IPv4 ARP & IPv6 Neighbor Timeout
Each equipment vendor implements its own maximum ages for the IPv4 ARP and IPv6 neighbor caches. The values vary widely and in at least one case (Linux) it is not a constant. Low ARP timeouts can lead to excessive ARP traffic, especially if the values are lower than the BGP keepalive intervals.
Conversely, long timeouts can theoretically lead to longer downtime if you change equipment. This is because your peers' routers still have the old MAC address in their ARP cache.
We recommend setting the ARP cache timeout to at least two hours, preferably four. See the sections on specific equipment vendors for examples.
Peering Network Prefix
The 48 IX Peering Network Prefixes is part of AS62484, and should not be globally routable. As such, the following guidelines should be followed when configuring your equipment:
- Do not announce 48 IX networks in your router's BGP configuration.
- Do not redistribute the route, a supernet, or a more specific prefix outside of your AS. We announce peering LAN prefixes with a
no-exportcommunity — please honor it.
All 48 IX Exchange ports are configured with an MTU of
9216 bytes. It is recommended that member ports be configured with an MTU of
9000, leaving enough overhead for future protocols which may be used by the exchange.
48 IX policy dictates that up to two MAC addresses are allowed behind a member port. This means that you'll need to be extremely careful when connecting a device that can act as a L2 device. Instabilities in a layer 2 network outside of our control can and typically do have a significant impact on the exchange as a whole. Bridging loops and spanning tree topology changes are good examples of this.
An intermediate L2 device may only bridge frames from the member's router(s) to the 48 IX port, and should otherwise be completely invisible. No connected device should bridge frames from other devices onto the 48 IX network, or send STP traffic on its 48 IX port.
Connecting a Layer 3 Device
The most preferred way to connect to 48 IX is to directly connect a layer 3 device (router) to your cross connect. This nearly automatically ensures:
- Eliminates any risk associated with bridging two layer 2 domains
- No STP traffic ingresses the port, removing any filtering overhead from the switch fabric
- Easier troubleshooting in the event of connectivity or traffic flow issues
Connecting a Layer 2 Device
While we don't recommend connecting router router to 48 IX via an intermediate layer 2 device, keep the following mind should you choose to do so:
- You must guarantee that only traffic to/from your router's IX interface goes to/from the 48 IX port
- IGMP/MLD snooping on the intermediate switch may block legitimate ICMPv6 neighbor solicitations
- You must disable spanning tree on your port facing 48 IX.
We strongly recommend using a dedicated VLAN for the path from your router to the 48 IX port.
Cisco IOS Configuration Examples
Cisco IOS devices tend to come with lots of features silently enabled which are generally unneeded, and may cause problems when connecting to an internet exchange. The following configurations may be more verbose than your typical configuration standards, but they will ensure no problematic traffic enters the IX.
interface Ethernet0/0 mtu 9000 no keepalive no cdp enable no mop enabled no lldp receive no lldp transmit ! IPv4 no ip redirects no ip proxy-arp no ip directed-broadcast ip address 192.0.2.40 255.255.255.0 ! ! IPv6 ipv6 enable no ipv6 pim no ipv6 mld snooping ipv6 nd suppress-ra all ipv6 address 2001:db8:48:1::40/64 !
vlan 3800 name 48ix ! vtp mode transparent ! no spanning-tree vlan 3800 ! interface Ethernet0/0 no keepalive no cdp enable no udld enable no lldp receive no lldp transmit switchport nonegotiate switchport mode access switchport access vlan 3800 spanning-tree bpdufilter enable
Juniper Junos Configuration Examples
set system arp aging-timer 240