Version: 1.0 draft

By connecting to KeFF-IX you acknowledge the following,

General requirements

• ASN assigned by RIR
• Settlement-free peering only. To exchange paid services between members that depends on KeFF-IX is not allowed unless receiving prior approval.
• Members are not allowed to use the IX to exchange intra-organization traffic without prior approval (e.g extra VLAN service).
• Members are only allowed to exchange traffic targeting the Default-free zone (DFZ)
• Members must avoid actions that can cause mis-direction of traffic.
• Traffic may only be forwarded towards a member if permission is given by the member.
• If a member shows a wilful disregard for the IX service rules they will be disconnected from the service.

Technical requirements

• Only unicast frames with defined source MAC-address are allowed, with the exception of neighbour discovery mechanisms.
• For all traffic, the following rules apply,
  • Only frame sizes upto 1500 MTU is allowed.
  • Only Ethernet frame types IPv4 (0x0800), IPv6 (0x86dd) and ARP (0x0806) are allowed.
• The following ICMP and ICMPv6 packets are forbidden.
  • ICMP Redirect Message (Type 5)
  • ICMPv6 Router Solicitation (Type 133)
  • ICMPv6 Router Advertisement (Type 134)
  • ICMPv6 Redirect (Type 137)
• Members are not allowed to advertise the IX subnet towards other AS networks.
• Only one MAC-address is allowed per link and is assigned by member unless receiving prior approval.
• Only one IPv4-address and IPv6-address is allowed per link unless receiving prior approval.

Data privacy

• KeFF-IX implements data inspection using sFlow in order to calculate statistics of how the IX is being used.
• KeFF-IX will provide access to data collected from a member port to that member if requested.
• KeFF-IX publishes all statistics collected on ix.se
• By default the member’s AS name and number will be exported as part of these metrics. Members can ask to hide this information.
• KeFF-IX may retain the collected data indefinitely.