IXP

• Previous message (by thread): IXP
• Next message (by thread): IXP
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 18 Apr 2009, Nick Hilliard wrote:

> - ruthless and utterly fascist enforcement of one mac address per port, 
> using either L2 ACLs or else mac address counting, with no exceptions 
> for any reason, ever.  This is probably the single more important 
> stability / security enforcement mechanism for any IXP.

Well, as long as it simply drops packets and doesn't shut the port or 
some other "fascist" enforcement. We've had AMSIX complain that our Cisco 
12k with E5 linecard was spitting out a few tens of packets per day during 
two months with random source mac addresses. Started suddenly, stopped 
suddenly. It's ok for them to drop the packets, but not shut the port in a 
case like that.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se

• Previous message (by thread): IXP
• Next message (by thread): IXP
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]