[c-nsp] Giving customers access to your gear.
Justin M. Streiner
streiner at cluebyfour.org
Wed Jun 4 10:31:03 EDT 2008
On Wed, 4 Jun 2008, Rick Martin wrote:
> What is your routing policy when a customer owns their own router and
> connects it to your network? In our case we discourage customer owned
> routers but we do not totally ban it. Our policy is that we do not share
> any dynamic routing protocol with routers not under our direct/sole
> control. If a customer wants to install their own router we accommodate
> that but use static routing only.
>
> I am in a situation now where we will be sharing BGP (peer) with a
> particular customer, this is completely outside our normal policy but in
> this particular situation we pretty much have to accommodate this
> request. At least with BGP we can manage what we are advertising to said
> customer and what we will accept.
I've done BGP in the past with customers where they owned the CPE routers.
That's OK, because BGP is easy to filter and generally clamp down so that
the opportunities for bad things to happen through that router can be
managed to keep the level of risk pretty low. At my former employer, we
had a standing policy not to run other routing protocols with customers if
they had any access to the routers.
jms
More information about the cisco-nsp
mailing list