IXP Best Common Practices - for the members of the IXP
6
Best Common Practices for members connected to IXPs Franck Simon – France IX Services [email protected]
-
Upload
france-ix-services -
Category
Technology
-
view
137 -
download
1
Transcript of IXP Best Common Practices - for the members of the IXP
Best Common Practices for members connected to
IXPs
Franck Simon – France IX Services
BCP for members • You need to have an ASN J • Keep in mind that by default you will not get a full Internet rou;ng table on the IXP you are connected to (except if the IXP does allow private user groups – private VLANs – and IP transit on it).
• You are not allowed to adver;ze neither any default route (or the default route) neither the full Internet table : you shall only adver;ze your own customers/users routes on the IXPs.
2
BCP for members • Keep in mind the IXP is a layer-‐2 infrastructure. You shall not propagate any internal elements from your own LAN/network to the IXP. – On members routers, toward the IXP:
• no discovery protocols • no IGP protocols • no spanning tree ac;vated on the port of the equipment connected to the IXP
• no proxy ARP
3
BCP for members • Don’t send Mul;cast over the Unicast peering VLAN ! • Show only one MAC address to the IXP (not the various MAC
addresses of your LAN) • Apply IN/OUT routes filtering on your connec;on port to the
IXP : – IN : deny the default route, and some specific routes (bogons…)
– OUT : only send the routes of your own customers and do not re-‐adver;ze third party routes
4
• Do not hesitate to use the BGP routes service provided by the IXP, and check about the BGP communi;es proposed by the IXP to bring you with more flexibility.
• Do not hesitate to secure your BGP sessions (both sessions with members and routes servers): authen;ca;on passwords on sessions
• Use the stats (especially Ne_low/sFlow stats when provided by the IXP), to enhance your rou;ng policy and iden;fy the main players you have traffic with.
5
BCP for members
Ques;ons ???
6
BCP for members
