LOCATION
Hong Kong

  • Exchange
  • Services
  • Technical
  • About

Allowed traffic

Allowed Traffic Types on Unicast Peering LANs

Important: The AMS-IX NOC reserves the right to disable ports that violate the rules below.

To ensure smooth operation of the AMS-IX infrastructure we impose a set of restrictions on what kind of traffic is allowed on the peering fabric. This page gives a summary of those restrictions. For more info, including hints on how to configure equipment, please see the AMS-IX Configuration Guide.

1. Physical Connection

Interface settings

100base and 10base Ethernet interfaces attached to AMS-IX ports must be explicitly configured with speed, duplex other configuration settings, i.e. they should not be auto-sensing.

2. MAC Layer

2.1 Ethernet framing

The AMS-IX infrastructure is based on the Ethernet II (or “DIX Ethernet”) standard. This means that LLC/SNAP encapsulation (802.2) is not permitted. For more information on the differences, see the Ethernet FAQ, question 4.1.


2.2 Ethernet types

Frames forwarded to AMS-IX ports must have one of the following ethertypes:

  • 0x0800 - IPv4
  • 0x0806 - ARP
  • 0x86dd - IPv6


2.3 One MAC address per port

Frames forwarded to an individual AMS-IX port shall all have the same source MAC address.


2.4 No proxy

ARP Use of proxy ARP on the router's interface to the Exchange is not allowed.


2.5 Unicast only

Frames forwarded to AMS-IX ports shall not be addressed to a multicast or broadcast MAC destination address except as follows:

  • broadcast ARP packets
  • multicast ICMPv6 Neighbour Discovery packets.
    Please note that this does not include Router Solicitation or Advertisement packets.

2.6 No link-local traffic

Traffic related to link-local protocols shall not be forwarded to AMS-IX ports. Link-local protocols include, but are not limited to, the following list:

  • IRDP
  • ICMP redirects
  • IEEE 802 Spanning Tree
  • Vendor proprietary protocols. These include, but are not limited to:
    • Discovery protocols: CDP, EDP
    • VLAN/trunking protocols: VTP, DTP
    • Interior routing protocol broadcasts (e.g. OSPF, ISIS, IGRP, EIGRP)
    • BOOTP/DHCP
    • PIM-SM
    • PIM-DM
    • DVMRP
    • ICMPv6 ND-RA
    • UDLD
    • L2 Keepalives

The following link-local protocols are exceptions and are allowed:

  • ARP
  • IPv6 ND

3. IP Layer

3.1 No directed broadcast

IP packets addressed to AMS-IX peering LAN's directed broadcast address shall not be automatically forwarded to AMS-IX ports.


3.2 No-export of AMS-IX peering LAN

IP address space assigned to AMS-IX Peering LANs must not be advertised to other networks without explicit permission of AMS-IX.

4. Application layer (TCP/IP model)

Using Application layer protocols to unleash malicious actions against other AMS-IX customers over AMS-IX infrastructure, is forbidden. AMS-IX reserves the right to disable a customer’s port in case of complaints of attacks/abuse originating from such customers. The following list includes, but not limited to, some very well-known attacks that we forbid:

  • BGP hijacking
  • DNS amplification/flood
  • HTTP flood
  • NTP amplification
  • UDP flood
  • ICMP flood
  • Simple Service Discovery Protocol (SSDP)
Did you experience or notice a customer abusing their AMS-IX connection for malicious actions?
Contact us

Please get in touch to file a complaint providing information about:

  • The timestamp of the event
  • The type of the event
  • The related prefixes/ASNs
  • The parties involved
  • Any other relevant information providing appropriate context.

Typically, this information can be found in (but is not limited to) router logs, syslog servers, packet captures, BGP monitoring services.

AMS-IX will investigate to confirm the complaint and take appropriate action.

Subscribe to our newsletter

Got a question?