nanog mailing list archives
Re: Announcing Peering-LAN prefixes to customers
From: Job Snijders <job () instituut net>
Date: Wed, 16 Jan 2019 11:06:06 +0300
On Wed, Jan 16, 2019 at 10:56 Mark Tinka <mark.tinka () seacom mu> wrote:
On 3/Jan/19 22:08, Andy Davidson wrote:There are no stupid questions! It is a good idea to not BGP announceand perhaps also to drop traffic toward peering LAN prefixes at customer-borders, this was already well discussed in the thread. But there wasn’t a discussion on how we got to this point. Until the Cloudflare 2013 BGP speaker attack, that sought to flood Cloudflare’s transfer networks and exchange connectivity (and with it saturating IXP inter-switch links and IXP participant ports), it was common for IXP IPv4/6 peering LANs to be internet reachable and BGP transited. That's interesting to learn. Running a few exchange points in Africa since 2002, the news was that the exchange point LAN should not be visible anywhere on the Internet. It would be interesting to know that this wasn't the case in other parts of the world.
Some IX’s use a globally reachable peering lan prefix as a convenience for their participants as “poor man’s out-of-band”, or can’t designate a separate /24 for the IXP’s website / public services. I can see some use cases, but in today’s internet landscape the practice just increases the attack surface, so it’s not the Best Current Practise. Kind regards, Job
Current thread:
- Re: Announcing Peering-LAN prefixes to customers Andy Davidson (Jan 03)
- Re: Announcing Peering-LAN prefixes to customers Mark Tinka (Jan 15)
- Re: Announcing Peering-LAN prefixes to customers Job Snijders (Jan 16)
- Re: Announcing Peering-LAN prefixes to customers Mark Tinka (Jan 16)
- Re: Announcing Peering-LAN prefixes to customers Christoffer Hansen (Jan 16)
- Re: Announcing Peering-LAN prefixes to customers Job Snijders (Jan 16)
- Re: Announcing Peering-LAN prefixes to customers Siyuan Miao (Jan 16)
- Re: Announcing Peering-LAN prefixes to customers Mark Tinka (Jan 16)
- Re: Announcing Peering-LAN prefixes to customers Job Snijders (Jan 16)
- Re: Announcing Peering-LAN prefixes to customers Amreesh Phokeer (Jan 16)
- Re: Announcing Peering-LAN prefixes to customers Matthias Waehlisch (Jan 16)
- Re: Announcing Peering-LAN prefixes to customers Job Snijders (Jan 16)
- Re: Announcing Peering-LAN prefixes to customers Mark Tinka (Jan 15)
- Re: Announcing Peering-LAN prefixes to customers Randy Bush (Jan 16)
- Re: Announcing Peering-LAN prefixes to customers Job Snijders (Jan 16)