[c-nsp] Modern BGP peering border router and DDoS attack defense recommendations?

[Justin M. Streiner]

On Thu, 9 Jun 2005, Sam Crooks wrote:

> What are opinions of say, 2xN Mbps rate-limited ethernet connections
> (1 per border router, 2 routers, through different physical paths),
> starting out at 10Mbps, burstable up to 100Mbps... in a
> carrier-neutral building with 42 carriers?

Ethernet is a perfectly acceptable transport for Internet traffic.  If the 
facility can meet all of your needs, then I'd say it's worth looking into.

> I'm evaluating http://www.dpte.net, and they offer a bundle of the
> above connectivity to the 42 carriers (they call it blending?), along
> with a 10x10 ft cage ... it would seem to make data connections to a
> standby site (t1-OC-x, whatever I need to scale up to) very easy to
> get, and get very quickly.

The blending is probably accomplished using MPLS.  Or it could just be a 
marketing buzzword :-)

> How does BGP peering work in such an environment, for an end-user AS?

Typically you would still use your own ASN, and set up peering or transit 
BGP sessions with other providers in that facility.  The circuits that
connect your network to theirs would be fairly simple cross-connects if
the providers are already in the building.  That would likely make getting 
that interconnectivity faster and less expensive since the only local loop
would be the cross-connects to the in-building carriers.

If there is a front-end/back-end component to your infrastructure, you'd 
need to arrange for connectivity from their data center to your facility 
or wherever the back-end devices live.

jms