Re: Announcing Peering-LAN prefixes to customers

[Dominic Schallert <ds () schallert com>]

Dear Job, Michael, Ross,
thank you very much for sharing your opinion, the detailed info and references. That’s pretty much what I excpected.
Just wondered because I couldn’t find any IXP Conection Agreement stating this „issue“ explicitly yet.

Maybe MANRS IXP actions has some recommendations regarding this, checking that now.

Best wishes and happy holidays

Cheers
Dominic


> Am 20.12.2018 um 19:06 schrieb Michael Still <stillwaxin () gmail com>:
>
> IXP LANs should not be announced via BGP (or your IGP either). See section 3.1:
> http://nabcop.org/index.php/BCOP-Exchange_Points_v2 <http://nabcop.org/index.php/BCOP-Exchange_Points_v2>
>
>
>
> On Thu, Dec 20, 2018 at 12:50 PM Dominic Schallert <ds () schallert com <mailto:ds () schallert com>> wrote:
> Hi all,
>
> this might be a stupid question but today I was discussing with a colleague if Peering-LAN prefixes should be 
> re-distributed/announced to direct customers/peers. My standpoint is that in any case, Peering-LAN prefixes should be 
> filtered and not announced to peers/customers because a Peering-LAN represents some sort of DMZ and there is simply 
> no need for them to be reachable by third-parties not being physically connected to an IXP themselves. Also from a 
> security point of view, a lot of new issues might occur in this situation.
>
> I’ve been seeing a few transit providers lately announcing (even reachable) Peering-LAN prefixes (for example DE-CIX 
> Peering LAN) to their customers. I’m wondering if there is any document or RFC particularly describing this matter?
>
> Thanks
> Dominic
>
>
> --
> [stillwaxin () gmail com <mailto:stillwaxin () gmail com> ~]$ cat .signature
> cat: .signature: No such file or directory
> [stillwaxin () gmail com <mailto:stillwaxin () gmail com> ~]$

Attachment: signature.asc
Description: Message signed with OpenPGP