[168208] in North American Network Operators' Group
Re: best practice for advertising peering fabric routes
daemon@ATHENA.MIT.EDU (Niels Bakker)
Wed Jan 15 12:57:04 2014
Date: Wed, 15 Jan 2014 18:56:27 +0100
From: Niels Bakker <niels=nanog@bakker.net>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <5365528F-94F6-4782-99E8-E8C85810F4E6@ianai.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
* patrick@ianai.net (Patrick W. Gilmore) [Wed 15 Jan 2014, 04:36 CET]:
[..]
>NEVER EVER EVER put an IX prefix into BGP, IGP, or even static
>route. An IXP LAN should not be reachable from any device not
>directly attached to that LAN. Period.
This is correct, and protects both your (ISP) infrastructure and the
IXP's. All major European IXPs revisited their policy after the giant
DDoS attack on CloudFlare, and the above was pretty much the outcome.
-- Niels.
--
"It's amazing what people will do to get their name on the internet,
which is odd, because all you really need is a Blogspot account."
-- roy edroso, alicublog.blogspot.com
