On Tue, Aug 18, 2015 at 1:29 PM, Patrick W. Gilmore <patr...@ianai.net> wrote:
> On Aug 18, 2015, at 1:24 PM, William Herrin <b...@herrin.us> wrote: > > On Tue, Aug 18, 2015 at 8:29 AM, Tim Durack <tdur...@gmail.com> wrote: > > >> Question: What is the preferred practice for separating peering and > transit > >> circuits? > >> > >> 1. Terminate peering and transit on separate routers. > >> 2. Terminate peering and transit circuits in separate VRFs. > >> 3. QoS/QPPB ( > >> > https://www.nanog.org/meetings/nanog42/presentations/DavidSmith-PeeringPolicyEnforcement.pdf > >> ) > >> 4. Don't worry about peers stealing transit. > >> 5. What is peering? > >> > >> Your comments are appreciated. > > > > > > If you have a small number of peers, a separate router carrying a > > partial table works really well. > > To expand on this, and answer Tim’s question one post up in the thread: > > Putting all peer routes on a dedicated router with a partial table avoids > the “steal transit” question. The Peering router can only speak to peers > and your own network. Anyone dumping traffic on it will get !N (unless they > are going to a peer, which is a pretty minimal risk). > > It has lots of other useful features such as network management and > monitoring. It lets you do maintenance much easier. Etc., etc. > > But mostly, it lets you avoid joining an IX and having people use you as a > backup transit provider. > This has always been my understanding - thanks for confirming. I'm weighing cost-benefit, and looking to see if there are any other smart ideas. As usual, it looks like simplest is best. -- Tim:> p.s. Perhaps I should be relieved no one tried to sell me an SDN peering transit theft controller...