Re: Announcing Peering-LAN prefixes to customers

[Job Snijders <job () ntt net>]

Dear Dominic,

On Thu, Dec 20, 2018 at 6:49 PM Dominic Schallert <ds () schallert com> wrote:
> this might be a stupid question but today I was discussing with a colleague if Peering-LAN prefixes should be 
> re-distributed/announced to direct customers/peers. My standpoint is that in any case, Peering-LAN prefixes should be 
> filtered and not announced to peers/customers because a Peering-LAN represents some sort of DMZ and there is simply 
> no need for them to be reachable by third-parties not being physically connected to an IXP themselves. Also from a 
> security point of view, a lot of new issues might occur in this situation.
>
> I’ve been seeing a few transit providers lately announcing (even reachable) Peering-LAN prefixes (for example DE-CIX 
> Peering LAN) to their customers. I’m wondering if there is any document or RFC particularly describing this matter?

It is NTT's policy to reject Peering LAN prefixes (and any
more-specifics) of any IXPs NTT is connected; on both our ingress EBGP
and egress EBGP policies.

We don't see a need for NTT to attempt to make such peering lan
networks reachable for third parties. Such reachability may negatively
impact operations, especially when more-specifics of Peering LAN
prefixes are distributed through the default-free zone.

As a consequence, for IXPs this policy suggests that it is a necessity
to host their own infrastructure (IXP website, mail server, etc)
outside the peering lan prefix.

Kind regards,

Job