Best Current Practices

Isključivanje svega osim IP-a na sučelju

Na sučelju prema CIX-u bi od protokola trebalo koristiti samo IPv4 i IPv6. Potrebno je konfigurirati sučelje tako da ne emitira nikakve link-local protokole, a zabranjena je upotreba STP (Spanning Tree Protocol) protokola.

Link-local protokoli su:

IRDP

ICMP redirects

IEEE 802 Spanning Tree

Vendor proprietary protocols. These include, but are not limited to:

Discovery protocols: CDP, EDP, FDP

VLAN/trunking protocols: VTP, DTP

Interior routing protocol broadcasts (e.g. OSPF, ISIS, IGRP, EIGRP)

BOOTP/DHCP

PIM-SM

PIM-DM

DVMRP

ICMPv6 ND-RA

UDLD

Layer2 Keepalives

 

Sljedeći link-local protokoli su iznimke te su dopušteni:

ARP

IPv6 ND

 

Cisco primjer:

! Don't do redirects

no ip redirects

 

! Don't do proxy ARP

no ip proxy-arp

 

! Don't run CDP on your CIX interface

no cdp enable

 

! No directed broadcasts

no ip directed-broadcast

 

! v6 ND-RA is unnecessary and undesired

ipv6 nd suppress-ra

 

! Disable DEC

no mop enable

 

! Copper Ports: no auto-negotiation

! no negotiation auto

! duplex half

duplex full

 

! L2 keepalives are useless on CIX

no keepalive

 

Agregiranje routa

Nije potrebno objavljivati svaki IP raspon mreže pojedinačno. Umjesto toga bolje je agregirati rute prema cijelim prefiksima. To će očuvati ruting tablice sažetijima.

Cisco primjer:

router bgp 12345

 network 123.4.0.0 mask 255.254.0.0

 network 234.56.76.0 mask 255.255.252.0

 

Ograničenje broja MAC adresa

Unutar peering VLAN-a dozvoljena je upotreba  10 MAC (Media Access Control) adresa po sučelju/kanalu.