[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Location of upstream connections & BGP templates
- Subject: Location of upstream connections & BGP templates
- From: james at freedomnet.co.nz (James Jones)
- Date: Wed, 17 Feb 2010 19:53:48 -0500
- In-reply-to: <[email protected]>
- References: <[email protected]>
Ditto
Sent from my iPhone
On Feb 17, 2010, at 7:38 PM, "Scott Weeks" <surfer at mauigateway.com>
wrote:
>
>
> --- steve at ibctech.ca wrote:
> From: Steve Bertrand <steve at ibctech.ca>
>
> layered. My thinking is that my 'upstream' connections should be moved
> out of the core, and onto the edge. My reasoning for this is so that I
>
> What do other providers do? Are your transit peers connected
> directly to
> the core? I can understand such a setup for transit-only providers,
> but
> --------------------------------------------
>
>
> Border, core, access.
>
> Border routers only connect the core to the upstreams. They do
> nothing else. No acls, just prefix filters. For example, block
> 1918 space from leaving your network. Block other bad stuff from
> leaving your network too. Allow in only what you're expecting from
> the upstream; again 1918 space, etc. They can fat finger like
> anyone else.
>
> Core is for moving bits as efficiently as possible: no acls; no
> filters.
>
> Connect downstream BGP customers to access routers that participate
> in the iBGP mesh. Filter them only allowing what they're supposed
> to advertise. They'll mess it up a lot if they're like my customers
> by announcing everything under the sun. Filter what you're
> announcing to them. You can fat finger just as well as anyone
> else. ;-)
>
> scott
>