TOP  

IP Transit: A Beginner’s Guide

Avatar for Diego Asturias By
January 16, 2024 • Last updated on January 17, 2024
#internet exchange #ip transit #isp #peering

IP Transit is not just a technical term; it’s the backbone that keeps the global network pulsating with information. Imagine IP transit as the high-speed highways of the internet, where data travels across continents, connecting businesses, governments, and individuals in the blink of an eye.

Why is IP transit so crucial? It’s simple. In our interconnected world, the efficiency and reliability of data transfer are paramount. IP Transit ensures that data packets find the most efficient routes across the complex web of global networks.

IP transit

Explore the world of IP Transit with the Absolute Guide to IP Transit (For Beginners), a comprehensive guide that demystifies the complex highways of the internet. This guide is your roadmap to understanding how data travels across the globe, connecting everyone and everything, in an instant.

Table of Contents

  1. Structure of the Internet
  2. Network Agreements and Technologies.
  3. Routing in Transit (BGP and AS).
  4. IP Transit Service Providers. 
  5. Frequently Asked Questions.
  6. Final Words. 

1. The Structure of the Internet.

Getting to know the internet’s structure is important for understanding IP transit. It shows the hierarchical network system and data routing.

The Internet is a network of networks, consisting of Autonomous Systems (AS) managed by ISPs and linked through Internet Exchange Points (IXPs). It uses a variety of connection methods, including optical fiber, DSL, cable, wireless, and satellite, to provide global connectivity. This allows for seamless data exchange and internet access across devices and regions.

The following image illustrates the Internet’s infrastructure, including:

  • Autonomous Systems (AS) that form the backbone of the Internet
  • Internet Exchange points (IX) where ASs exchange traffic. 
  • ISPs that offer various forms of access to end-users
  • Internet access technologies, including Wi-Fi, cellular networks, or satellite. 
The structure of the internet
Public Domain Photo by Wikimedia

The IP transit service comes into place when an ISP allows other networks (such as other ISPs, enterprises or different ASes) to transmit data across its network. This service is critical for smaller ISPs (lower tier) or networks that do not have the infrastructure to reach all parts of the Internet on their own.

2. Network Agreements and Technologies.

The Internet’s functionality and vast reach are maintained through a complex web of relationships and connections among different ISP networks, enterprises, cloud, content delivery networks, etc. To understand these relationships, let’s take a closer look at how these are made. Two ways of doing this: Peering and Transit. 

a. Peering Service: 

Peering is an agreement between networks (i.e. ISPs) to exchange data directly. This usually happens without money involved. Peering helps reduce latency and decreases the reliance on third-party networks. There are two main types of peering: public and private. Public peering happens at internet exchange points (IXPs), where many networks meet. Meanwhile, private peering is a direct link between two networks.

b. Transit Service:

Transit is a service where one network gives another network access to the entire Internet. Unlike peering, transit is a customer-provider relationship. Smaller networks pay providers for transit to access the rest of the Internet. Transit is vital for smaller ISPs. (more on transit services on the next chapters). Some providers might include IP address leasing (as a component of their agreements). ISPs or enterprises can also benefit by renting IPs from other entities, to avoid vendor lock-ins. 

c. Internet Service:

This is the service that lets people connect to the internet. ISPs provide this service, and they may use a combination of their own networking infrastructure and transit services from larger ISPs to provide comprehensive internet access. This service includes not only basic connectivity, but often additional services such as email hosting, web hosting, and more. Internet services may offer DIA (Dedicated Internet Access) or shared. 

d. How do they work together? 

The following diagram shows how different parts of the internet connect using transit and peering. It illustrates how internet requests (from home or businesses) are routed through various networks. A local ISP connects to larger transit service providers to access global internet content, and sometimes, ISPs connect directly to each other to exchange traffic more efficiently.

