[c-nsp] Best way to filter local traffic from Internet traffic
Deepak Jain
deepak at ai.net
Mon Jun 9 18:02:54 EDT 2008
Justin M. Streiner wrote:
> On Mon, 9 Jun 2008, root net wrote:
>
>> I have a customer that wants a 100/1000 Mb/s pipe into our network for
>> our
>> local customers. This customer is also a customer but he has a
>> dedicated 10
>> Mb/s circuit to the Internet and is maxing out on bandwidth. Wishes
>> to buy
>> the 100/1000 Mb/s pipe for our local network access only not
>> Internet. What
>> is the best way to filter this?
>
> If you're running BGP with this customer, or can do so, you can feed them
> your local and customer routes and you can have them announce their
> blocks to you over that pipe. Use the knobs that BGP provides, such as
> local preference or MED to make the prefixes sent and received over the
> 100/1000 Mb/s pipe preferred over their normal transit pipe. This will
> push traffic between your network and theirs over the higher bandwidth
> link, and only use the 10 Mb/s pipe if the larger one is down.
>
> That's a pretty simplistic view of it and doesn't take into account any
> other connectivity the customer might have.
If you know your list of customer prefixes (whether by BGP community, or
some other knowable means, like a prefix list) you can set all traffic
over the 1000/100mb/s pipe to drop (by ACL) all packets not destined for
your customers at the input interface. This is deal if he is mostly
pushing bytes into your network.
Internally to your network, you can use MEDs to pref the 100/1000 mb/s
interface for traffic to him, but once the packets get into your network
(either from your customers or from the internet) you get into much more
complicated issues about what constitutes "local" vs "internet" traffic
and MPLS or PBR are probably unavoidable.
Deepak Jain
AiNET
More information about the cisco-nsp
mailing list