[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Announcing Peering-LAN prefixes to customers

Subject: Announcing Peering-LAN prefixes to customers
From: ds at schallert.com (Dominic Schallert)
Date: Thu, 20 Dec 2018 19:15:46 +0100
In-reply-to: <CAPDTRigh5XBL3ja=CyeLiebESCLjMd3UruDEPVECGZzRebXN-g@mail.gmail.com>
References: <[email protected]> <CAPDTRigh5XBL3ja=CyeLiebESCLjMd3UruDEPVECGZzRebXN-g@mail.gmail.com>

Dear Job, Michael, Ross,
thank you very much for sharing your opinion, the detailed info and references. Thatâ??s pretty much what I excpected.
Just wondered because I couldnâ??t find any IXP Conection Agreement stating this â??issueâ?? explicitly yet.

Maybe MANRS IXP actions has some recommendations regarding this, checking that now.

Best wishes and happy holidays

Cheers
Dominic


> Am 20.12.2018 um 19:06 schrieb Michael Still <stillwaxin at gmail.com>:
> 
> IXP LANs should not be announced via BGP (or your IGP either). See section 3.1:
> http://nabcop.org/index.php/BCOP-Exchange_Points_v2 <http://nabcop.org/index.php/BCOP-Exchange_Points_v2>
> 
> 
> 
> On Thu, Dec 20, 2018 at 12:50 PM Dominic Schallert <ds at schallert.com <mailto:ds at schallert.com>> wrote:
> Hi all,
> 
> this might be a stupid question but today I was discussing with a colleague if Peering-LAN prefixes should be re-distributed/announced to direct customers/peers. My standpoint is that in any case, Peering-LAN prefixes should be filtered and not announced to peers/customers because a Peering-LAN represents some sort of DMZ and there is simply no need for them to be reachable by third-parties not being physically connected to an IXP themselves. Also from a security point of view, a lot of new issues might occur in this situation.
> 
> Iâ??ve been seeing a few transit providers lately announcing (even reachable) Peering-LAN prefixes (for example DE-CIX Peering LAN) to their customers. Iâ??m wondering if there is any document or RFC particularly describing this matter?
> 
> Thanks
> Dominic
> 
> 
> --
> [stillwaxin at gmail.com <mailto:stillwaxin at gmail.com> ~]$ cat .signature
> cat: .signature: No such file or directory
> [stillwaxin at gmail.com <mailto:stillwaxin at gmail.com> ~]$

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20181220/63fb17f0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20181220/63fb17f0/attachment.sig>

Follow-Ups:
- Announcing Peering-LAN prefixes to customers
  - From: Steven.Bakker at ams-ix.net (Steven Bakker)

References:
- Announcing Peering-LAN prefixes to customers
  - From: ds at schallert.com (Dominic Schallert)
- Announcing Peering-LAN prefixes to customers
  - From: stillwaxin at gmail.com (Michael Still)

Prev by Date: Stupid Question maybe?
Next by Date: Facebook doesn't have a route to my ISP's (Cogeco) IPv6 space?
Previous by thread: Announcing Peering-LAN prefixes to customers
Next by thread: Announcing Peering-LAN prefixes to customers
Index(es):
- Date
- Thread