Allowed Traffic Types on Unicast Peering LANs

Important: The IIX NOC reserves the right to disable ports that violate the rules below.

To ensure smooth operation of the IIX infrastructure we impose a set of restrictions on what kind of traffic is allowed on the peering fabric. This page gives a summary of those restrictions. For more info, including hints on how to configure equipment, please see the IIX Configuration Guide.

1. Physical Connection

Interface settings

1Gbase and 10Gbase Ethernet interfaces attached to IIX ports must be explicitly configured with speed, duplex other configuration settings, i.e. they should not be auto-sensing.

2. MAC Layer

2.1 Ethernet framing

The IIX infrastructure is based on the Ethernet II (or “DIX Ethernet”) standard. This means that LLC/SNAP encapsulation (802.2) is not permitted. For more information on the differences, see the Ethernet FAQ, question 4.1.2.2 Ethernet types

Frames forwarded to Some Exchange ports must have one of the following ethertypes:

  • 0x0800 – IPv4
  • 0x0806 – ARP
  • 0x86dd – IPv6

2.3 One MAC address per connection

Frames forwarded to an individual IIX port shall all have the same source MAC address.

2.4 No proxy ARP

Use of proxy ARP on the router’s interface to the Exchange is not allowed.

2.5 Unicast only

Frames forwarded to IIX ports shall not be addressed to a multicast or broadcast MAC destination address except as follows:

  • broadcast ARP packets
  • multicast ICMPv6 Neighbour Discovery packets. Please note that this does not include Router Solicitation or Advertisement packets.

2.6 No link-local traffic

Traffic related to link-local protocols shall not be forwarded to IX ports. Link-local protocols include, but are not limited to, the following list:

  • IRDP
  • ICMP redirects
  • IEEE 802 Spanning Tree
  • Vendor proprietary protocols. These include, but are not limited to:
    • Discovery protocols: CDP, EDP, LLDP etc.
    • VLAN/trunking protocols: VTP, DTP
    • Interior routing protocol broadcasts (e.g. OSPF, ISIS, IGRP, EIGRP)
    • BOOTP/DHCP
    • PIM-SM
    • PIM-DM
    • DVMRP
    • ICMPv6 ND-RA
    • UDLD
    • L2 Keepalives

The following link-local protocols are exceptions and are allowed:

  • ARP
  • IPv6 ND

3. IP Layer

3.1 No directed broadcast

IP packets addressed to IIX peering LAN’s directed broadcast address shall not be automatically forwarded to IIX ports.
3.2 no-export of IIX peering LAN

IP address space assigned to IIX Peering LANs must not be advertised to other networks without explicit permission of IIX.

4. Application layer (TCP/IP model)

Using Application layer protocols to unleash malicious actions against other IIX customers over IIX infrastructure, is forbidden. IIX reserves the right to disable a customer’s port in case of complaints of attacks/abuse originating from such customers. The following list includes, but is not limited to:

  • BGP hijacking
  • DNS amplification/flood
  • HTTP flood
  • NTP amplification
  • UDP flood
  • ICMP flood
  • Simple Service Discovery Protocol (SSDP)