Dear Dominic, On Thu, Dec 20, 2018 at 6:49 PM Dominic Schallert <ds@schallert.com> wrote:
this might be a stupid question but today I was discussing with a colleague if Peering-LAN prefixes should be re-distributed/announced to direct customers/peers. My standpoint is that in any case, Peering-LAN prefixes should be filtered and not announced to peers/customers because a Peering-LAN represents some sort of DMZ and there is simply no need for them to be reachable by third-parties not being physically connected to an IXP themselves. Also from a security point of view, a lot of new issues might occur in this situation.
I’ve been seeing a few transit providers lately announcing (even reachable) Peering-LAN prefixes (for example DE-CIX Peering LAN) to their customers. I’m wondering if there is any document or RFC particularly describing this matter?
It is NTT's policy to reject Peering LAN prefixes (and any more-specifics) of any IXPs NTT is connected; on both our ingress EBGP and egress EBGP policies. We don't see a need for NTT to attempt to make such peering lan networks reachable for third parties. Such reachability may negatively impact operations, especially when more-specifics of Peering LAN prefixes are distributed through the default-free zone. As a consequence, for IXPs this policy suggests that it is a necessity to host their own infrastructure (IXP website, mail server, etc) outside the peering lan prefix. Kind regards, Job