nanog mailing list archives

Re: IXP

From: Mikael Abrahamsson <swmike () swm pp se>
Date: Sun, 19 Apr 2009 09:31:19 +0200 (CEST)

On Sat, 18 Apr 2009, Nick Hilliard wrote:

- ruthless and utterly fascist enforcement of one mac address per port,using either L2 ACLs or else mac address counting, with no exceptionsfor any reason, ever. This is probably the single more importantstability / security enforcement mechanism for any IXP.

Well, as long as it simply drops packets and doesn't shut the port orsome other "fascist" enforcement. We've had AMSIX complain that our Cisco12k with E5 linecard was spitting out a few tens of packets per day duringtwo months with random source mac addresses. Started suddenly, stoppedsuddenly. It's ok for them to drop the packets, but not shut the port in acase like that.


--
Mikael Abrahamsson    email: swmike () swm pp se

Current thread:

Re: IXP, (continued)
- Re: IXP Joe Greco (Apr 17)
- Re: IXP Alex H. Ryu (Apr 17)
- Re: IXP Nick Hilliard (Apr 18)
  - Re: IXP Sharlon R. Carty (Apr 18)
    - Re: IXP Arnold Nipper (Apr 18)
  - Re: IXP Randy Bush (Apr 18)
    - Re: IXP Arnold Nipper (Apr 18)
    - Re: IXP Randy Bush (Apr 18)
    - Re: IXP Arnold Nipper (Apr 19)
    - Re: IXP Randy Bush (Apr 19)
  - Re: IXP Mikael Abrahamsson (Apr 19)
    - Re: IXP Chris Caputo (Apr 19)
    - Re: IXP Arnold Nipper (Apr 19)
    - Re: IXP Nick Hilliard (Apr 19)
- Re: IXP Stephen Stuart (Apr 18)
- Re: IXP Deepak Jain (Apr 18)
  - Re: IXP Jeff Young (Apr 19)
- Re: IXP Brandon Butterworth (Apr 24)
- Re: IXP Leigh Porter (Apr 24)