IXP Best Common Practices - for the members of the IXP

•

2 j'aime•499 vues

Last week of February 2015, Franck Simon, managing director at the internet exchange point called France-IX, delivered three presentations about the Best Common Practices for IXPs. This third and last presentation goes into the details of the practices to be used by the members of the internet exchanges.

Technologie

Best Common Practices
for members connected to
IXPs
Franck Simon – France IX Services
fsimon@franceix.net

BCP for members
•  You
need
to
have
an
ASN
J

•  Keep
in
mind
that
by
default
you
will
not
get
a
full

Internet
rou;ng
table
on
the
IXP
you
are
connected

to
(except
if
the
IXP
does
allow
private
user
groups
–

private
VLANs
–
and
IP
transit
on
it).

•  You
are
not
allowed
to
adver;ze
neither
any
default

route
(or
the
default
route)
neither
the
full
Internet

table
:
you
shall
only
adver;ze
your
own
customers/
users
routes
on
the
IXPs.

2

BCP for members
•  Keep
in
mind
the
IXP
is
a
layer-‐2
infrastructure.
You

shall
not
propagate
any
internal
elements
from
your

own
LAN/network
to
the
IXP.

–  On
members
routers,
toward
the
IXP:

•  no
discovery
protocols

•  no
IGP
protocols

•  no
spanning
tree
ac;vated
on
the
port
of
the
equipment

connected
to
the
IXP

•  no
proxy
ARP

3

BCP for members
•  Don’t
send
Mul;cast
over
the
Unicast
peering
VLAN
!

•  Show
only
one
MAC
address
to
the
IXP
(not
the
various
MAC

addresses
of
your
LAN)

•  Apply
IN/OUT
routes
ﬁltering
on
your
connec;on
port
to
the

IXP
:

–  IN
:
deny
the
default
route,
and
some
speciﬁc
routes

(bogons…)

–  OUT
:
only
send
the
routes
of
your
own
customers
and
do

not
re-‐adver;ze
third
party
routes

4

•  Do
not
hesitate
to
use
the
BGP
routes
service
provided
by
the

IXP,
and
check
about
the
BGP
communi;es
proposed
by
the

IXP
to
bring
you
with
more
ﬂexibility.

•  Do
not
hesitate
to
secure
your
BGP
sessions
(both
sessions

with
members
and
routes
servers):
authen;ca;on
passwords

on
sessions

•  Use
the
stats
(especially
Ne_low/sFlow
stats
when
provided

by
the
IXP),
to
enhance
your
rou;ng
policy
and
iden;fy
the

main
players
you
have
traﬃc
with.

5

BCP for members

Contenu connexe

En vedette

Mobile World Congress 2017 Recap: The Future of ConnectivityIan Beacraft

Apache Spark in Depth: Core Concepts, Architecture & InternalsAnton Kirillov

Carrier Hotels and Network NeutralityJohn R Savageau

Modern Data ArchitectureAlexey Grishchenko

Introduction to Apache Spark Developer TrainingCloudera, Inc.

Adobe Digital Insights: Mobile Landscape A Moving TargetAdobe

DMI 2017 Mobile TrendsDMI

Apache Spark ArchitectureAlexey Grishchenko

En vedette (8)

Mobile World Congress 2017 Recap: The Future of Connectivity

Apache Spark in Depth: Core Concepts, Architecture & Internals

Carrier Hotels and Network Neutrality

Modern Data Architecture

Introduction to Apache Spark Developer Training

Adobe Digital Insights: Mobile Landscape A Moving Target

DMI 2017 Mobile Trends

Apache Spark Architecture

Plus de France IX Services

Africa Internet Summit 2013 - France-IX - challenges of setting up a new IXP ...France IX Services

TouIXFrance IX Services

Top-IX France IX Services

Hurricane Electric - Ipv6 implementation in EuropeFrance IX Services

France-IX - Presentation for the general meeting 2012France IX Services

Extreme networks - Multi-Pathing L2 & SDNFrance IX Services

Case Study France-IX InterCloudFrance IX Services

Résilience de l'internet, point de vue de l'opérateur de point d'échange Fran...France IX Services

White Paper on Peering in FranceFrance IX Services

Le livre Blanc du Peering en FranceFrance IX Services

Barracuda - AG France IX - Juin-2011France IX Services

France IX - AG Septembre 2011France IX Services

Integra - AG France IX - 30 Septembre 2011France IX Services

LU-CIX - AG France IX - 30 Septembre 2011France IX Services

Cube optics - AG France IX - 30 Septembre 2011France IX Services

France IX - FRnOG 18France IX Services

France IX - PresentationFrance IX Services

Plus de France IX Services (17)

Africa Internet Summit 2013 - France-IX - challenges of setting up a new IXP ...

TouIX

Top-IX

Hurricane Electric - Ipv6 implementation in Europe

France-IX - Presentation for the general meeting 2012

Extreme networks - Multi-Pathing L2 & SDN

Case Study France-IX InterCloud

Résilience de l'internet, point de vue de l'opérateur de point d'échange Fran...

White Paper on Peering in France

Le livre Blanc du Peering en France

Barracuda - AG France IX - Juin-2011

France IX - AG Septembre 2011

Integra - AG France IX - 30 Septembre 2011

LU-CIX - AG France IX - 30 Septembre 2011

Cube optics - AG France IX - 30 Septembre 2011

France IX - FRnOG 18

France IX - Presentation

Dernier

TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey

From Family Reminiscence to Scholarly Archive .Alan Dix

2024 April Patch TuesdayIvanti

[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3

Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González

The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney

Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen

What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina

Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes

Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan

Time Series Foundation Models - current state and future directionsNathaniel Shimoni

Manual 508 Accessibility Compliance AuditSkynet Technologies

Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery

Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3

Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein

The State of Passkeys with FIDO Alliance.pptxLoriGlavin3

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes

A Framework for Development in the AI AgeCprime

Dernier (20)

TeamStation AI System Report LATAM IT Salaries 2024

From Family Reminiscence to Scholarly Archive .

2024 April Patch Tuesday

[Webinar] SpiraTest - Setting New Standards in Quality Assurance

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx

Generative Artificial Intelligence: How generative AI works.pdf

The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...

Testing tools and AI - ideas what to try with some tool examples

What is DBT - The Ultimate Data Build Tool.pdf

Assure Ecommerce and Retail Operations Uptime with ThousandEyes

Generative AI for Technical Writer or Information Developers

Time Series Foundation Models - current state and future directions

Manual 508 Accessibility Compliance Audit

Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...

Potential of AI (Generative AI) in Business: Learnings and Insights

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx

Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24

The State of Passkeys with FIDO Alliance.pptx

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes

A Framework for Development in the AI Age

IXP Best Common Practices - for the members of the IXP

1. Best Common Practices for members connected to IXPs Franck Simon – France IX Services fsimon@franceix.net

2. BCP for members •  You need to have an ASN J •  Keep in mind that by default you will not get a full Internet rou;ng table on the IXP you are connected to (except if the IXP does allow private user groups – private VLANs – and IP transit on it). •  You are not allowed to adver;ze neither any default route (or the default route) neither the full Internet table : you shall only adver;ze your own customers/ users routes on the IXPs. 2

3. BCP for members •  Keep in mind the IXP is a layer-‐2 infrastructure. You shall not propagate any internal elements from your own LAN/network to the IXP. –  On members routers, toward the IXP: •  no discovery protocols •  no IGP protocols •  no spanning tree ac;vated on the port of the equipment connected to the IXP •  no proxy ARP 3

4. BCP for members •  Don’t send Mul;cast over the Unicast peering VLAN ! •  Show only one MAC address to the IXP (not the various MAC addresses of your LAN) •  Apply IN/OUT routes ﬁltering on your connec;on port to the IXP : –  IN : deny the default route, and some speciﬁc routes (bogons…) –  OUT : only send the routes of your own customers and do not re-‐adver;ze third party routes 4

5. •  Do not hesitate to use the BGP routes service provided by the IXP, and check about the BGP communi;es proposed by the IXP to bring you with more ﬂexibility. •  Do not hesitate to secure your BGP sessions (both sessions with members and routes servers): authen;ca;on passwords on sessions •  Use the stats (especially Ne_low/sFlow stats when provided by the IXP), to enhance your rou;ng policy and iden;fy the main players you have traﬃc with. 5 BCP for members

6. Ques;ons ??? 6 BCP for members

IXP Best Common Practices - for the members of the IXP

Recommandé

Recommandé

Contenu connexe

En vedette

En vedette (8)

Plus de France IX Services

Plus de France IX Services (17)

Dernier

Dernier (20)

IXP Best Common Practices - for the members of the IXP