Dear Dominic, On Thu, Dec 20, 2018 at 6:49 PM Dominic Schallert <d...@schallert.com> wrote: > this might be a stupid question but today I was discussing with a colleague > if Peering-LAN prefixes should be re-distributed/announced to direct > customers/peers. My standpoint is that in any case, Peering-LAN prefixes > should be filtered and not announced to peers/customers because a Peering-LAN > represents some sort of DMZ and there is simply no need for them to be > reachable by third-parties not being physically connected to an IXP > themselves. Also from a security point of view, a lot of new issues might > occur in this situation. > > I’ve been seeing a few transit providers lately announcing (even reachable) > Peering-LAN prefixes (for example DE-CIX Peering LAN) to their customers. I’m > wondering if there is any document or RFC particularly describing this matter?
It is NTT's policy to reject Peering LAN prefixes (and any more-specifics) of any IXPs NTT is connected; on both our ingress EBGP and egress EBGP policies. We don't see a need for NTT to attempt to make such peering lan networks reachable for third parties. Such reachability may negatively impact operations, especially when more-specifics of Peering LAN prefixes are distributed through the default-free zone. As a consequence, for IXPs this policy suggests that it is a necessity to host their own infrastructure (IXP website, mail server, etc) outside the peering lan prefix. Kind regards, Job
