[122607] in North American Network Operators' Group
Re: Location of upstream connections & BGP templates
daemon@ATHENA.MIT.EDU (jim deleskie)
Wed Feb 17 19:41:42 2010
In-Reply-To: <20100217163831.B5C0E138@resin17.mta.everyone.net>
Date: Wed, 17 Feb 2010 20:41:04 -0400
From: jim deleskie <deleskie@gmail.com>
To: surfer@mauigateway.com
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Border/Core/Access is great thinking when your a sales rep for a
vendor that sells under power kit. No reason for it any more.
-jim
On Wed, Feb 17, 2010 at 8:38 PM, Scott Weeks <surfer@mauigateway.com> wrote=
:
>
>
> --- steve@ibctech.ca wrote:
> From: Steve Bertrand <steve@ibctech.ca>
>
> layered. My thinking is that my 'upstream' connections should be moved
> out of the core, and onto the edge. My reasoning for this is so that I
>
> What do other providers do? Are your transit peers connected directly to
> the core? I can understand such a setup for transit-only providers, but
> --------------------------------------------
>
>
> Border, core, access.
>
> Border routers only connect the core to the upstreams. =A0They do nothing=
else. =A0No acls, just prefix filters. =A0For example, block 1918 space fr=
om leaving your network. =A0Block other bad stuff from leaving your network=
too. =A0Allow in only what you're expecting from the upstream; again 1918 =
space, etc. =A0They can fat finger like anyone else.
>
> Core is for moving bits as efficiently as possible: no acls; no filters.
>
> Connect downstream BGP customers to access routers that participate in th=
e iBGP mesh. =A0Filter them only allowing what they're supposed to advertis=
e. =A0They'll mess it up a lot if they're like my customers by announcing e=
verything under the sun. =A0Filter what you're announcing to them. =A0You c=
an fat finger just as well as anyone else. =A0;-)
>
> scott
>
>
