IXCtl - Take CTL of your route servers!
Remove route server management from the list of things that you need to worry about and get down to the business of running your IX. We provide modern, modular architecture for internet exchanges (IX) to manage infrastructure, automate provisioning and provide a portal for connected networks.
What is IXCtl?
IXCtl is an automation platform purpose built for internet exchange operators.
Combine and automate operational tasks in a seamless system. Using our member management features, import your existing connected network list from PeeringDB or enter it manually, then use IXCtl to manage MAC addresses, IP addresses, or export as an IX-F connected networks list schema.
IXCtl is the stand-alone Internet Exchange management platform, and is one component of 20C’s FullCtl suite.
IXCtl now has an open source version! designed as a toolkit to enhance flexibility for Internet Exchanges. Now, an IX can run individual components as desired while still allowing for custom, granular integrations with limitless possibilities.
What can I do with IXCtl?
Take the hassle and complexity out of properly managing resource public key infrastructure (RPKI) and route origin authorizations (ROAs) at your IX. IXCtl takes data directly from PeeringDB and combines it with industry best practices to generate (and maintain) secure route server configurations.
How does IXCtl work?
Click “import” to pull baseline data on connected networks from PeeringDB
Hit “configure route server” and add basic info to generate secure configurations
Point your Kubernetes cluster at our target and enjoy karmic bliss, knowing that your route servers are automatically contributing to the good of the internet!
a. Not running K8s? No worries, use our Ansible script to set up your route servers on a VM instead!
b. Don’t want to use our automated container? Again, no worries, you can CURL the configuration and use it in your own aroutserver implementation!
What else can IXCtl do?
- Not only does ixctl generate secure route server configurations, it automatically updates them over time as connected networks update their information, etc.
- IXCtl is an excellent source of truth for wider automation efforts (pro-tip: the FullCtl team can help you with this!)
- When you deploy ixctl at your IX, all of your connected networks get access to the PeerCtl dashboard to automatically update their mac addresses and as-sets directly
All FullCtl products come with audit logging and role based access control (RBAC) out of the box.
FullCtl is more than just software tools, we build complete network automation systems, ask us about your thorniest automation issue to learn more - even if your biggest challenge is just knowing how and where to start.
Not only is the API (Application Programming Interface) a first class citizen, it’s the only citizen - the web interface is 100% API driven. Our API allows any external system to interact with any individual component in our system which will help customers easily automate their workflow.
Components are designed to be run as a small service in a container or VM orchestration platform of your choice. We currently have production services running on docker swarm mode, Kubernetes, and VMs. OpenShift is in the works. We are happy to host any parts of it for you as well.
Use as much as or as little as you want. Do you have an internal system that owns customer data? We can integrate with that. Have a home grown provisioning system that needs to be called on changes? Yep, check.
Anytime someone makes a change to the system, others from that company can identify who made the change and how the system was impacted.
*Licensed components are not included in the open source package. Learn more about acquiring licensed options.
Turnkey Secure Route Servers
IXCtl leverages arouteserver to produce well tested configs for a variety of route server implementations. It can be used with FullCtl containers to dynamically load configs as updates are made.
Authenticate with PeeringDB with an option to incorporate it’s user permissions for AS. Also keeps a local PeeringDB copy to use data from. All PeeringDB gained data is overridable by admins or users.
Source of Truth
IXCtl is designed to be the source of truth for the Internet Exchange.
Billing System Integration: Allows the platform to be monetized. Service functionality can be locked behind metered subscriptions billed on schedule as well as one-time product purchases. All service billing is configurable and manageable through the administrative tools. Integrated with Stripe so no sensitive data (credit card information) is stored with us.
Client Portal: Allows connected networks to login and configure their own peering sessions on the IX, saving time by eliminating the need to contact the IX and request changes.
- Mac Address Update: This new feature allows networks to enter the system and update specific information about their network on their own - in this case their mac address information. The system saves time and resources - no more waiting for human responses or manual updates. Mac address updates will be automatically included in the exchanges route server configuration.
AS112 config + Containers: IXCtl will be able to generate AS112 configuration that can then be pulled in from it’s API to configure AS112 server(s) running inside container environments. Config changes to the nameservers will be propagated via fastapi.
Container Management from the Portal: IXCtl will be able to manage route server containers and provide tools for queries, status updates and reconfiguration using IXCtl’s route server config utility.
Netbox Integration: Allows the synchronization of netbox data to IXCtl as well as to send updates to netbox. This first milestone will focus on devices, but will lay the foundation for other netbox objects down the line.
Sign up for Automated Onboarding to Generate and Email PDF’s: Utilizing a streamlined import feature, data integration is automated. IXCtl uses peeringdb data to allow an internet exchange to quickly populate their list of networks. Instead of manually adding each network, users simply select “import from peeringdb.”
Our system can auto-populate IXCtl groups and give IXP managers assigning privileges to streamline the admin process. The system can also import existing restrictions such as read-only users. Specific permission levels desired by the client but not supported in PDB can be assigned within IXCtl.
Have an idea or request for a feature? Please contact us. For more information on these and additional features please see: https://github.com/fullctl and https://github.com/orgs/fullctl/projects/2
IXCtl started as a component of the FullCtl Suite by 20C. It was initially written to power the Chicago Internet Exchange and was called uixauto as a provisioning overlay to IXP-Manager. It has since evolved, and is currently used in production environments.
20C has always been an open source software proponent but open sourcing the internal FullCtl components had not been considered until a specific need was identified by our clients. Frequently when dealing with network automation, there are many proprietary customer-specific interfaces, which make it difficult to separate and open source. In addition, IXP Manager has done a great job filling the needs for this very niche market. However, the ability to select only the components needed for a specific project expands functionality, reduces redundancy and lowers cost. There has been immense interest in this project. Clients can choose open source and free to use, or let 20C manage, support, and/or host it. We’re big fans of this whole internet thing, so we discount our rates for registered non-profits.
Printable version of IXCtl overview