[122610] in North American Network Operators' Group
Re: Location of upstream connections & BGP templates
daemon@ATHENA.MIT.EDU (James Jones)
Wed Feb 17 19:54:44 2010
From: James Jones <james@freedomnet.co.nz>
To: "surfer@mauigateway.com" <surfer@mauigateway.com>
In-Reply-To: <20100217163831.B5C0E138@resin17.mta.everyone.net>
Date: Wed, 17 Feb 2010 19:53:48 -0500
Cc: "<nanog@nanog.org>" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Ditto
Sent from my iPhone
On Feb 17, 2010, at 7:38 PM, "Scott Weeks" <surfer@mauigateway.com>
wrote:
>
>
> --- steve@ibctech.ca wrote:
> From: Steve Bertrand <steve@ibctech.ca>
>
> layered. My thinking is that my 'upstream' connections should be moved
> out of the core, and onto the edge. My reasoning for this is so that I
>
> What do other providers do? Are your transit peers connected
> directly to
> the core? I can understand such a setup for transit-only providers,
> but
> --------------------------------------------
>
>
> Border, core, access.
>
> Border routers only connect the core to the upstreams. They do
> nothing else. No acls, just prefix filters. For example, block
> 1918 space from leaving your network. Block other bad stuff from
> leaving your network too. Allow in only what you're expecting from
> the upstream; again 1918 space, etc. They can fat finger like
> anyone else.
>
> Core is for moving bits as efficiently as possible: no acls; no
> filters.
>
> Connect downstream BGP customers to access routers that participate
> in the iBGP mesh. Filter them only allowing what they're supposed
> to advertise. They'll mess it up a lot if they're like my customers
> by announcing everything under the sun. Filter what you're
> announcing to them. You can fat finger just as well as anyone
> else. ;-)
>
> scott
>
