Re: IXP

[vijay gill <vgill () vijaygill com>]

If you are unfortunate enough to have to peer at a public exchange
point, put your public ports into a vrf that has your routes. Default
will be suboptimal to debug.

I must say stephen and vixie and (how hard this is to type) even
richard steenbergens methodology makes the most sense going forward.
Mostly to prevent self-inflicted harm on parts of the exchange
participants. Will it work? Doubtful in todays internet clue level

/vijay

On 4/18/09, Jeff Young <young () jsyoung net> wrote:
> Best solution I ever saw to an 'unintended' third-party
> peering was devised by a pretty brilliant guy (who can
> pipe up if he's listening).  When he discovered traffic
> loads coming from non-peers he'd drop in an ACL that
> blocked everything except ICMP - then tell the NOC to
> route the call to his desk with the third party finally gave
> up troubleshooting and called in...
>
> fun memories of the NAPs...
>
> jy
>
>
> On Apr 18, 2009, at 11:35 AM, Nick Hilliard wrote:
>
> > On 18/04/2009 01:08, Paul Vixie wrote:
> > > i've spent more than several late nights and long weekends dealing
> > > with
> > > the problems of shared multiaccess IXP networks.  broadcast storms,
> > > poisoned ARP, pointing default, unintended third party BGP,
> > > unintended
> > > spanning tree, semitranslucent loops, unauthorized IXP LAN
> > > extension...
> > > all to watch the largest flows move off to PNI as soon as somebody's
> > > port was getting full.

-- 
Sent from my mobile device