[c-nsp] Modern BGP peering border router and DDoS attack defense recommendations?

joshua sahala jejs+lists at sahala.org
Thu Jun 9 23:31:49 EDT 2005 

On (09/06/05 22:57), Justin M. Streiner wrote:
> 
> On Thu, 9 Jun 2005, Sam Crooks wrote:
> 
> > What are opinions of say, 2xN Mbps rate-limited ethernet connections
> > (1 per border router, 2 routers, through different physical paths),
> > starting out at 10Mbps, burstable up to 100Mbps... in a
> > carrier-neutral building with 42 carriers?

 sounds like what some of us recommended :)
 
> Ethernet is a perfectly acceptable transport for Internet traffic.  If the 
> facility can meet all of your needs, then I'd say it's worth looking into.

 be sure to talk to others in the facility - they should be able to
 provide you with some names/numbers, or set up a call so you can get
 customer feedback.  be sure to understand how their shipping/receiving,
 facility access, and billing processes work.  also, find out what sort of
 troubleshooting and reporting tools they have available.
 
> > I'm evaluating http://www.dpte.net, and they offer a bundle of the
> > above connectivity to the 42 carriers (they call it blending?), along
> > with a 10x10 ft cage ... it would seem to make data connections to a
> > standby site (t1-OC-x, whatever I need to scale up to) very easy to
> > get, and get very quickly.
> 
> The blending is probably accomplished using MPLS.  Or it could just be a 
> marketing buzzword :-)

 their site is a bit thin on details...but this could be accomplished
 several different ways.
    1)  there is a common vlan/subnet that everyone has an interface on,
        and it up to you to buy transit from the providers
    2)  there is a route server than everyone peers with, and you learn
        the routes via that server, similar to 1
    3)  you peer with a dtpe router, which then peers with the providers
        and picks the path based on how you (or dtpe) tag(s) your routes
    4)  you, and the carrier you are getting transit from are assigned a
        vlan across the dtpe fabric
    5)  you cross-connect to the carrier(s) you choose
 
> > How does BGP peering work in such an environment, for an end-user AS?

 depends on how their infrastructure is set up...see above for some
 possibilities, but basically like Justin said.

hth

/joshua
-- 
A common mistake that people make when trying to design something 
completely foolproof is to underestimate the ingenuity of complete
fools.
	- Douglas Adams -

More information about the cisco-nsp mailing list