • BGP Password – Optionally, add a BGP password to the VXC. This field may be left blank. You cannot change the BGP password after deployment.

    • Graph Visibility – Specify how to display your traffic graphs in the MegaIX Looking Glass tool within the Megaport Portal. Public lets other clients see your IX throughput; Private hides this information from other clients.

    • Peer Macro – An optional field that only appears for ECIX connections. The peer macro value defines the AS macro filter for the peer. Megaport uses this value to generate a list of prefixes this AS can originate, and this list filters announcements through the route server.

      Another name for this field is AS-MACRO (or AS-SET) as it contains a list of AS numbers belonging to this peer.

      If you don’t have a Peer Macro, you can enter your ASN in this field. (You can only send routes that originate from your own AS.) Invalid prefixes won’t be announced by the route server and an incorrect configuration results in the route server rejecting all your prefixes.

      If not specified, your own ASN will be used in the filter and you can only send routes that originate from your own AS and prefixes registered to that AS.

    • Invoice Reference – This is an optional field. It can be any text, such as a PO number or billing reference number.
      IX service details

  7. Click Next.
    A summary page appears that includes the monthly cost. Click Back to make changes or click Add IX to move this configuration to your cart and proceed through the checkout process.

    After deployment, Megaport sends an email to your registered email address with additional information on how to finish the BGP configuration.

IX Best Practices

Standard BGP implementations require the first ASN in the path to match the ASN of the peer, however, when engaged in multi-lateral peering the first ASN will not be that of the peer (RS) but that of the downstream peer providing the routes. This is expected behavior and is required to reduce AS path lengths for correct routing decisions. To allow multi-lateral peering, configure your devices to not enforce the first AS requirement. For example, on a Cisco router the command is no bgp enforce-first-as.

To prevent customers sending all the internet routes to Megaport, we limit the number of maximum prefixes (MaxPFX) that can be sent to us. The default limit is 1000 IPv4 routes and 100 IPv6 routes. Exceeding this value results in ending the session; however, this can be reset by contacting the Megaport support team through online chat.

All frames forwarded to the Internet Exchange must:

  • Have the same source MAC address
  • Be Ethernet II (DIX) frames, with Ethertypes matching either ARP, IPv4, or IPv6

The following frames are not permitted on the Internet Exchange:

Multicast and broadcast, with the exception of ARP and IPv6 neighbor discovery Only exchange unicast routes over your BGP sessions in the Peering LANs. Multicast traffic is not permitted on (unicast) Peering LANs.

Frames from Proxy ARP Peering VLAN traffic is exchanged based on BGP routes, so it is unnecessary to answer ARP queries for any other IP address(es) than those configured on your ECIX interface. Some vendors enable proxy ARP by default which can lead to unwanted traffic on your network. Consider that if you have it enabled at ECIX, it is likely to be enabled at other peering points, which allows parties on both sides to use you as a transit.

802.2 LLC/SNAP frames

  • Layer 2 control and link local protocols such as:
    • All forms of spanning tree (STP) - Device(s) connected to the ECIX port are not allowed to be visible as L2 bridges. This means that they should not speak STP or any other (proprietary) L2 specific protocol.
    • Vendor discovery protocols (CDP, EDP, FDP, MNDP) - Various vendors (such as Extreme, Cisco) tend to ship their boxes as gregarious devices: by default they announce their existence from all of their interfaces and try to find family members. CDP (Cisco) and EDP (Extreme) are examples of this, but there are others. The only reason for running discovery protocols is to support certain types of auto configuration. Auto configuration on an Internet Exchange is a very bad idea. Hence, there is absolutely no reason to run discovery protocols on your ECIX interface. Discovery protocols typically cause unwanted broadcast or multicast traffic.
    • UDLD
    • DHCP
    • PIM
    • Layer 2 keepalives - By default, Cisco routers and switches periodically test their (Fast) Ethernet links by sending out Loopback frames (ethertype 0x9000) addressed to themselves. (An ‘L2 self-ping’). In a switched environment, this can be used to test the functionality of the switch and/or keep the router’s MAC address in the switch’s address table. In the ECIX environment, this is not useful since we use MAC timeouts that are larger than the typical BGP and/or ARP timeouts.
    • Internal routing protocols (such as OSPF, EIGRP, RIP, and IS-IS) - The only routing protocol permitted on the Peering VLANs is BGP. There is no valid reason for interior routing protocols to appear on the shared medium. These protocols only cause unnecessary multicast and broadcast traffic.

Non-unicast IPv6: IPv6 ND-RA IPv6 router advertisements generate a lot of unnecessary traffic, since IPv6 hosts on the ECIX are not autoconfigured, and besides, you don’t want to be the default router for the whole Peering VLAN.

  • ICMP redirects

Multiple MAC addresses Since ECIX operates on the principle of ‘one router per port per vlan’, there should be only one MAC address visible behind each port in each VLAN. Some members connect through intermediate switches or use a L2/L3 hybrid device. If these devices are not configured properly, they can cause forwarding loops, STP instabilites, and lots of unwanted traffic on the exchange. There is no excuse for these devices to leak traffic, and there is no necessity to talk STP on the link to ECIX. Hence, by enforcing the one-MAC-address rule, we also enforce these issues.

Non-unicast IPv4: IGMP, DHCP, TFTP On the ECIX Peering VLANs the only non-unicast traffic that is allowed is the ARP query. Sometimes we see equipment trying to get a configuration through broadcast TFTP, or configure themselves through DHCP. We will leave it to the reader to consider why this is a bad idea. Other equipment has IGMP turned on by default (or by accident). The Peering LAN is for unicast IP traffic only, so there is no point in configuring multicast on the ECIX interface.

Miscellaneous non-IP: DEC MOP, etc. Some vendors enable protocols other than IP by default. Cisco, for example ships certain versions of IOS with DEC MOP enabled by default. This non-IP traffic has no place at ECIX.

MegaIX route servers do not obey the well-known BGP community attribute no-export. This community attribute is passed transparently to the other peers connected to the route server.

Multiple Exit Discriminator (MED) values are considered in the route selection rules only when the advertising ASN is the same for candidate routes. MED values are not modified by the route servers. Values advertised to the route servers are passed unaltered to other peers.

All routes on the IX are given equal local preference by the route servers. The route servers do not compare the BGP router ID for best route selection, instead preferring the oldest route when all other attributes are equal.

Best Practices

  • Do not configure “network” or any of the other peering LANs in your router’s BGP configuration.

Looking glass

Megaport operates a public, web accessible MegaIX Looking Glass for peers and network operators to investigate the current routing state. You can query both the primary and redundant route servers for live BGP data. The MegaIX Looking Glass is available at

More information

Last update: