On 9 September 2015 at 11:13, snash <[email protected]> wrote: > > If I receive some traffic at an IX peering router interface, I might want to > know how I got it. > If it is a stream of bad traffic I might want to ask my upstream peer to help > turn it off. > > How do I find out who did send it to me? > If I capture a sample packet I could see the source MAC address. Now I have > to identify who owns the device with that MAC.
On my peering router I look at the “ARP table”, it's a magical thing that lists layer 2 MAC addresses and the corresponding layer 3 IP address. Whilst not many IX's provide real time lists of member MACs (as members change hardware or ports on hardware, move links between IX edge devices etc) the IPs are usually (always?) manually assigned by the IX so they are fully know to which member they are in use by, at any given time. [1] > Is there any guidance from the IX operators on how to do this? As above, I've not seen an IX that doesn't distribute the IPs manually so by giving them the IP they can tell me straight away (if it isn't listen in the members portal, which at LINX for example, it is!). Another option is looking through peeringDB through the existing MySQL interface or new API in version 2 of the site. > I'm sure phone calls / emails to Ops teams are not cost effective for anyone. If I called an IXP I was present at and asked them to trace a MAC address through the MAC tables of their devices, and they couldn't, we have a much bigger problem than a bit of unwanted traffic. We have clowns running an IXP! > A common programmatic method across IXes would suit my use-case admirably. > > I'd like to hear from anybody who either has a method in an IX, or who would > like a method to exist. I must be missing the point because this doesn't seem like a major issue, or am I spoilt in the UK and the IXPs here are just way better than everywhere else? [2] Cheers, James, [1] Any IX not limiting the number of MAC addresses per port (and doing ARP inspection if possible) is asking for trouble. [2] When I say “way better”, I mean being able to look at MAC tables and find a port that originates a MAC address, would be the minimum requirement to be better than "shit". _______________________________________________ connect-wg mailing list [email protected] https://www.ripe.net/mailman/listinfo/connect-wg
