[169501] in North American Network Operators' Group
Re: Filter on IXP
daemon@ATHENA.MIT.EDU (Jay Ashworth)
Fri Feb 28 11:01:56 2014
Date: Fri, 28 Feb 2014 11:00:51 -0500 (EST)
From: Jay Ashworth <jra@baylink.com>
To: NANOG <nanog@nanog.org>
In-Reply-To: <5310AE83.7010300@ceriz.fr>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
----- Original Message -----
> From: "J=C3=A9r=C3=B4me Nicolle" <jerome@ceriz.fr>
> Le 23/02/2014 01:43, Chris Laffin a =C3=A9crit :
> > It would be really cool if peering exchanges could police ntp on
> > their connected members.
>=20
> Well, THIS looks like the worst idea ever. Wasting ASIC ressources on
> IXP's dataplanes is a wet-dream for anyone willing to kill the network.
> IXP's neutrality is a key factor to maintain reasonable interconnexion
> density.
>=20
> Instead, IXPs _could_ enforce BCP38 too. Mapping the route-server's
> received routes to ingress _and_ egress ACLs on IXP ports would mitigate
> the role of BCP38 offenders within member ports. It's almost like uRPF
> in an intelligent and useable form.
Interesting. Are you doing this? Planning it? Or at least researching
how well it would work?
> A noticeable side-effect is that members would be encouraged to announce
> their entire customer-cones to ensure egress trafic from a non-exchanged
> prefix would not be dropped on the IX's port.
Don't they do this already?
If you get something practical implemented on this topic, we'd be more
than pleased to see it show up on bcp38.info; exchange points are the
one major construct I hadn't included there, cause I didn't think it was
actually practical to do it there. But then, I don't run one.
Cheers,
-- jra
--=20
Jay R. Ashworth Baylink jra@baylink.=
com
Designer The Things I Think RFC 2=
100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover =
DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1=
274
