Platform specification

Single MAC Address per port
This will help gain the security and limit the risk of loop in the network

Allowed ethernet types
  • 0x0800 - IPv4
  • 0x0806 - ARP
  • 0x86dd - IPv6
Unicast traffic only - Multicast or Broadcast is not allowed unless it is
  • Broadcast ARP (Address Resolution Protocol) or
  • Multicast IPv6 ND (Neighbour discovery)
No proxy ARP [RFC1027]
No ICMP Redirects
No directed broadcast

L2 ACL
  • limit the MAC Address learned by switch
  • drop any other frame which does not match the configured source MAC address

Openly for bilateral peering agreement (BLPA). There is no multilateral peering agreement (MLPA) unless BKNIX Route Servers




What should not have seen on this platform:
  • Vendor proprietary protocol (eg. CDP)
  • Discovery protocol (eg. LLDP, MNDP)
  • VLAN/trunking protocol (eg. VTP, DTP, GVRP)
  • Spanning Tree protocol (eg. PVST+, RSTP. Rapid PVST+, MSTP)
  • Interior routing protocol (eg. OSPF, ISIS, EIGRP)
  • L2 Keepalives
  • ICMPv6 Neighbour Discovery - Router Advertisement
  • PIM-SM, PIM-DM
  • BOOTP/DHCP
  • Other link-local traffic

Quarantine Vlan
It is a separated VLAN on the platform which will be using
  • as the staging VLAN : when new customers just connect to the switch
  • for troubleshooting : the monitoring server (sniffer) can sniff all the traffic including broadcast, multicast and unknown frames to analyse what is the cause of the problem.
    It also contains testing Route servers being identical to the production ones which can help customer adjust the BGP announcement before going to the production VLAN.