Ditto
Sent from my iPhone
On Feb 17, 2010, at 7:38 PM, "Scott Weeks" <sur...@mauigateway.com>
wrote:
--- st...@ibctech.ca wrote:
From: Steve Bertrand <st...@ibctech.ca>
layered. My thinking is that my 'upstream' connections should be moved
out of the core, and onto the edge. My reasoning for this is so that I
What do other providers do? Are your transit peers connected
directly to
the core? I can understand such a setup for transit-only providers,
but
--------------------------------------------
Border, core, access.
Border routers only connect the core to the upstreams. They do
nothing else. No acls, just prefix filters. For example, block
1918 space from leaving your network. Block other bad stuff from
leaving your network too. Allow in only what you're expecting from
the upstream; again 1918 space, etc. They can fat finger like
anyone else.
Core is for moving bits as efficiently as possible: no acls; no
filters.
Connect downstream BGP customers to access routers that participate
in the iBGP mesh. Filter them only allowing what they're supposed
to advertise. They'll mess it up a lot if they're like my customers
by announcing everything under the sun. Filter what you're
announcing to them. You can fat finger just as well as anyone
else. ;-)
scott