FIX Berlin Rules
An internet exchange is a shared Ethernet medium. In order to protect the exchange, participants are required to follow a number of rules
Allowed Traffic
FIX Berlin exists for the exchange of unicast Internet traffic. Traffic unnecessary for this purpose is prohibited.
In many cases the exchange fabric is configured in such a way as to automatically protect itself from misuse by dropping of prohibited packet types. However, participants are requested to ensure they do not
MAC Layer
MAC Addresses
FIX Berlin operates a MAC address allowlisting system. Participants must only source packets from MAC addresses associated with them in IXP Manager. The infrastructure will only forward packets on the basis of these statically configured MAC addresses
Packet Types
Participants must only send packets with the following ethertypes into the medium:
| Ethertype | Name |
|---|---|
0800 | Internet Protocol, version 4 |
0806 | Address Resolution Protocol |
86DD | Internet Protocol, version 6 |
In particular, participants should ensure that their equipment is configured with discovery protocols such as the Link Layer Discovery Protocol, Cisco Discovery Protocol disabled.
Participants must ensure that Spanning Tree Protocol is disabled. The FIX Berlin fabric is configured with BPDU protection enabled, and sending STP packets into the fabric will result in the port automatically being disabled.
Unicast Packets Only
With the following exceptions, all packets must be unicast
- IPv4 Broadcast ARP packets, and
- IPv6 Multicast Neighbour Discovery packets
Proxy ARP
Proxy ARP must be disabled on any exchange-facing interfaces. Participant machines must only respond to ARP requests for their own peering LAN IPs.
Linux by default will respond to ARP requests for any IP address configured on the system. Participants using Linux based routers should configure the following sysctls:
net.ipv4.conf.FIX_IFNAME.arp_ignore=1
net.ipv4.conf.FIX_IFNAME.arp_announce=1
No Link-Local Traffic
With the exceptions of IPv4 ARP and IPv6 Neighbour Discovery, no link local traffic is permitted.
IP Layer
No Directed Broadcasts
Participants shall not forward IPv4 directed broadcast packets to their FIX Berlin ports (those
with destination IP 185.0.32.255)
No export of the peering LAN
Participants must not export the FIX Berlin peering LAN outside of their own network, and are encouraged to not export the prefix outside of their peering router.
General Routing Policy
Participants may only direct traffic to another peer in accordance with prefix announcements exchanged (either in bilaterally in direct sessions, or multilaterally via the route servers) via BGP.
Participants may not configure static routing (including default routing) to another participant.
Route Server Peering
All participants must peer with the FIX Berlin route servers and announce any routes they intend to announce to peers over the FIX Berlin fabric, in order to facilitate route collection and debugging.
(Participants are not required to peer multilaterally via the route servers. Peers with selective
peering policies may announce all peers towards the route servers with large community
(198136, 0, 0) in order to prevent them being announced to other parties)