Transit, Peering, and Internet
  • Transit Provider: The cloud in the center labeled “Transit Provider” represents a major network service company that moves internet traffic across vast distances. Think of it as a highway operator that allows lots of different drivers (data) to use its roads.
  • ISPs: The clouds labeled “ISP 1,” “ISP 2,” and “ISP 3” represent Internet Service Providers, the companies that give everybody access to the Internet. They’re like local roads that connect homes and businesses to the wider highways.
  • Connections: Transit Connections show how the ISPs connect to the larger Transit Provider to send and receive data. Peering Connections show how ISPs interconnect with each other. Additionally, Internet Connections are the final path data takes to reach its destination, like your home or office.
  • Direction of flow: The direction of data flow between ISPs and their clients can be either upstream or downstream. “Upstream” describes the flow of data from a local or smaller ISP to a larger, higher-tier ISP or the internet backbone. Conversely, “downstream” is the flow of data from the higher-tier ISPs or internet backbone down to the smaller, local ISPs, and ultimately to the end-users. This is why IP transit providers are referred to as “upstream providers” (more on this in the coming chapters).

Note: Bear in mind that transit providers can also be ISPs (and vice versa). It is helpful to classify providers by network size and reach, using tiers. Tier 1 ISPs have vast networks for global access and peer exclusively with each other. Tier 2 and Tier 3 ISPs have smaller scales. Smaller Tier 2 or Tier 3 (non-Tier-1) ISPs can purchase or lease internet access from larger Tier 1 ISPs and connect to the broader internet (IP transit). An example of a Tier 1 ISP (and single-homed network is IPTP Networks).

3. Routing in Transit (AS and BGP).

Routing is critical for navigating data across the Internet’s complex network of networks. In peering, networks exchange routing information to directly send and receive data. In transit, a provider offers broader access, routing customer data across the entire Internet. These routing processes guide data packets through the optimal paths to their destinations, shaping the Internet’s connectivity and functionality.

In routing, there are two important concepts to consider, and which often come up, AS and BGP: 

  • AS (Autonomous System): An AS is a collection of connected internet routes under the control of one or more network operators (or ISPs). Each AS is assigned a unique number, known as an ASN, which helps to identify it on the global internet. This system allows large networks to manage their routes and policies efficiently, ensuring that internet traffic flows smoothly.
  • BGP (Border Gateway Protocol): BGP is the mapmaker of the internet, deciding the best routes for data to travel efficiently and securely. BGP is a path-vector protocol that can be either eBGP (Exterior BGP) or iBGP (interior BGP). On the one hand, eBGP is used for routing between different AS on the internet, while iBGP is employed for routing within a single AS.

Interesting fact! Jumbo frames are quite useful in IP transit routing because they allow more data to be sent in a single frame. This reduces overhead and can be especially useful in high-bandwidth networks like those operated by ISPs.

a. How do ASes communicate using BGP? 

The following diagram illustrates how different Autonomous Systems (AS), communicate using BGP. It shows us how separate internet networks (ASes) use BGP to send data between each other and within themselves in the most efficient way.

BGP and ASN
  • Autonomous Systems (AS): Each circle represents a network or AS, labeled with a number like “AS 100” or “AS 300.” 
  • BGP Routers: Inside each AS, there’s a router. The routers use BGP to communicate, ensuring data takes the best route when it needs to leave the “neighborhood” and visit another one.
  • eBGP and iBGP: The eBGP connects routers in different ASes. While iBGP connects routers within an AS.

b. IP Transit via BGP routing + security (with RPKI)

Now, that you have the basics of AS and BGP, let’s introduce the concept of transit. We’ll also add security into the mix, with RPKI (Resource Public Key Infrastructure) which adds an extra layer of security to BGP routing. This security protocol ensures that data travels along the correct paths, avoiding misrouting and potential malicious attacks.

The following diagram illustrates how enterprise networks and ISPs interact with each other and the internet at large, utilizing BGP for routing decisions and RPKI for route security, to efficiently and securely manage the flow of data across the network.

IP transit network diagram
  • Enterprise Networks (AS2 and AS3): Here the two circles AS2 and AS3 represent two separate enterprise networks, each with its own AS. Each AS has an eBGP router that determines the best path for sending out its internet traffic. These two enterprises need transit service to the internet. 
  • ISP (AS1): This is the network of an ISP that connects enterprises to the wider Internet. The ISP uses an eBGP router to manage incoming and outgoing internet traffic. This ISP is the IP transit provider.
  • RPKI Validation: All networks have RPKI validation to ensure that data paths are safe and authorized. It’s like a security checkpoint to prevent traffic from taking a wrong turn. The “RIR RPKI CA” represents the centralized authority that issues security passes for these checkpoints.
  • Other ISPs and Enterprises: These clouds represent many networks that are part of the internet, all connecting to the central internet cloud.

