Technical
Configuration Hints
LONAP runs a stable Internet Exchange, because there is a set of regulations that prohibit certain types of traffic. The example configurations on this page can be used to configure your peering router interfaces, in order to prevent the prohibited traffic reaching the exchange. We recommend that you base your configurations on the example on this page. If you wish to share your configuration for a router that is not described on this page, then please send it to support-at-lonap-dot-net.
It is important to stress that these configurations are sample configurations and you should ensure that the recommendations will fit with your topology. Changes to router software and new protocols released in time may require these recommendations to alter.
Cisco Router, directly connected to the exchange
Connecting your router directly to the exchange is the recommended configuration. This configuration is for members who connect to LONAP and take a 'single VLAN' (access) port. This is the default port style, and the port you will be assigned unless you specifically ask for a multiple VLAN port.
interface GigabitEthernet x/y
ip address 5.57.80.x 255.255.252.0
description PEERING:: LONAP Internet Exchange
no ip redirects
no ip proxy-arp
no ip directed-broadcast
ipv6 address 2001:7f8:17::xxxx:1/64
ipv6 enable
ipv6 nd prefix default no-advertise
ipv6 nd ra suppress
no mop enable
no cdp enable
no keepalive
Cisco Router, connected via intermediate Cisco Switch
This configuration effectively extends the number of ports on your router using 802.1q VLAN trunking. It is not the recommended configuration style, because this method can cause frames to leak from any intermediate switch towards the exchange.
There is a wide variety of switches that can act as intermediate switches. This configuration assumes your switch runs IOS. If a command in this sample configuration is not accepted by your switch, you can check to see whether the feature is available on your equipment - if not then there is no need to explicitly disable the configuration.
Intermediate Switch
interface GigabitEthernet x/y
description Port facing LONAP Internet Exchange
switchport access vlan 300
switchport mode access
switchport nonegotiate
no keepalive
no cdp enable
no lldp receive
no lldp transmit
no udld enable
spanning-tree bpdufilter enable
end
vlan 300
name LONAP
end
interface GigabitEthernet x/z
description Port Facing London router xxx
switchport mode trunk
switchport trunk allowed vlan 300
Router terminating BGP Sessions
interface GigabitEthernet x/y
description Port facing London Switch yyy
no ip address
interface GigabitEthernet x/y.300
description PEERING:: LONAP Internet Exchange
encapsulation dot1q 300
ip address 5.57.80.x 255.255.252.0
no ip redirects
no ip proxy-arp
no ip directed-broadcast
ipv6 address 2001:7f8:17::xxxx:1/64
ipv6 enable
ipv6 nd prefix default no-advertise
ipv6 nd ra suppress
no cdp enable
no mop enable
no keepalive
Juniper Router connected to exchange
JUNOS has mostly sensible default interface configuration.
JUNOS' default ARP cache timeout is 20 minutes. As MAC addresses change relatively infrequently on the peering LAN, we recommend increasing this timeout to reduce unnecessary broadcasts.
The ARP aging timer can be configured globally, and/or for each logical interface of family type inet.
To configure the ARP aging timer at the logical interface level, specify the aging-timer statement and the timer value in minutes at the [edit system arp interfaces interface-name] hierarchy level.
A setting of 240 minutes is equivalent to Cisco's default:
General
[edit system arp interfaces interface-name] aging-timer 240;
See also:
- JUNOS ARP Learning and Aging Options
- How to suppress the IPv6 Router Advertisement with the Neighbor Discovery timers tuned
Access Interface
ge-0/0/x {
unit 0 {
description "PEERING:: LONAP";
family inet {
no-redirects
address 5.57.80.x/22;
}
family inet6 {
address 2001:7F8:17::xxxx:1/64;
}
}
}
Tagged Interface
ge-0/0/x {
vlan-tagging;
unit 4 {
description "PEERING:: LONAP";
vlan-id 4;
family inet {
no-redirects
address 5.57.80.x/22;
}
family inet6 {
address 2001:7F8:17::xxxx:1/64;
}
}
}