should use firewall when peering?

Barry Raveendran Greene bgreene at cisco.com
Thu Jan 11 17:10:49 UTC 2001


Hello LaiSheng,

You did the right thing to sanity check what someone says via a list like
NANOG. Your vendor is BSing you. Let me know if the person working for this
vendor resembles my E-mail so I can bong him/her on the head. I do not know
any US Tier 1/2 ISPs who use a firewall between them and their peers. I know
of a few ISPs that use Firewalls on single homed upstream links to do
political/porn filtering. Otherwise their peer connection is point to point
or via an IXP - with no "firewalls" in between.

Barry

> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu]On Behalf Of
> bgp4cn
> Sent: Thursday, January 11, 2001 5:48 AM
> To: nanog at merit.edu
> Cc: majordomo at merit.edu
> Subject: should use firewall when peering?
>
>
>
> Hi,everyone,
>
> yesterday  our parner tell me that almost all carriers in North
> America  implementing firewalls when they interlink with another carriers.
> I do not think so.But he came from one of US's carriers,and who
> insist on that opinion and suggest our new-building carrier network to use
> firewalls between Chinanet and Internet.
> who came from Sprint/MCI/UUNET or other ISP's,can you tell me
> what really the things?
> And our parner also said we can use private IP on our carrier's
> networks,who said that we use NAT on the internet access
> router(runing BGP,and have our
> own public AS),I think NAT is too low performance to use at the
> inter-ISP link router,and have problems of multi-ISPs interlink's
> torlance,and
> have problems with some applications which go to another ISP,do
> you think so?
> Bye the way, I came from China,any suggestion will be appreciated.
>
>
>
> Regards,
> miao laisheng
> miaols at bridge.net.cn
> ______________________________________
>
> ===================================================================
> ÐÂÀËÃâ·Ñµç×ÓÓÊÏä http://mail.sina.com.cn
>
> ÄãÑ¡ÊÖ»úÎÒÂòµ¥£¡(http://mall.sina.com.cn/yesmobile/)
>
>





More information about the NANOG mailing list