Peering + Transit Circuits

Patrick W. Gilmore patrick at ianai.net
Tue Aug 18 17:29:35 UTC 2015


On Aug 18, 2015, at 1:24 PM, William Herrin <bill at herrin.us> wrote:
> On Tue, Aug 18, 2015 at 8:29 AM, Tim Durack <tdurack at gmail.com> wrote:

>> Question: What is the preferred practice for separating peering and transit
>> circuits?
>> 
>> 1. Terminate peering and transit on separate routers.
>> 2. Terminate peering and transit circuits in separate VRFs.
>> 3. QoS/QPPB (
>> https://www.nanog.org/meetings/nanog42/presentations/DavidSmith-PeeringPolicyEnforcement.pdf
>> )
>> 4. Don't worry about peers stealing transit.
>> 5. What is peering?
>> 
>> Your comments are appreciated.
> 
> 
> If you have a small number of peers, a separate router carrying a
> partial table works really well.

To expand on this, and answer Tim’s question one post up in the thread:

Putting all peer routes on a dedicated router with a partial table avoids the “steal transit” question. The Peering router can only speak to peers and your own network. Anyone dumping traffic on it will get !N (unless they are going to a peer, which is a pretty minimal risk).

It has lots of other useful features such as network management and monitoring. It lets you do maintenance much easier. Etc., etc.

But mostly, it lets you avoid joining an IX and having people use you as a backup transit provider.

-- 
TTFN,
patrick




More information about the NANOG mailing list