Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
In order to help maintain hygiene across the peering fabric, all peering participant ports are subjected to a standard layer-2 filtering policy to limit frames that are considered unwanted at the peering fabric. Below is a list of frames that are filtered (dropped) by default. This list is revised as necessary.
| Code Block | ||
|---|---|---|
| ||
ethernet-destination-address 01:80:c2:00:00:00 ; ethernet-destination-address 01:00:0c:cc:cc:cc ; snap-type 0x2000 ; ethernet-destination-address 01:00:0c:cc:cc:cc ; snap-type 0x2003 ; ethernet-destination-address 01:00:0c:cc:cc:cd ; ethernet-destination-address 01:00:0c:cc:cc:cc ; snap-type 0x2004 ; ethernet-destination-address 01:00:0c:cc:cc:cc ; snap-type 0x0111 ; ethernet-destination-address 01:00:0c:cc:cc:cc ; snap-type 0x0104 ; ethernet-destination-address 00:e0:2b:00:00:00 ; snap-type 0x00bb ; ethernet-destination-address 01:80:c2:00:00:0e ; ethernet-type 0x88cc ethernet-destination-address 01:80:c2:00:88:bf ; ethernet-type 0x88bf ethernet-type 0x9998 ethernet-type 0x999a |
In general peers are expected to send only IPv4 (0x0800 ), IPv6 (0x86dd ) and ARP (0x0806) ethertypes. Other frames types will be dropped.
Do not send Proxy ARP or link-local Traffic. only send unicast, ARP and IPv6 ND.
Mac Security
To keep security at the highest level we implement Layer 2 MAC filtering on the INX-ZA peering fabric. This is to help prevent unauthorised traffic from entering the exchange. Each peering port/bundle is restricted to a single MAC address and is staticlly locked down, meaning it will not learn a new MAC if the old one times out.
If you require the MAC on your port to change please email ops@inx.net.za to schedule the time the change will take place and our team will be on standby