Announcing Peering-LAN prefixes to customers

• Previous message (by thread): Announcing Peering-LAN prefixes to customers
• Next message (by thread): Announcing Peering-LAN prefixes to customers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear Dominic,

On Thu, Dec 20, 2018 at 6:49 PM Dominic Schallert <ds at schallert.com> wrote:
> this might be a stupid question but today I was discussing with a colleague if Peering-LAN prefixes should be re-distributed/announced to direct customers/peers. My standpoint is that in any case, Peering-LAN prefixes should be filtered and not announced to peers/customers because a Peering-LAN represents some sort of DMZ and there is simply no need for them to be reachable by third-parties not being physically connected to an IXP themselves. Also from a security point of view, a lot of new issues might occur in this situation.
>
> I’ve been seeing a few transit providers lately announcing (even reachable) Peering-LAN prefixes (for example DE-CIX Peering LAN) to their customers. I’m wondering if there is any document or RFC particularly describing this matter?

It is NTT's policy to reject Peering LAN prefixes (and any
more-specifics) of any IXPs NTT is connected; on both our ingress EBGP
and egress EBGP policies.

We don't see a need for NTT to attempt to make such peering lan
networks reachable for third parties. Such reachability may negatively
impact operations, especially when more-specifics of Peering LAN
prefixes are distributed through the default-free zone.

As a consequence, for IXPs this policy suggests that it is a necessity
to host their own infrastructure (IXP website, mail server, etc)
outside the peering lan prefix.

Kind regards,

Job

• Previous message (by thread): Announcing Peering-LAN prefixes to customers
• Next message (by thread): Announcing Peering-LAN prefixes to customers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]