Dear Job, Michael, Ross, thank you very much for sharing your opinion, the detailed info and references. That’s pretty much what I excpected. Just wondered because I couldn’t find any IXP Conection Agreement stating this „issue“ explicitly yet.
Maybe MANRS IXP actions has some recommendations regarding this, checking that now. Best wishes and happy holidays Cheers Dominic > Am 20.12.2018 um 19:06 schrieb Michael Still <stillwa...@gmail.com>: > > IXP LANs should not be announced via BGP (or your IGP either). See section > 3.1: > http://nabcop.org/index.php/BCOP-Exchange_Points_v2 > <http://nabcop.org/index.php/BCOP-Exchange_Points_v2> > > > > On Thu, Dec 20, 2018 at 12:50 PM Dominic Schallert <d...@schallert.com > <mailto:d...@schallert.com>> wrote: > Hi all, > > this might be a stupid question but today I was discussing with a colleague > if Peering-LAN prefixes should be re-distributed/announced to direct > customers/peers. My standpoint is that in any case, Peering-LAN prefixes > should be filtered and not announced to peers/customers because a Peering-LAN > represents some sort of DMZ and there is simply no need for them to be > reachable by third-parties not being physically connected to an IXP > themselves. Also from a security point of view, a lot of new issues might > occur in this situation. > > I’ve been seeing a few transit providers lately announcing (even reachable) > Peering-LAN prefixes (for example DE-CIX Peering LAN) to their customers. I’m > wondering if there is any document or RFC particularly describing this matter? > > Thanks > Dominic > > > -- > [stillwa...@gmail.com <mailto:stillwa...@gmail.com> ~]$ cat .signature > cat: .signature: No such file or directory > [stillwa...@gmail.com <mailto:stillwa...@gmail.com> ~]$
signature.asc
Description: Message signed with OpenPGP
