Location of upstream connections & BGP templates

James Jones james at freedomnet.co.nz
Thu Feb 18 00:53:48 UTC 2010


Sent from my iPhone

On Feb 17, 2010, at 7:38 PM, "Scott Weeks" <surfer at mauigateway.com>  

> --- steve at ibctech.ca wrote:
> From: Steve Bertrand <steve at ibctech.ca>
> layered. My thinking is that my 'upstream' connections should be moved
> out of the core, and onto the edge. My reasoning for this is so that I
> What do other providers do? Are your transit peers connected  
> directly to
> the core? I can understand such a setup for transit-only providers,  
> but
> --------------------------------------------
> Border, core, access.
> Border routers only connect the core to the upstreams.  They do  
> nothing else.  No acls, just prefix filters.  For example, block  
> 1918 space from leaving your network.  Block other bad stuff from  
> leaving your network too.  Allow in only what you're expecting from  
> the upstream; again 1918 space, etc.  They can fat finger like  
> anyone else.
> Core is for moving bits as efficiently as possible: no acls; no  
> filters.
> Connect downstream BGP customers to access routers that participate  
> in the iBGP mesh.  Filter them only allowing what they're supposed  
> to advertise.  They'll mess it up a lot if they're like my customers  
> by announcing everything under the sun.  Filter what you're  
> announcing to them.  You can fat finger just as well as anyone  
> else.  ;-)
> scott

More information about the NANOG mailing list