[af-ix-discuss] Your help please

[geier at geier.ne.tz (Frank Habicht)]

Hi,

On 5/30/2018 7:25 PM, Benny.MBOKO at arpce.cg wrote:
> Hello Dear All,
> 
> We want to add different sevices (root server, reverse DNS, Looking
> glass, etc.) to our IXP.
> 
> Can we use the/24 peering for these services? If so, why? If not, why?

You should keep the /24 (all of it) for peering. It should not be
advertised to anywhere. Then hackers can't access it (as Woody
mentioned), and also bad guys flooding (DDOS) your peering connections
is avoided.

> In addition to IP resources (IPv4, IPv6, and ASN) for peering, should
> all IXP also have other IP resources (IPv4, IPv6, and ASN) for management?

Yes! (all three of these resources)
And this set of resources will currently not attract any AfriNIC fees.
Everything you need accessible should be at these IPs. As others
mentioned your website, statistics, email, RIPE Atlas probe, and also
remote management access for the DNS root server operators can be
through this - they need to update and monitor.

> This management network is cut out for the management and services of
> the IXP. Is that the way it is? A few comments please.

Have separate IP blocks for the peering LAN and for the management
network. The peering LAN should not be seen by many. The management
should be globally reachable, so people can look at your looking glass.


Regards,
Frank

> Thanks
> 
> ?
> 
> Best regards
> 
> ?
> 
> Benny MBOKO
> 
> ARPCE/Congo
> 
> 
> ______________________________________________________________________
> This email has been scanned by the IT101 Email Security System.
> For more information please visit http://www.it101.be
> ______________________________________________________________________
> 
> 
> 
> _______________________________________________
> af-ix-discuss mailing list
> af-ix-discuss at af-ix.net
> http://af-ix.net/mailman/listinfo/af-ix-discuss_af-ix.net
>