On Wed, Jan 16, 2019 at 10:56 Mark Tinka <mark.ti...@seacom.mu> wrote:
> On 3/Jan/19 22:08, Andy Davidson wrote: > > > There are no stupid questions! It is a good idea to not BGP announce > and perhaps also to drop traffic toward peering LAN prefixes at > customer-borders, this was already well discussed in the thread. But there > wasn’t a discussion on how we got to this point. Until the Cloudflare 2013 > BGP speaker attack, that sought to flood Cloudflare’s transfer networks and > exchange connectivity (and with it saturating IXP inter-switch links and > IXP participant ports), it was common for IXP IPv4/6 peering LANs to be > internet reachable and BGP transited. > > That's interesting to learn. > > Running a few exchange points in Africa since 2002, the news was that > the exchange point LAN should not be visible anywhere on the Internet. > It would be interesting to know that this wasn't the case in other parts > of the world. Some IX’s use a globally reachable peering lan prefix as a convenience for their participants as “poor man’s out-of-band”, or can’t designate a separate /24 for the IXP’s website / public services. I can see some use cases, but in today’s internet landscape the practice just increases the attack surface, so it’s not the Best Current Practise. Kind regards, Job
