[183201] in North American Network Operators' Group
Re: Peering + Transit Circuits
daemon@ATHENA.MIT.EDU (Tim Durack)
Tue Aug 18 15:22:51 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <78EDBDF9-D575-44EC-B08A-65D085946A64@ianai.net>
Date: Tue, 18 Aug 2015 15:22:48 -0400
From: Tim Durack <tdurack@gmail.com>
To: "Patrick W. Gilmore" <patrick@ianai.net>
Cc: NANOG list <nanog@nanog.org>,
"cisco-nsp@puck.nether.net" <cisco-nsp@puck.nether.net>
Errors-To: nanog-bounces@nanog.org
On Tue, Aug 18, 2015 at 1:29 PM, Patrick W. Gilmore <patrick@ianai.net>
wrote:
> On Aug 18, 2015, at 1:24 PM, William Herrin <bill@herrin.us> wrote:
> > On Tue, Aug 18, 2015 at 8:29 AM, Tim Durack <tdurack@gmail.com> wrote:
>
> >> Question: What is the preferred practice for separating peering and
> transit
> >> circuits?
> >>
> >> 1. Terminate peering and transit on separate routers.
> >> 2. Terminate peering and transit circuits in separate VRFs.
> >> 3. QoS/QPPB (
> >>
> https://www.nanog.org/meetings/nanog42/presentations/DavidSmith-PeeringPo=
licyEnforcement.pdf
> >> )
> >> 4. Don't worry about peers stealing transit.
> >> 5. What is peering?
> >>
> >> Your comments are appreciated.
> >
> >
> > If you have a small number of peers, a separate router carrying a
> > partial table works really well.
>
> To expand on this, and answer Tim=E2=80=99s question one post up in the t=
hread:
>
> Putting all peer routes on a dedicated router with a partial table avoids
> the =E2=80=9Csteal transit=E2=80=9D question. The Peering router can only=
speak to peers
> and your own network. Anyone dumping traffic on it will get !N (unless th=
ey
> are going to a peer, which is a pretty minimal risk).
>
> It has lots of other useful features such as network management and
> monitoring. It lets you do maintenance much easier. Etc., etc.
>
> But mostly, it lets you avoid joining an IX and having people use you as =
a
> backup transit provider.
>
This has always been my understanding - thanks for confirming. I'm weighing
cost-benefit, and looking to see if there are any other smart ideas. As
usual, it looks like simplest is best.
--=20
Tim:>
p.s. Perhaps I should be relieved no one tried to sell me an SDN peering
transit theft controller...
