[102639] in North American Network Operators' Group
Re: IX port security
daemon@ATHENA.MIT.EDU (sthaug@nethelp.no)
Sat Feb 23 06:56:24 2008
Date: Sat, 23 Feb 2008 12:48:27 +0100 (CET)
To: nanog@grrrrreg.net
Cc: nanog@nanog.org
From: sthaug@nethelp.no
In-Reply-To: <D25BFB61-94F9-4D70-B140-4E05FE2B6F5E@grrrrreg.net>
Errors-To: owner-nanog@merit.edu
> Here are my questions:
> - re 1/, any clue about the PPS or %bandwidth values to be configured
> to limit broadcast/unknown unicast ?
> - re 3/ should a certain number of allowed mac-addresses be configured
> to the port (1 or 2) ? or should the customer's port mac be explicitly
> configured on the port ?
> - more importantly, is there any other standard precaution that I'm
> missing and that should be considered ?
You might want to have a look at the DE-CIX technical requirements,
http://www.de-cix.net/info/DE-CIX_technical_requirements.pdf
Even though I disagree with a few of the points (e.g. turning off autoneg
for GigE), on the whole I think the requirements make a lot of sense.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
