Network Perimeter


An IXP Network Operations Center (NOC) maintains the IXP hardware and deals with customer requests. The NOC can either be outsourced or run by the IXP itself, however most IXPs tend to run their own NOC.

Monitoring and management services

DMZ Management of the core IXP infrastructure should be done via a separate demilitarized zone ("DMZ" or management VLAN), the core devices must not be reachable from the internet to prevent security issues. Furthermore the monitoring (SNMP, flow sampling, etc) can be done in this VLAN or a separate VLAN from the peering traffic.


Workstations LAN

It is recommended that the Workstation's LAN of the NOC and the services DMZ are separated from each other by a router, this is again done for security reasons, as infected hosts in the Workstations LAN could harm the core devices in the services DMZ via layer2 attacks.