[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[af-ix-discuss] Your help please

Subject: [af-ix-discuss] Your help please
From: Benny.MBOKO at arpce.cg (Benny.MBOKO at arpce.cg)
Date: Thu, 31 May 2018 09:40:13 +0000
In-reply-to: <[email protected]>
References: <A076B554B0EBC547A920AC0983E621EB01757BF610@BZV-MBX-02V.arpce.local> <[email protected]>

Hi Frank,
Thanks.

Regards,
Benny

-----Message d'origine-----
De?: af-ix-discuss [mailto:af-ix-discuss-bounces at af-ix.net] De la part de Frank Habicht
Envoy??: mercredi 30 mai 2018 18:29
??: af-ix-discuss at af-ix.net
Objet?: Re: [af-ix-discuss] Your help please

Hi,

On 5/30/2018 7:25 PM, Benny.MBOKO at arpce.cg wrote:
> Hello Dear All,
> 
> We want to add different sevices (root server, reverse DNS, Looking 
> glass, etc.) to our IXP.
> 
> Can we use the/24 peering for these services? If so, why? If not, why?

You should keep the /24 (all of it) for peering. It should not be advertised to anywhere. Then hackers can't access it (as Woody mentioned), and also bad guys flooding (DDOS) your peering connections is avoided.

> In addition to IP resources (IPv4, IPv6, and ASN) for peering, should 
> all IXP also have other IP resources (IPv4, IPv6, and ASN) for management?

Yes! (all three of these resources)
And this set of resources will currently not attract any AfriNIC fees.
Everything you need accessible should be at these IPs. As others mentioned your website, statistics, email, RIPE Atlas probe, and also remote management access for the DNS root server operators can be through this - they need to update and monitor.

> This management network is cut out for the management and services of 
> the IXP. Is that the way it is? A few comments please.

Have separate IP blocks for the peering LAN and for the management network. The peering LAN should not be seen by many. The management should be globally reachable, so people can look at your looking glass.

Regards,
Frank

> Thanks
> 
> ?
> 
> Best regards
> 
> ?
> 
> Benny MBOKO
> 
> ARPCE/Congo
> 
> 
> ______________________________________________________________________
> This email has been scanned by the IT101 Email Security System.
> For more information please visit http://www.it101.be 
> ______________________________________________________________________
> 
> 
> 
> _______________________________________________
> af-ix-discuss mailing list
> af-ix-discuss at af-ix.net
> http://af-ix.net/mailman/listinfo/af-ix-discuss_af-ix.net
> 

_______________________________________________
af-ix-discuss mailing list
af-ix-discuss at af-ix.net
http://af-ix.net/mailman/listinfo/af-ix-discuss_af-ix.net

______________________________________________________________________
This email has been scanned by the IT101 Email Security System.
For more information please visit http://www.it101.be ______________________________________________________________________

______________________________________________________________________
This email has been scanned by the IT101 Email Security System.
For more information please visit http://www.it101.be
______________________________________________________________________

References:
- [af-ix-discuss] Your help please
  - From: Benny.MBOKO at arpce.cg (Benny.MBOKO at arpce.cg)
- [af-ix-discuss] Your help please
  - From: geier at geier.ne.tz (Frank Habicht)

Prev by Date: [af-ix-discuss] Your help please
Previous by thread: [af-ix-discuss] Your help please
Index(es):
- Date
- Thread