These Technical Requirements (TR) define the ways in which you may or may not make use of the CNX services. This document will be regularly reviewed and revised in the light of operational experience to ensure maximum protection of service to CNX members.
- Ethernet interfaces attached to CNX ports shall be explicitly configured with duplex, speed and other configuration settings and shall not be auto-sensing.
- No media converters are allowed, all connections must terminate to an SFP/SFP+ module on a CNX switch.
- The connection should be a direct dark fiber connection from the CNX member’s router (or L3 switch) to the CNX switch, with no devices in between such as media converters or L2 switches.
- Only specified ethertypes are allowed on the CNX VLANs. The policy is enforced with a VACL configured on the CNX switches.
- The following ethertypes are allowed:
- 0x0800: IPv4
- 0x0806: ARP
- 0x86dd: IPv6
- Frames with any other ethertypes are dropped on CNX switch ingress.
- All frames of a service forwarded to an individual CNX port shall have the same source MAC address.
- Interfaces connected to CNX ports shall only use IP addresses and netmasks (prefix lengths) assigned to them by CNX. In particular:
- IPv6 addresses (link & global scope) shall be explicitly configured and not auto-configured
- IPv6 site-local addresses shall not be used
- IPv6 router advertisements shall be disabled
- Standard IP MTU size = 1500
- All exchange of routes across the CNX network shall be via BGP4(+).
- AS numbers used in BGP4(+) sessions across the CNX network shall not be from range reserved for private use.
- All routes advertised shall be aggregated as far as possible, including across non-advertised address space
- IP address space assigned to CNX peering LAN shall not be advertised to other networks without explicit permission of CNX.
- All routes to be advertised in a peering session across CNX shall be registered in the APNIC or other public routing registry.
- Traffic shall only be forwarded to a CNX member when permission has been given by the receiving member either:
- by advertising a route across the CNX network (directly or via the routeserver)
- by explicit agreement between members
- Traffic shall not be routinely exchanged between two CNX ports owned by the same CNX member.
CNX TR – April 2022
global mac access list
mac access-list extended ix-protocols permit any any 0x800 0x0 permit any any 0x806 0x0 permit any any 0x86DD 0x0
per port configuration
mac access-group ix-protocols in
default switchport configuration – if some configuration is missing, your port may not work or may be blocked
interface GigabitEthernet1/0/16 switchport mode access switchport nonegotiate no lldp transmit no lldp receive no cdp enable no keepalive spanning-tree portfast trunk spanning-tree bpdufilter enable spanning-tree bpduguard enable no shutdown