SlideShare uma empresa Scribd logo
1 de 6
Baixar para ler offline
Best Common Practices
for members connected to
IXPs
Franck Simon – France IX Services
fsimon@franceix.net
BCP for members
•  You	
  need	
  to	
  have	
  an	
  ASN	
  J	
  
•  Keep	
  in	
  mind	
  that	
  by	
  default	
  you	
  will	
  not	
  get	
  a	
  full	
  
Internet	
  rou;ng	
  table	
  on	
  the	
  IXP	
  you	
  are	
  connected	
  
to	
  (except	
  if	
  the	
  IXP	
  does	
  allow	
  private	
  user	
  groups	
  –	
  
private	
  VLANs	
  –	
  and	
  IP	
  transit	
  on	
  it).	
  	
  
•  You	
  are	
  not	
  allowed	
  to	
  adver;ze	
  neither	
  any	
  default	
  
route	
  (or	
  the	
  default	
  route)	
  neither	
  the	
  full	
  Internet	
  
table	
  :	
  you	
  shall	
  only	
  adver;ze	
  your	
  own	
  customers/
users	
  routes	
  on	
  the	
  IXPs.	
  
2	
  
BCP for members
•  Keep	
  in	
  mind	
  the	
  IXP	
  is	
  a	
  layer-­‐2	
  infrastructure.	
  You	
  
shall	
  not	
  propagate	
  any	
  internal	
  elements	
  from	
  your	
  
own	
  LAN/network	
  to	
  the	
  IXP.	
  
–  On	
  members	
  routers,	
  toward	
  the	
  IXP:	
  
•  no	
  discovery	
  protocols	
  
•  no	
  IGP	
  protocols	
  	
  
•  no	
  spanning	
  tree	
  ac;vated	
  on	
  the	
  port	
  of	
  the	
  equipment	
  
connected	
  to	
  the	
  IXP	
  	
  
•  no	
  proxy	
  ARP	
  
3	
  
BCP for members
•  Don’t	
  send	
  Mul;cast	
  over	
  the	
  Unicast	
  peering	
  VLAN	
  !	
  
•  Show	
  only	
  one	
  MAC	
  address	
  to	
  the	
  IXP	
  (not	
  the	
  various	
  MAC	
  
addresses	
  of	
  your	
  LAN)	
  
•  Apply	
  IN/OUT	
  routes	
  filtering	
  on	
  your	
  connec;on	
  port	
  to	
  the	
  
IXP	
  :	
  
–  IN	
  :	
  deny	
  the	
  default	
  route,	
  and	
  some	
  specific	
  routes	
  
(bogons…)	
  
–  OUT	
  :	
  only	
  send	
  the	
  routes	
  of	
  your	
  own	
  customers	
  and	
  do	
  
not	
  re-­‐adver;ze	
  third	
  party	
  routes	
  
4	
  
•  Do	
  not	
  hesitate	
  to	
  use	
  the	
  BGP	
  routes	
  service	
  provided	
  by	
  the	
  
IXP,	
  and	
  check	
  about	
  the	
  BGP	
  communi;es	
  proposed	
  by	
  the	
  
IXP	
  to	
  bring	
  you	
  with	
  more	
  flexibility.	
  
•  Do	
  not	
  hesitate	
  to	
  secure	
  your	
  BGP	
  sessions	
  (both	
  sessions	
  
with	
  members	
  and	
  routes	
  servers):	
  authen;ca;on	
  passwords	
  
on	
  sessions	
  
•  Use	
  the	
  stats	
  (especially	
  Ne_low/sFlow	
  stats	
  when	
  provided	
  
by	
  the	
  IXP),	
  to	
  enhance	
  your	
  rou;ng	
  policy	
  and	
  iden;fy	
  the	
  
main	
  players	
  you	
  have	
  traffic	
  with.	
  
5	
  
BCP for members
 
	
  
Ques;ons	
  ???	
  
