Important: The OHIO IX NOC reserves the right to disable ports that violate the rules below.
To ensure smooth operation of the OHIO IX infrastructure we impose a set of restrictions on what kind of traffic is allowed on the peering fabric. This page gives a summary of those restrictions.
1. Physical Connection
1.1 Interface settings
10GBase Ethernet interfaces attached to OHIO IX ports must be explicitly configured with speed, duplex other configuration settings, i.e. they should not be auto-sensing.
2. MAC Layer
2.1 Ethernet framing
The OHIO IX infrastructure is based on the Ethernet II (or “DIX Ethernet”) standard. This means that LLC/SNAP encapsulation (802.2) is not permitted.
2.2 Allowed Ethertypes
Frames forwarded to OHIO IX ports must have one of the following ethertypes:
- 0x0800 – IPv4
- 0x0806 – ARP
- 0x86dd – IPv6
2.3 One MAC address per connection
Frames forwarded to an individual OHIO IX port shall all have the same source MAC address. Under normal operations, only one MAC may be learned from a connected port. A buffer of one additional MAC address is in place to facilitate equipment upgrades or migrations. If more than two MAC addresses are learned, an automatic port-security shutdown will occur. Port-security shutdowns clear after 10 minutes.
2.4 No proxy ARP
Use of proxy ARP on the router’s interface to the Exchange is not allowed.
2.5 Unicast only
Frames forwarded to OHIO IX ports shall not be addressed to a multicast or broadcast MAC destination address except as follows:
- Broadcast ARP packets (FF:FF:FF:FF:FF:FF)
- Multicast ICMPv6 Neighbor Solicition and Duplicated Address Detection (33:33:FF:xx:xx:xx)
- Note: This does NOT include Router Solicitation or Advertisement packets
2.6 No link-local traffic
Traffic related to link-local protocols shall not be forwarded to OHIO IX ports. Link-local protocols include, but are not limited to, the following list:
- IRDP
- ICMP redirects
- IEEE 802 Spanning Tree
- Discovery protocols: CDP, EDP, LLDP etc.
- VLAN/trunking protocols: VTP, DTP
- Interior routing protocol broadcasts (e.g. OSPF, ISIS, IGRP, EIGRP)
- BOOTP/DHCP
- PIM-SM
- PIM-DM
- DVMRP
- ICMPv6 ND-RA
- UDLD
- L2 Keepalives
- Vendor proprietary protocols
The following link-local protocols are exceptions and are allowed:
- ARP
- IPv6 Neighbor Discovery
3. IP Layer
3.1 No directed broadcast
IP packets addressed to OHIO IX peering LAN’s directed broadcast address shall not be automatically forwarded to OHIO IX ports.
3.2 no-export of OHIO IX peering LAN
IP address space assigned to OHIO IX Peering LANs must not be advertised to other networks without explicit permission of OHIO IX.
4. Application layer (TCP/IP model)
Using Application layer protocols to unleash malicious actions against other OHIO IX customers over OHIO IX infrastructure, is forbidden. OHIO IX reserves the right to disable a customer’s port in case of complaints of attacks/abuse originating from such customers. The following list includes, but is not limited to:
- BGP hijacking
- DNS amplification/flood
- HTTP flood
- NTP amplification
- UDP flood
- ICMP flood
- Simple Service Discovery Protocol (SSDP)
Did you experience or notice a customer abusing their OHIO IX connection for malicious actions? Please contact support@ohioix.net
Please get in touch to file a complaint providing information about:
- The timestamp of the event
- The type of the event
- The related prefixes/ASNs
- The parties involved
- Any other relevant information providing appropriate context.
Typically, this information can be found in (but is not limited to) router logs, syslog servers, packet captures, BGP monitoring services.
OHIO IX will investigate to confirm the complaint and take appropriate action.