Internet Exchange Points are an underappreciated resource that all internet users rely on, but governments have unfortunately ignored them, despite their status as critical infrastructure.
So says Flavio Luciani, chief technology officer at Italian outfit Namex, which operates Roma IXP.
His position isn’t just self-serving, because according to the Internet Society’s (ISOC’s) IXP tracker, 1,519 IXPs are currently active and have a collective capacity of 2,086,083 Gbps.
As ISOC explains, IXPs “are physical locations where different networks can send traffic to one another, serving as a kind of ‘traffic circle’ for the data that flows through them. So, rather than a network having to go all the way back to its own hub, which might be located halfway across the world, it can use another network to move the data.”
“This practice, known as peering, reduces latency, lowers costs, and makes connections more reliable,” ISOC adds, before lauding peering for creating “a larger number of routes for data traffic to travel on, which makes the whole network more resistant to problems in international connectivity.”
The ISOC says peering at IXPs “can improve access and support economic growth,” an assertion helped by the fact that IXP members don’t charge one another for peering services.
Most IXPs are privately operated and their existence and role isn’t widely known beyond the small community of internetworking wonks.
In an article that regional internet registries RIPE NCC and APNIC both published this week, Luciani argues that IXPs are therefore “often invisible in both public discourse and infrastructure policy”.
He thinks that may be because “Many IXPs start small, often as collaborative efforts between local ISPs, universities, or Network Operator Groups (NOGs).”
He also argues that IXPs protect the internet, using examples including the widespread internet outages experienced across Portugal and Spain during April 2024. “Analysis of a major blackout in 2025 revealed that Portugal’s Internet traffic dropped by up to 90 percent,” he wrote. “Spain’s traffic, while impacted, held up better, partly due to its stronger IXP footprint.”
Luciani also recognizes that IXPs can create problems, and listed the following three systemic risks they may create:
- Economic optimization over resilience: Traffic is increasingly routed through major IXPs due to cost and efficiency, concentrating risk.
- Dependency of smaller networks: Many small ISPs depend on a single IXP to access affordable connectivity and major content providers.
- Topological centralization: A handful of physical IXP locations carry disproportionate amounts of regional traffic, creating structural vulnerabilities.
He also worries that not all IXPs have strong governance, operate securely, or are observable.
“These are not ‘nice to have’ extras. In a world of BGP leaks, hijacks, and targeted attacks, they are baseline requirements,” he argues, but also notes that “Very few national legislations include IXPs in their critical infrastructure lists, often focusing instead on physical cable systems, data centres, or DNS infrastructure.”
He thinks that should change as the importance of IXPs means regulators should consider them in cybersecurity strategies, network resilience frameworks, and disaster preparedness schemes and the infrastructure audits that inform their creation.
In Europe, Luciani proposes creation of an IXP “Resilience Observatory”, plus a shared incident response framework for disruptions targeting IXPs.
“This approach isn’t about replacing existing governance — it’s about reinforcing it, just as IXPs reinforce the Internet itself,” he argues.
“Future-proofing the Internet demands that IXPs are embedded in resilience strategies, supported by transparent governance, and integrated into regional digital sovereignty efforts,” Luciani suggests. “The path forward is not to centralize more traffic in fewer places, but to build diverse, neutral, and well-governed interconnection points that reflect the same decentralization that made the Internet succeed in the first place.” ®