6	
  
BCP for members

Mais conteúdo relacionado

Destaque

Destaque (8)

Mobile World Congress 2017 Recap: The Future of Connectivity
Mobile World Congress 2017 Recap: The Future of ConnectivityMobile World Congress 2017 Recap: The Future of Connectivity
Mobile World Congress 2017 Recap: The Future of Connectivity
 
Apache Spark in Depth: Core Concepts, Architecture & Internals
Apache Spark in Depth: Core Concepts, Architecture & InternalsApache Spark in Depth: Core Concepts, Architecture & Internals
Apache Spark in Depth: Core Concepts, Architecture & Internals
 
Carrier Hotels and Network Neutrality
Carrier Hotels and Network NeutralityCarrier Hotels and Network Neutrality
Carrier Hotels and Network Neutrality
 
Modern Data Architecture
Modern Data ArchitectureModern Data Architecture
Modern Data Architecture
 
Introduction to Apache Spark Developer Training
Introduction to Apache Spark Developer TrainingIntroduction to Apache Spark Developer Training
Introduction to Apache Spark Developer Training
 
Adobe Digital Insights: Mobile Landscape A Moving Target
Adobe Digital Insights: Mobile Landscape A Moving TargetAdobe Digital Insights: Mobile Landscape A Moving Target
Adobe Digital Insights: Mobile Landscape A Moving Target
 
DMI 2017 Mobile Trends
DMI 2017 Mobile TrendsDMI 2017 Mobile Trends
DMI 2017 Mobile Trends
 
Apache Spark Architecture
Apache Spark ArchitectureApache Spark Architecture
Apache Spark Architecture
 

Mais de France IX Services

France-IX - Presentation for the general meeting 2012
France-IX - Presentation for the general meeting 2012France-IX - Presentation for the general meeting 2012
France-IX - Presentation for the general meeting 2012
France IX Services
 
Résilience de l'internet, point de vue de l'opérateur de point d'échange Fran...
Résilience de l'internet, point de vue de l'opérateur de point d'échange Fran...Résilience de l'internet, point de vue de l'opérateur de point d'échange Fran...
Résilience de l'internet, point de vue de l'opérateur de point d'échange Fran...
France IX Services
 

Mais de France IX Services (17)

Africa Internet Summit 2013 - France-IX - challenges of setting up a new IXP ...
Africa Internet Summit 2013 - France-IX - challenges of setting up a new IXP ...Africa Internet Summit 2013 - France-IX - challenges of setting up a new IXP ...
Africa Internet Summit 2013 - France-IX - challenges of setting up a new IXP ...
 
TouIX
TouIXTouIX
TouIX
 
Top-IX
Top-IX Top-IX
Top-IX
 
Hurricane Electric - Ipv6 implementation in Europe
Hurricane Electric - Ipv6 implementation in EuropeHurricane Electric - Ipv6 implementation in Europe
Hurricane Electric - Ipv6 implementation in Europe
 
France-IX - Presentation for the general meeting 2012
France-IX - Presentation for the general meeting 2012France-IX - Presentation for the general meeting 2012
France-IX - Presentation for the general meeting 2012
 
Extreme networks - Multi-Pathing L2 & SDN
Extreme networks - Multi-Pathing L2 & SDNExtreme networks - Multi-Pathing L2 & SDN
Extreme networks - Multi-Pathing L2 & SDN
 
Case Study France-IX InterCloud
Case Study France-IX InterCloudCase Study France-IX InterCloud
Case Study France-IX InterCloud
 
Résilience de l'internet, point de vue de l'opérateur de point d'échange Fran...
Résilience de l'internet, point de vue de l'opérateur de point d'échange Fran...Résilience de l'internet, point de vue de l'opérateur de point d'échange Fran...
Résilience de l'internet, point de vue de l'opérateur de point d'échange Fran...
 
