best practice for advertising peering fabric routes

• Previous message (by thread): best practice for advertising peering fabric routes
• Next message (by thread): Amazon AWS Engineer
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* patrick at ianai.net (Patrick W. Gilmore) [Wed 15 Jan 2014, 04:36 CET]:
[..]
>NEVER EVER EVER put an IX prefix into BGP, IGP, or even static 
>route. An IXP LAN should not be reachable from any device not 
>directly attached to that LAN. Period.

This is correct, and protects both your (ISP) infrastructure and the 
IXP's.  All major European IXPs revisited their policy after the giant 
DDoS attack on CloudFlare, and the above was pretty much the outcome.


	-- Niels.

-- 
"It's amazing what people will do to get their name on the internet, 
  which is odd, because all you really need is a Blogspot account."
			-- roy edroso, alicublog.blogspot.com

• Previous message (by thread): best practice for advertising peering fabric routes
• Next message (by thread): Amazon AWS Engineer
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]