Platform specification

Single MAC Address per port
This will help gain security and limit risk of a loop in the network.

Allowed ethernet types
  • 0x0800 - IPv4
  • 0x0806 - ARP
  • 0x86dd - IPv6
Unicast traffic only - Multicast or Broadcast is not allowed unless it is
  • Broadcast ARP (Address Resolution Protocol) or
  • Multicast IPv6 ND (Neighbour discovery)
No proxy ARP [RFC1027]
No ICMP Redirects
No directed broadcast

L2 ACL
  • Limit the MAC Address learned by switch.
  • Drop any other frame which does not match the configured source MAC address.

Openly for bilateral peering agreement (BLPA). There is no multilateral peering agreement (MLPA) except BKNIX Route Servers.




What should not be seen on this platform:
  • Vendor proprietary protocol (eg. CDP)
  • Discovery protocol (eg. LLDP, MNDP)
  • VLAN/trunking protocol (eg. VTP, DTP, GVRP)
  • Spanning Tree protocol (eg. PVST+, RSTP. Rapid PVST+, MSTP)
  • Interior routing protocol (eg. OSPF, ISIS, EIGRP)
  • L2 Keepalives
  • ICMPv6 Neighbor Discovery - Router Advertisement
  • PIM-SM, PIM-DM
  • BOOTP/DHCP
  • Other link-local traffic

Quarantine Vlan
A separated VLAN on the platform performs the following:
  • as the staging VLAN : when new customers just connect to the switch
  • for troubleshooting : the monitoring server (sniffer) can sniff all the traffic, including broadcast, multicast and unknown frames to analyse the cause of a problem.
    It also contains testing Route servers identical to production servers to help a client adjust the BGP announcement before going to the production VLAN.

21 July 2021 | Posted by Admin

Powered by
Sponsored by