Zero Risk Architecture

Autonomous Internet and Risk Management


Autonomous Internet brings substantial advantages and the Autonomous Routing technology behind it makes a Non-Stop Internet network possible, and enables Risk Management.

Risk Management is not about minimizing risk to zero or almost zero however. Risk reduction, even with Autonomous Routing technology, is not free, and for many application some level of risk is acceptable, as long as it is assessable and controllable.

Making the initial transition from traditional provider-based Internet to Autonomous Internet is Zero-Risk: Open Peering simply guarantees the transition will work and deliver a turn-key production-ready network within 10 working days.

The risk level (potential downtime) of the network during it's operational life however depends largely on the architecture that is chosen in the design of the network.

In this page we describe Open Peerings Zero-Risk Guarantee for the initial transition, and different classes of Autonomous Internet architectures with their associated risk levels.

Zero Risk Guarantee



Open Peering guarantees a transition from provider-based Internet to Autonomous Internet will work, and will deliver a turn-key production-ready network within 10 working days.


  • At least the following components of the total solution are ordered with Open Peering: AS Number, IP Space, BGP4 Setup and 24*7 support and Global Transit;
  • The BGP4 Router(s) are either bought with Open Peering, or are Cisco, Foundry or Juniper brand, or in case of a Software router based on Open Peering pre-approved standard hardware, Linux OS and Quagga BGP4 software;
  • The customer qualifies for at least 256 IP addresses (64 immediate use) according to the RIPE regulations.

Assumptions and exclusions

The guarantee assumes the datacenter rackspace has been pre-arranged by the customer (in a location where Open Peering provides services), the customer provides Open Peering with adequate remote access to the BGP4 router hardware (for setup and support) in time, and the datacenter provides any required (customer-ordered) patchcables in a timely fashion.

The guarantee does not cover the customers internal switches network, any customer equipment (e.g. servers), renumbering IP addresses and customer-provided services (e.g. dns, www, etc.).

Turn-key, production-ready

Open Peering delivers an Autonomous Internet network under the Zero Risk Guarantee on turn-key basis. That means that if all of the above conditions are met, the customer only needs to connect it's internal network, and then has a solution thats works, guaranteed.


Other then datacenter rackspace Open Peering offers all components (see the Open Shopping List) required for an Autonomous Internet network. Only a subset of those components (as described above) is required to qualify for the Zero Risk Guarantee, but of course all other components ordered via Open Peering fall under the same guarantee.

Architectures and associated risk level


This table shows a ranking of 5 risk levels (AAA+ through B), associated reasonable minimal availability and maximum downtime and specification of what architecture provides such a level.

Rank Availability Downtime Solution Architecture
Per year Datacenter IP Block Routing Router(s) Transit upstreams
Min. Max. Sites Inbetween External Inbetween Internal Class Setup
AAA+ 100% 0 Dual Fiber ring Dual
Multi eBGP iBGP
VRRP 100% CAM (*****) Quad
AA 99.999% 5m/15s Dual Single fiber/
Metro Vlan
Multi eBGP iBGP
VRRP CAM Cache (****) Dual
A 99.95% 4h/22m Single - Single Multi eBGP iBGP
VRRP CAM Cache (***) Dual Dual
BB 99.8% 17h/31m Single - Single Dual eBGP - Default Appliance (**) Single
(hot spare)
B 99% 3d/15h Single - Single Single eBGP - Default Software (*) Single
(cold spare)

    Zero risk (top of the line, technology edge)
  Minimal risk (adequate for all professional usage)
  Light risk (acceptable in non-mission critical use)
  Moderate risk (unadvisable for other then experimental use)
  Serious risk (unadvisable)

Availability and downtime

The availability and maximum downtime per year a described in this table per risk level are estimated based on history and experience, and are averages over longer time.

Actual numbers depend largely on the specific individual choices that are made for solution components like the BGP4 Router hardware brand/model, a datacenter rackspace provider and Global Transit providers, and can only be guaranteed via service level agreements (SLA's) with those component providers.

In general terms it is advisable the choose Proven Technology and use Proven Services that are on the market for at least three years and are successfully used by a larger group of comparable reference customers. This can however conflict with the interest of using top of the line and technology edge products and services in a AAA+ ranked architecture which can provide substantially improved performance or lower cost.

Dual IP block in Dual Datacenter architecture

In this solution for each datacenter a local IP block (subnet) of at least 256 IP's in size each is allocated for local equipment on each datacenter. For external routing (eBGP) each router originates (creates) only the IP block that is local for his datacenter. But it does also accept the block that is local for the other datacenter from the other router(s) via internal routing (iBGP) when available. It announces both IP blocks externally (eBGP) to its Global Transit upstream providers for maximum path and upstream redundancy.

During an outage of the link between the datacenters, the announcement of the local IP blocks between the datacenters (iBGP) stops, and the routers on both datacenters fall back to only announcing their own local IP block to the rest of the Internet on Global Transit (eBGP). Both datacenter setups are still fully functional and operational, but temporarily loose some Global Transit path options and router redundancy.

This solution requires the equipment on both datacenter to operate completely independent from each other, user only local IP addresses, and continue to work if the other datacenter is unreachable (because the link between the datacenters is down or the equipment there is down. This requires that services (e.g. dns, www) are redundantly serviced by equipment on both datacenters. A resilient routing network architecture is useless if the services provided over that network are not resilient.

Never Renumber

Fully portable Provider Independent IP Addresss

Get your own provider independent IP addresses and never renumber your network again. And still retain full flexibility to mix and change upstream carriers and move your traffic.