4. IP Transit Service Providers.

Transit is a customer-provider service where money is exchanged. IP transit providers (which can also be IXPs, carriers, or large ISPs) are sometimes also called upstream providers. Transit provides access to downstream partners and other ISPs. They facilitate the transfer of customer-ISP traffic across the Internet. In other words, they connect smaller ISPs (Tier 2, Tier 3) with their end-users to the internet backbone. 

Examples of popular IP transit providers include AT&T, Verizon, Xfernet, GTT, Level 3 Communications, NTT Communications, China Telecom, and Tata Communications. IP Transit’s power lies in its global reach. For example, Telstra a Hong Kong-based provider has a strategic location in Asia, so it serves as a vital hub, connecting the East and West. Meanwhile, in Europe, providers like NL-ix (the Netherlands-based) offer advanced infrastructure and central location. So it acts as a crucial node in the European network landscape.

Note: One of the distinctive features of an IP transit provider is to serve as a replacement for network peering relationships. ISPs can choose peering for balanced mutual benefits or purchase transit services for broader access. But still, peering (since is an agreement without money involved) is limited to traffic from direct customers. Transit services, on the other hand, allow these smaller ISPs or clients to purchase bandwidth to connect to all publicly accessible Internet destinations. 

a. Pricing models and contracts: 

IP transit services are offered with a variety of pricing options, including usage-based billing, flat rates for specific speeds, and tiered pricing for bandwidth capped at customer-specified levels. Providers typically include Service Level Agreements (SLAs) to guarantee a reliable user experience. Contracts for these services are typically time-bound (12-36 months) and may offer volume discounts depending on the customer’s commitment to certain levels of bandwidth usage.

b. Key services: 

In order to fulfill their mission, IP transit service providers may offer a wide range of services. Examples of the most common services offered by these providers are: 

  • Flexible and scalable bandwidth options. Large bandwidth connections over fiber optic lines over Gigabit ethernet interfaces. IP Transit services involve large bandwidth connections over fiber optic lines or data center cross-connects.  They also provide dedicated Ethernet or Gigabit ethernet interfaces.  
  • Guaranteed service levels (SLAs): SLAs are the backbone of IP Transit reliability. They define the level of service expected, including uptime, throughput, latency, and packet loss. SLAs are commitments made to maintain the highest standards of service. 
  • IPv4 & IPv6 dual stack support: Moving from IPv4 to IPv6 (see IPv6 vs IPv4 and IPv6 migration) is a major change in internet protocol technology. IPv6 has a virtually unlimited address pool and enhanced security features, so it’s necessary to make this change to accommodate the growing internet landscape. But while we transition to IPv6, support for both protocols is a must. 
  • BGP & static routing:  An IP transit provider offers both BGP and static routing to fulfill a variety of networking needs. This dual offering allows providers to address a wide range of customer requirements, from simple, consistent routes to dynamic, adaptive networking.
  • Resource Public Key Infrastructure (RPKI): RPKI is a security framework used by IP transit providers. It works by verifying that routes are legitimate and that IP address blocks are being announced by authorized ASes. By implementing RPKI, providers can ensure more secure and reliable routing for their networks and customers.
  • DDoS mitigation: DDoS attacks flood the bandwidth of a targeted system with traffic from multiple compromised systems. IP transit services provide a robust defense mechanism to mitigate DDoS. These mechanisms include traffic analysis, threat identification, and immediate response systems.
  • Compliance with PCI and DSS Standards: Some IP transit providers ensure adherence to PCI and DSS standards. These standards ensure companies that process, store, or transmit credit card information maintain a secure environment and know how to handle sensitive traffic properly. 
  • Other relevant services: These IP transit providers have global reach, so they also have over other services like cloud, direct CDN, dedicated server hosting, and colocation. They also provide transport services (multi-directional citrus between data centers in major spots). And related services like SD-WAN, Ethernet, broadband and more. 
  • IP resource management support. Some providers may offer IP address leasing as part of their agreements. ISPs or enterprises can also benefit from renting IPs from other entities to avoid getting locked into a single vendor.

c. Who uses IP transit services?

IP Transit clients range from large corporations to small businesses. Providers usually give tailored services to meet the unique needs of each client. The services are typically used by a variety of customers who need reliable internet connectivity, including smaller ISPs, large enterprises, fixed and mobile broadband providers, and possibly even cloud service providers or content delivery networks. 

d. Steps for starting with an IP transit service. 

