Location of upstream connections & BGP templates

jim deleskie deleskie at gmail.com
Thu Feb 18 00:41:04 UTC 2010


Border/Core/Access is great thinking when your a sales rep for a
vendor that sells under power kit.  No reason for it any more.

-jim

On Wed, Feb 17, 2010 at 8:38 PM, Scott Weeks <surfer at mauigateway.com> wrote:
>
>
> --- steve at ibctech.ca wrote:
> From: Steve Bertrand <steve at ibctech.ca>
>
> layered. My thinking is that my 'upstream' connections should be moved
> out of the core, and onto the edge. My reasoning for this is so that I
>
> What do other providers do? Are your transit peers connected directly to
> the core? I can understand such a setup for transit-only providers, but
> --------------------------------------------
>
>
> Border, core, access.
>
> Border routers only connect the core to the upstreams.  They do nothing else.  No acls, just prefix filters.  For example, block 1918 space from leaving your network.  Block other bad stuff from leaving your network too.  Allow in only what you're expecting from the upstream; again 1918 space, etc.  They can fat finger like anyone else.
>
> Core is for moving bits as efficiently as possible: no acls; no filters.
>
> Connect downstream BGP customers to access routers that participate in the iBGP mesh.  Filter them only allowing what they're supposed to advertise.  They'll mess it up a lot if they're like my customers by announcing everything under the sun.  Filter what you're announcing to them.  You can fat finger just as well as anyone else.  ;-)
>
> scott
>
>




More information about the NANOG mailing list