home | Technology & Services | Best Current Practices
last change: August 04, 2019

Best Current Practices

Filter your BGP announcements
Once you set up BGP, always filter your outgoing BGP announcements to other VIX members. Not doing so will make your VIX Connection useless and might even disturb other VIX members.

Cisco example:
router bgp 12345
 neighbor VIX peer-group
 neighbor VIX version 4
 neighbor VIX activate
 neighbor VIX route-map to-VIX out

route-map to-VIX permit 10
 match as-path 40
 set community 1120:1

ip as-path access-list 40 permit ^$
ip as-path access-list 40 permit ^(_23456)+$
ip as-path access-list 40 permit ^(_34567)+$

Aggregate your routes
Do not announce every single IP Range in your network. Rather try to aggregate your routes to whole prefixes. This keeps the routing tables of your routes small.

Cisco example:
router bgp 12345
 network mask
 network mask

Filter your incoming BGP announcements
Also the BGP announcements from your peers at the VIX shall be filtered on your routing device. You can do this manually by checking the announced routes from your neighbors and statically configuring filters. On the other hand the IRR-Toolset can help you by automatically building filters for your devices. To keep your configuration small and tidy we recommend to make use of the maximum-prefix option in BGP.

Cisco example:
 ! maximum prefix filter for "big" neighbors
 neighbor maximum-prefix 20000 80 restart 60
 ! prefix-list for static filtering of routes
 neighbor prefix-list pl12345 in
 ! and the according prefix-list
 ip prefix-list pl12345 seq 5 permit
 ip prefix-list pl12345 seq 10 permit

Implement the Site Specific Communities
To keep the cross site traffic small and the latency to your peers low we ask you to implement the site specific communities.

Turn off anything but IP on your interface
It is of no use if your device speaks any other protocols than IPv4 and IPv6 (and ARP for that matter) on the VIX interface. So please configure your interface not to broadcast any link-local protocols.
Link-local protocols include, but are not limited to, the following list:

  • IRDP
  • ICMP redirects
  • IEEE 802 Spanning Tree
  • Vendor proprietary protocols. These include, but are not limited to:

    • Discovery protocols: CDP, EDP, FDP
    • VLAN/trunking protocols: VTP, DTP

  • Interior routing protocol broadcasts (e.g. OSPF, ISIS, IGRP, EIGRP)
  • PIM-SM
  • PIM-DM
  • ICMPv6 ND-RA
  • UDLD
  • IP tracking

Layer2 Keepalives

The following link-local protocols are exceptions and are allowed:

  • ARP
  • IPv6 ND

Cisco example:

! Don't do redirects
no ip redirects

! Don't do proxy ARP
no ip proxy-arp

! Don't run CDP on your VIX interface
no cdp enable

! No directed broadcasts
no ip directed-broadcast

! v6 ND-RA is unnecessary and undesired
ipv6 nd suppress-ra

! Disable DEC
no mop enable

! Copper Ports: no auto-negotiation
! no negotiation auto
! duplex half
duplex full

! L2 keepalives are useless on VIX
no keepalive