  1. Evaluate the transport or ISP’s tier to understand their network reach and performance.
  2. Opt for providers offering transparent, cloud-like pricing structures. Ensure the ability to scale services quickly and efficiently, akin to cloud services.
  3. Determine the way to access the provider. One way to access the IP transit service is to find a colocation data center. But there are also other ways like direct connections via cloud hosting or managed hosting. 
  4. If you choose colocation on a data center. Pick an Ethernet port on the transit provider’s switch at the ISP’s PoP. Choose the port capacity, (examples include 10G, 100G, or even 400G). Physical connections include fiber optics or wireless. 
  5. Once you’ve got your Ethernet port, you need to subscribe to the bandwidth you need for data transmission. Bandwidth is typically offered in increments of 1Gbps. 
  6. Sign up for a contract, which typically lasts for 12, 24, or 36 months. Consider additional services such as integrated DDoS protection.

5. IP Transit: Frequently Asked Questions.

a. What are cross-connects? 

Cross-connects are essential for network connectivity in the realm of IP transit, providing a direct and secure linkage between a business’s servers and network services. They are the physical or virtual connections that facilitate quick and low-latency access to an array of network resources. In a colocation data center, businesses use cross-connects to connect their infrastructure to the data center’s ecosystem, which includes cloud services and other ISPs.

b. Single-Homed vs Multi-Homed? 

A single-homed is a network configuration connecting to the internet via a single ISP. It’s simpler and more cost-effective but less resilient due to the single point of failure. Multi-homed on the other hand, involves connections to multiple ISPs, enhancing redundancy and potentially improving performance. It’s more complex and costly but offers greater fault tolerance and network resilience.

c. What is POP (Point of Presence) in IP Transit? 

A POP is a physical location or access point where networks connect to the internet, usually housed in data centers. POPs facilitate local user access to the internet, reducing latency and enhancing connection speed.

d. IP Transit vs. IX Transit: what are their differences? 

As you already know, IP Transit is paid access to the broader internet through a provider’s network. On the other hand, IX Transit is the exchange of internet traffic at an Internet Exchange Point, typically for regional connectivity.

e. What is MPLS and why is it relevant for IP transit?

Multiprotocol Label Switching (MPLS) is a packet routing technique used in telecom networks. It’s often used for VPNs. In IP Transit MPLS, it’s used for efficient and flexible routing within a provider’s network (usually for WANs). MPLS enhances the flow of traffic by prioritizing certain types of data. This allows for the creation of virtual private networks (VPNs) and improved network management.

f. What is DIA and how does it relate to IP transit?

DIA (Dedicated Internet Access) is a private, dedicated Internet connection offering consistent bandwidth. It is distinct from shared or public internet access. DIA provides consistent, high-speed bandwidth and greater reliability, essential for businesses requiring stable and high-performance internet connectivity. It might be an additional service offered by IP transit providers, but is mostly common in Tier 2 or Tier 3 ISPs. 

g. IP Transit vs IP Peering: which one to choose? 

IP transit is a service that networks pay for to have full internet access. Peering, on the other hand, is a mutual, usually free, exchange of data between ISPs. It’s ideal for networks with similar traffic volumes. The choice depends on whether the network needs global access (transit) or balanced traffic exchange (peering).

h. IP transit vs IP transport: what are the differences? 

IP transit is all about getting data from one place to another on the internet. It’s the logical connection that allows you to access the internet and send and receive data. IP transport, on the other hand, is the physical infrastructure that carries the data. It’s the cables, routers, and other equipment that make up the internet.

Final Words.

Congratulations on completing your journey through the intricate world of IP Transit!

Now that you’ve got the knowledge, it’s time to put it to use and improve your network’s efficiency and connectivity. 

Don’t delay — explore the possibilities and turn your understanding into action today!

Start reserving your IPv6 address space today!

About author Diego Asturias

Avatar for Diego Asturias

Diego Asturias is a tech journalist who translates complex tech jargon into engaging content. He has a degree in Internetworking Tech from Washington DC, US, and tech certifications from Cisco, McAfee, and Wireshark. He has hands-on experience working in Latin America, South Korea, and West Africa. He has been featured in SiliconANGLE Media, Cloudbric, Pcwdld, Hackernoon, ITT Systems, SecurityGladiators, Rapidseedbox, and more.