nanog mailing list archives
Re: Announcing Peering-LAN prefixes to customers
From: Dominic Schallert <ds () schallert com>
Date: Thu, 20 Dec 2018 19:15:46 +0100
Dear Job, Michael, Ross, thank you very much for sharing your opinion, the detailed info and references. That’s pretty much what I excpected. Just wondered because I couldn’t find any IXP Conection Agreement stating this „issue“ explicitly yet. Maybe MANRS IXP actions has some recommendations regarding this, checking that now. Best wishes and happy holidays Cheers Dominic
Am 20.12.2018 um 19:06 schrieb Michael Still <stillwaxin () gmail com>: IXP LANs should not be announced via BGP (or your IGP either). See section 3.1: http://nabcop.org/index.php/BCOP-Exchange_Points_v2 <http://nabcop.org/index.php/BCOP-Exchange_Points_v2> On Thu, Dec 20, 2018 at 12:50 PM Dominic Schallert <ds () schallert com <mailto:ds () schallert com>> wrote: Hi all, this might be a stupid question but today I was discussing with a colleague if Peering-LAN prefixes should be re-distributed/announced to direct customers/peers. My standpoint is that in any case, Peering-LAN prefixes should be filtered and not announced to peers/customers because a Peering-LAN represents some sort of DMZ and there is simply no need for them to be reachable by third-parties not being physically connected to an IXP themselves. Also from a security point of view, a lot of new issues might occur in this situation. I’ve been seeing a few transit providers lately announcing (even reachable) Peering-LAN prefixes (for example DE-CIX Peering LAN) to their customers. I’m wondering if there is any document or RFC particularly describing this matter? Thanks Dominic -- [stillwaxin () gmail com <mailto:stillwaxin () gmail com> ~]$ cat .signature cat: .signature: No such file or directory [stillwaxin () gmail com <mailto:stillwaxin () gmail com> ~]$
Attachment:
signature.asc
Description: Message signed with OpenPGP
Current thread:
- Announcing Peering-LAN prefixes to customers Dominic Schallert (Dec 20)
- Re: Announcing Peering-LAN prefixes to customers Job Snijders (Dec 20)
- Re: Announcing Peering-LAN prefixes to customers Ross Tajvar (Dec 20)
- Re: Announcing Peering-LAN prefixes to customers Michael Still (Dec 20)
- Re: Announcing Peering-LAN prefixes to customers Dominic Schallert (Dec 20)
- Re: Announcing Peering-LAN prefixes to customers Steven Bakker (Dec 21)
- Re: Announcing Peering-LAN prefixes to customers Dominic Schallert (Dec 20)