LISTSERV 16.0 - MICE-DISCUSS Archives

On Dec 22, 2011, at 9:17 PM, Andrew Hoyos wrote:
> 
> That's why you get those 'administrative packets' to not happen in the
> first place.
> No offense, but I don't want to see your cdp/lldp, ospf, stp, keepalives,
> etc. coming across the IX.

While, at the time I found it annoying, I am glad that another IX put my router into a quarantine vlan before allowing access for the first time.  I discovered that on a new router with new IOS that I was running (Advanced Enterprise), DEC MOP was enabled by default on the port.  Just like the protocols listed above, it was not something that should be seen on an IX.  MOP is something I thought died many years ago, but obviously not.  I am glad that the protections that IX enforced helped me to eliminate my unwanted frames.

This was from a professionally run IX.  I don't expect for our community run IX to have the resources to troubleshoot and quarantine new participants.  I wanted to express the point that we may not all realize the extraneous stuff our routers may be doing.  New participants may, however, find it useful to grab a capture of the traffic they are emitting and evaluate if it is proper or necessary before connecting to the IX port.

> On an IX, realistically, we should only be seeing one router/mac address
> per port, and only IP traffic from said router.
> 
> AMSIX has a good guide on how to make your devices be quiet for most
> platforms, here:
> 
> 	http://www.ams-ix.net/config-guide/
> 
> Now, I could see making exceptions for devices which don't seem to have a
> way to be quiet, but in 99% of the cases here, a few lines of config can
> avoid this problem.

I second the recommendation to use this config guide and for each port to have a single router/MAC attached.  There should be no reason for a second MAC to be seen on any port except those that are connecting sanctioned remote switches.  

Whatever the consensus is on allowed traffic, MAC usage, etc. - the policy should be available to participants and posted to the webpage.


Andy Koch
TDS Telecom - IP Network Operations
[log in to unmask]
Desk: 608-664-4694
 

########################################################################

To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1