nanog mailing list archives
Re: IXP
From: Sean Donelan <sean () donelan com>
Date: Sun, 19 Apr 2009 14:00:32 -0400 (EDT)
On Sat, 18 Apr 2009, Paul Vixie wrote:
"Even"? *Especially* -- or they're not competent at doing security.wouldn't a security person also know about http://en.wikipedia.org/wiki/ARP_spoofing and know that many colo facilities now use one customer per vlan due to this concern? (i remember florian weimer being surprised that we didn't have such a policy on the ISC guest network.)
I tend to believe there is almost always more than one way to solve any problem, and if you can't think of more than one way you probably don't understand the problem fully.
IXPs are a subset of the Colo problem, so there may be some issues for the colo case that IXPs can handle differently than general purpose colos. Why use "complex" DELNIs when you could just have passive coax and a real RF broadcast medium for your IXP.
If all the IXP participants always did the right thing, you wouldn't need the IXP operator to do anything. The problem is sometimes an IXP participant does the wrong thing, and the other IXP participants want the IXP operator to do something about it which is probably why most IXP
operators use stuff more complex than a passive coax.Other than Nick's list, are there any other things someone interested in checking IXP critical infrastructure might add to the checklist?
Current thread:
- Re: IXP, (continued)
- Re: IXP Roland Dobbins (Apr 18)
- Re: IXP Sean Donelan (Apr 19)
- Re: IXP Stephen Stuart (Apr 18)
- Re: IXP Bill Woodcock (Apr 18)
- Re: IXP Paul Vixie (Apr 23)
- Re: IXP Leo Bicknell (Apr 23)
- Re: IXP Adrian Chadd (Apr 23)
- Re: IXP Jack Bates (Apr 23)
- Re: IXP Mike Leber (Apr 23)
- Re: IXP Stephen Stuart (Apr 24)
- Re: IXP Leo Bicknell (Apr 24)
- Re: IXP Nick Hilliard (Apr 24)