While I can't think of the perfect word on the tip of my brain to describe why, that is certainly the gist of it, especially for a relatively new IX country like Australia. We will always need layer2 at some point, but I guess the question you are more interested in is, how to handle 'domain' routing, vs local routing. Not the correct word, especially as it conflicts with broadcast domain, but that is close. RADB and projects like that are trying to push the vulnerable BGP system to something more along the lines of a layer2-less internet, but with IPv6 it actually makes less sense than it did before, go figure. IMHO anyway, someone like MMC might be able to give a better perspective :)<br>
<br><div class="gmail_quote">On Thu, Sep 27, 2012 at 6:13 PM, Mark Tees <span dir="ltr"><<a href="mailto:mark.tees@digitalpacific.com.au" target="_blank">mark.tees@digitalpacific.com.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
This one has been bugging me for a while now given the common place problem of someone storming on one of the peering networks. Trying to work out if it is just an old school train of thought or if there are real life limitations or advantages on using layer3 in multi lateral peering setups.<br>
<br>
<a href="http://blog.ioshints.info/2012/07/why-do-internet-exchanges-need-layer-2.html" target="_blank">http://blog.ioshints.info/2012/07/why-do-internet-exchanges-need-layer-2.html</a><br>
<br>
The points Ivan raises for layer-2 in that article appear to be along the lines of:<br>
<br>
* Simplicity<br>
* Scenarios where participants want run BGP directly between themselves.<br>
* Hardware costs (in the past maybe?).<br>
* All points towards bilateral peering.<br>
<br>
I only have experience with Pipe NSW IX and Equinix Peering. Read a little bit about LINX and AMS-IX.<br>
<br>
Judging from what I have read peering points like LINX moving to VPLS setups has not really helped the problem.<br>
<br>
Do the majority of people who connect to the peering fabrics in Australia just connect to the route servers in an MLP fashion?<br>
<br>
The people who use the IX ports for private connections could possibly have a second port provisioned or a single port VLAN'd o MPLS CCC'd? Cross connect costs might be a problem.<br>
<br>
So, for MLP type setups is it feasible to use layer 3 switching between participants?<br>
<br>
Participants ports would ideally be routed interfaces on layer 3 switches with a BGP session to the switch they connect to. You could then limit a switch to only X number of members and each switch exchanges routes via iBGP either in a mesh or RR setup.<br>
<br>
If a customer then goes nuts and starts flooding their port it should be contained to the device they connect to. Hopefully, ACLs in place prevent problem traffic from getting to the control plane.<br>
<br>
There are other things that could be done on layer 2 in terms of ACLs for customer ports and monitoring that could prevent some of these problems we see. My first thought towards that would be as soon as customer port X multicast/broadcast counters start exceeding the average in a big way then shut it down.<br>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div><br>