grizz
commented
6 years ago @peeringdb/pc no votes on this
+1 from me
Closed johannesmoos closed 4 years ago
grizz
commented
6 years ago @peeringdb/pc no votes on this
+1 from me
netravnen
commented
6 years ago +1
Note: I would mark all IXP-NET prefixes as bogons by default. And make it an option to change this. (assuming most IXP's would not want their peering lan prefixes propagated in the DFZ)
arnoldnipper
commented
6 years ago +1 what @netravnen says. By default ixpfx are bogon You have to tivck a box to specify that is in the DMZ by purpose
mcmanuss8
commented
5 years ago +1 and making sure it's set by default
fhibler
commented
5 years ago +1 to mark it and set it to default (with option to opt-out)
arnoldnipper
commented
4 years ago To summarize:
add a field (flag) to ixpfx (GUI: "Not Bogon", API: not_bogon)
default is unticked resp. FALSE
notify IX operators when implementing (@peeringdb/ac)
grizz
commented
4 years ago Not to bikeshed, but I keep getting confused when I read this ticket, seems like it would make more sense to make it "In DFZ" API: in_dfz?
arnoldnipper
commented
4 years ago Happy with have it named like @grizz proposes
koalafil
commented
4 years ago Can we have the Release Notes pls?
arnoldnipper
commented
4 years ago Release Note
Allow IXP to tag their LAN prefixes as bogons. In general, LAN prefixes should not be visible in the DFZ. If it *should be visible, IXPs are able to debogonise them
job
commented
4 years ago Folks - why did we end up implementing this and not recommending people to use the RPKI?
I get that the feature is already coded and pushed out, but this seems to 100% overlap with RPKI functionality, AND is of lower quality (as there is no crypto validation).
Why?
funkestefan
commented
4 years ago Whats the point of having this feature at PeeringDB anyway? I am not aware of a tooling that asks pdb for a prefix and it's status. In best case an ixlan's AS should set "never via route server" (I am aware that there are some rs/ixps having their own AS in the path)
Hi team,
we at DE-CIX (and probably every other IXP as well) filter out our own peer peering LAN prefixes (i.e. peering lan hijacks) at our route servers. I'm interested in doing that for peering LANs of other IXPs as well. However, an IXP might announce its peering LAN intentionally in the DFZ. In this case, the announcement should not be filtered by the route server.
I can obtain a list of peering LANs from PeeringDB, however the information if a prefix is supposed to be in the DFZ or not is missing. Would it make sense to allow IXPs to tag their peering LANs as a bogon (checkbox) so that others know if the prefix is supposed to be globally visible or not?
The idea is not new: It existed in the EURO-IX database, but I think it might be helpful to integrate it in PeeringDB as well because it is used by a wider audience.
Regards Johannes