[ixpmanager] Additional Virtual Interfaces Not Included In Auto-generated RS Configs

Kyle Spencer kyle at stormzero.com
Tue Sep 12 16:34:24 IST 2017


Understood. We'll force them to migrate to a different architecture.

On Tue, Sep 12, 2017 at 6:32 PM, Nick Hilliard <nick at foobar.org> wrote:
> Kyle Spencer wrote:
>> I have a peer using two IP addresses on a single physical interface.
>
> This is deliberately not supported.  Give them two interfaces and lock
> down the number of MAC addresses to one per interface, preferably with a
> static layer 2 ACL. If there are issues relating to getting a
> cross-connect to this organization, this may require you to host one of
> their switches in your rack with local cross-connect into the IXP fabric
> - if they do this, make sure that they've split out the vlans properly
> and that you can only see one MAC address on each port.
>
> Essentially what you're doing here is extending your IXP into someone
> else's network, which is a strategically bad move from a variety of
> different reasons, mostly because it will shoot your network's
> security/stability in the foot.
>
> This may not be the answer that's most convenient for you guys right
> now, but it's something that we would take really seriously and have
> burn wounds to show for it :-|
>
> Nick
> _______________________________________________
> INEX IXP Manager mailing list
> ixpmanager at inex.ie
> https://www.inex.ie/mailman/listinfo/ixpmanager



-- 
Cell/WhatsApp/Signal: +256790884905


More information about the ixpmanager mailing list