Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
In order to help maintain hygiene across the peering fabric, all peering participant ports are subjected to a standard layer-2 filtering policy to limit frames that are considered unwanted at the peering fabric. Below is a list of frames that are filtered (dropped) by default. This list is revised as necessary.
Code Block | ||
---|---|---|
| ||
ethernet-destination-address 01:80:c2:00:00:00 ; ethernet-destination-address 01:00:0c:cc:cc:cc ; snap-type 0x2000 ; ethernet-destination-address 01:00:0c:cc:cc:cc ; snap-type 0x2003 ; ethernet-destination-address 01:00:0c:cc:cc:cd ; ethernet-destination-address 01:00:0c:cc:cc:cc ; snap-type 0x2004 ; ethernet-destination-address 01:00:0c:cc:cc:cc ; snap-type 0x0111 ; ethernet-destination-address 01:00:0c:cc:cc:cc ; snap-type 0x0104 ; ethernet-destination-address 00:e0:2b:00:00:00 ; snap-type 0x00bb ; ethernet-destination-address 01:80:c2:00:00:0e ; ethernet-type 0x88cc ethernet-destination-address 01:80:c2:00:88:bf ; ethernet-type 0x88bf ethernet-type 0x9998 ethernet-type 0x999a |
In general peers are expected to send only IPv4 (0x0800 ), IPv6 (0x86dd ) and ARP (0x0806) ethertypes. Other frames types will be dropped without notice.
Tip |
---|
Do not send Proxy ARP or link-local Traffic. only send unicast, ARP and IPv6 ND. |
Mac
Securityaddress security
To keep security at the highest level we implement Layer 2 MAC filtering on the INX-ZA peering fabric. This is to help prevent unauthorised traffic from entering the exchange. Each peering port/bundle is restricted to a single MAC address and is staticlly statically locked down. Additionally, MAC address learning is disabled on each port, meaning it we will not learn a new MAC address if the old one times outbecomes unavailable.
If you require the MAC on your port to change please email ops @ inx.net.za to schedule the time the change will take place and our team will be on standby to perform the change.