Best Current Practices

Turn off anything but IP on your interface

Frames forwarded to CIX ports must have one of the following ethertypes:

  • 0x0800 - IPv4
  • 0x0806 - ARP
  • 0x86dd - IPv6.

So please configure your interface not to broadcast any link-local protocols.

Link-local protocols:

IRDP

ICMP redirects

IEEE 802 Spanning Tree

Vendor proprietary protocols. These include, but are not limited to:

Discovery protocols: CDP, EDP, FDP

VLAN/trunking protocols: VTP, DTP

Interior routing protocol broadcasts (e.g. OSPF, ISIS, IGRP, EIGRP)

BOOTP/DHCP

PIM-SM

PIM-DM

DVMRP

ICMPv6 ND-RA

UDLD

Layer2 Keepalives

 

The following link-local protocols are exceptions and are allowed:

ARP

IPv6 ND

 

Cisco example:

! Don't do redirects

no ip redirects

 

! Don't do proxy ARP

no ip proxy-arp

 

! Don't run CDP on your CIX interface

no cdp enable

 

! No directed broadcasts

no ip directed-broadcast

 

! v6 ND-RA is unnecessary and undesired

ipv6 nd suppress-ra

 

! Disable DEC

no mop enable

 

! Copper Ports: no auto-negotiation

! no negotiation auto

! duplex half

duplex full

 

! L2 keepalives are useless on CIX

no keepalive

Aggregate your routes

Do not announce every single IP Range in your network. Rather try to aggregate your routes to whole prefixes. This keeps the routing tables of your routes small.

Cisco example:

router bgp 12345

 network 123.4.0.0 mask 255.254.0.0

 network 234.56.76.0 mask 255.255.252.0

Limit the number of MAC addresses

Only one MAC address is allowed per interface/channel - MAC address from ARP that is associated with the IP address assigned to the CIX member. For this reason, before replacing the router through which BGP peering is performed in CIX, the member must notify CIX by email at cix [at] srce.hr so that we can allow additional MAC addresses on the member's interface/channel.