Five Important Tips Need to be Considered When Configure the Industrial Router to Connect to the IX

Five important tips need to be considered when configure the industrial router to connect to the IX

 

Stop sending ICMP redirection - Disable ICMP redirection on industrial routers used to connect to IX. This will ensure that you will not pollute the routing tables of other routers connected to the same IX.

 

Destination address of forbidding forwarding is packet of directed broadcast address of segment IX - disable this feature on the router as it may help with Smurf attacks on the IX segment, which is harmful to all routers on the IX.

 

Disable proxy ARP - doing so will prevent the router from shutting down all BGP sessions and traffic through IX. 

 

Maximum prefix limit - configure the maximum prefix limit for all peers because this is an effective defense against peer route leakage or router configuration errors.

 

Do not post the prefix of the IX segment - If so, the reachability of the IX segment of the wider part of the Internet will promote more attacks on the IX segment, which should be dedicated to peer-to-peer traffic.