Best Current Practices
Um eine maximale Betriebsstabilität für alle VIX-Teilnehmer sicherzustellen, bitten wir Sie, bei der Konfiguration Ihres Routers einige Empfehlungen zu beachten.
Detailinformationen dazu sind derzeit nur in englischer Sprache verfügbar:
Once you set up BGP, always filter your outgoing BGP announcements to other VIX participants. Not doing so will make your VIX connection useless and might even disturb other VIX participants.
router bgp 12345 neighbor VIX peer-group neighbor VIX version 4 neighbor VIX activate neighbor VIX route-map to-VIX out route-map to-VIX permit 10 match as-path 40 set community 1120:1 ip as-path access-list 40 permit ^$ ip as-path access-list 40 permit ^(_23456)+$ ip as-path access-list 40 permit ^(_34567)+$
Do not announce every single IP range in your network. Rather try to aggregate your routes to whole prefixes. This keeps the routing tables of your routes small.
router bgp 12345 network 184.108.40.206 mask 255.254.0.0 network 220.127.116.11 mask 255.255.252.0
BGP announcements from your VIX peers shall also be filtered on your routing device. You can do this manually by checking the announced routes from your neighbors and configuring filters statically. On the other hand, the IRR-Toolset can help you by automatically creating filters for your devices. To keep your configuration small and tidy we recommend to make use of the "maximum-prefix" option in BGP.
! maximum prefix filter for "big" neighbors neighbor 18.104.22.168 maximum-prefix 20000 80 restart 60 ! prefix-list for static filtering of routes neighbor 22.214.171.124 prefix-list pl12345 in ! and the according prefix-list ip prefix-list pl12345 seq 5 permit 126.96.36.199/16 ip prefix-list pl12345 seq 10 permit 188.8.131.52/24
To keep the cross-site traffic and the latency to your peers low we ask you to implement site-specific BGP communities.
It is of no use if your device speaks any other protocols than IPv4 and IPv6 on the VIX interface. So please configure your interface not to broadcast any link-local protocols (as listed in the box) except for ARP and IPv6 ND.
! don't do redirects no ip redirects ! don't do proxy ARP no ip proxy-arp ! don't run CDP on your VIX interface no cdp enable ! no directed broadcasts no ip directed-broadcast ! v6 ND-RA is unnecessary and undesired ipv6 nd suppress-ra ! disable DEC no mop enable ! L2 keepalives are useless on VIX no keepalive
All configuration examples on this page are for Cisco IOS. Other examples are welcome - please send them to noc (at) vix.at.
Unwelcome link-local protocols as addressed in item 5 include, but are not limited to, the following:
- ICMP redirects
- IEEE 802 Spanning Tree
- Vendor proprietary protocols - these include, among others,
- Discovery protocols: CDP, EDP, FDP
- VLAN/trunking protocols: VTP, DTP
- Interior routing protocol broadcasts (e.g. OSPF, ISIS, IGRP, EIGRP)
- ICMPv6 ND-RA
- IP tracking
- Layer2 keepalives