White Paper on Peering in France
White Paper on Peering in FranceWhite Paper on Peering in France
White Paper on Peering in France
 
Le livre Blanc du Peering en France
Le livre Blanc du Peering en FranceLe livre Blanc du Peering en France
Le livre Blanc du Peering en France
 
Barracuda - AG France IX - Juin-2011
Barracuda - AG France IX - Juin-2011Barracuda - AG France IX - Juin-2011
Barracuda - AG France IX - Juin-2011
 
France IX - AG Septembre 2011
France IX - AG Septembre 2011France IX - AG Septembre 2011
France IX - AG Septembre 2011
 
Integra - AG France IX - 30 Septembre 2011
Integra - AG France IX - 30 Septembre 2011Integra - AG France IX - 30 Septembre 2011
Integra - AG France IX - 30 Septembre 2011
 
LU-CIX - AG France IX - 30 Septembre 2011
LU-CIX - AG France IX - 30 Septembre 2011LU-CIX - AG France IX - 30 Septembre 2011
LU-CIX - AG France IX - 30 Septembre 2011
 
Cube optics - AG France IX - 30 Septembre 2011
Cube optics - AG France IX - 30 Septembre 2011Cube optics - AG France IX - 30 Septembre 2011
Cube optics - AG France IX - 30 Septembre 2011
 
France IX - FRnOG 18
France IX - FRnOG 18France IX - FRnOG 18
France IX - FRnOG 18
 
France IX - Presentation
France IX - PresentationFrance IX - Presentation
France IX - Presentation
 

Último

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Último (20)

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

IXP Best Common Practices - for the members of the IXP

  • 1. Best Common Practices for members connected to IXPs Franck Simon – France IX Services fsimon@franceix.net
  • 2. BCP for members •  You  need  to  have  an  ASN  J   •  Keep  in  mind  that  by  default  you  will  not  get  a  full   Internet  rou;ng  table  on  the  IXP  you  are  connected   to  (except  if  the  IXP  does  allow  private  user  groups  –   private  VLANs  –  and  IP  transit  on  it).     •  You  are  not  allowed  to  adver;ze  neither  any  default   route  (or  the  default  route)  neither  the  full  Internet   table  :  you  shall  only  adver;ze  your  own  customers/ users  routes  on  the  IXPs.   2  
  • 3. BCP for members •  Keep  in  mind  the  IXP  is  a  layer-­‐2  infrastructure.  You   shall  not  propagate  any  internal  elements  from  your   own  LAN/network  to  the  IXP.   –  On  members  routers,  toward  the  IXP:   •  no  discovery  protocols   •  no  IGP  protocols     •  no  spanning  tree  ac;vated  on  the  port  of  the  equipment   connected  to  the  IXP     •  no  proxy  ARP   3  
  • 4. BCP for members •  Don’t  send  Mul;cast  over  the  Unicast  peering  VLAN  !   •  Show  only  one  MAC  address  to  the  IXP  (not  the  various  MAC   addresses  of  your  LAN)   •  Apply  IN/OUT  routes  filtering  on  your  connec;on  port  to  the   IXP  :   –  IN  :  deny  the  default  route,  and  some  specific  routes   (bogons…)   –  OUT  :  only  send  the  routes  of  your  own  customers  and  do   not  re-­‐adver;ze  third  party  routes   4  
  • 5. •  Do  not  hesitate  to  use  the  BGP  routes  service  provided  by  the   IXP,  and  check  about  the  BGP  communi;es  proposed  by  the   IXP  to  bring  you  with  more  flexibility.   •  Do  not  hesitate  to  secure  your  BGP  sessions  (both  sessions   with  members  and  routes  servers):  authen;ca;on  passwords   on  sessions   •  Use  the  stats  (especially  Ne_low/sFlow  stats  when  provided   by  the  IXP),  to  enhance  your  rou;ng  policy  and  iden;fy  the   main  players  you  have  traffic  with.   5   BCP for members
  • 6.     Ques;ons  ???   6   BCP for members