nanog mailing list archives
Re: best practice for advertising peering fabric routes
From: Niels Bakker <niels=nanog () bakker net>
Date: Wed, 15 Jan 2014 18:56:27 +0100
* patrick () ianai net (Patrick W. Gilmore) [Wed 15 Jan 2014, 04:36 CET]: [..]
NEVER EVER EVER put an IX prefix into BGP, IGP, or even static route. An IXP LAN should not be reachable from any device not directly attached to that LAN. Period.
This is correct, and protects both your (ISP) infrastructure and the IXP's. All major European IXPs revisited their policy after the giant DDoS attack on CloudFlare, and the above was pretty much the outcome.
-- Niels.
--
"It's amazing what people will do to get their name on the internet,
which is odd, because all you really need is a Blogspot account."
-- roy edroso, alicublog.blogspot.com
Current thread:
- Re: Proxy ARP detection, (continued)
- Re: Proxy ARP detection Patrick W. Gilmore (Jan 15)
- Re: Proxy ARP detection Jimmy Hess (Jan 15)
- Re: Proxy ARP detection Vlade Ristevski (Jan 16)
- Re: Proxy ARP detection Niels Bakker (Jan 16)
- Re: Proxy ARP detection Warren Bailey (Jan 16)
- Re: Proxy ARP detection Jimmy Hess (Jan 16)
- Re: Proxy ARP detection Niels Bakker (Jan 16)
- Re: Proxy ARP detection (was re: best practice for advertising peering fabric routes) ML (Jan 15)
- Re: Proxy ARP detection (was re: best practice for advertising peering fabric routes) Jimmy Hess (Jan 15)
- Re: best practice for advertising peering fabric routes Niels Bakker (Jan 15)
- Re: best practice for advertising peering fabric routes Niels Bakker (Jan 15)