[c-nsp] Best way to filter local traffic from Internet traffic

jp jp at saucer.midcoast.com
Tue Jun 10 13:57:53 EDT 2008


Perhaps you could provide layer2 access only via that connection. If you are 
entirely ethernet based, you could provide VLANs between customers for this private 
network. A layer3 filtering option would be to only allow access to certain 
netblocks from this second pipe. If it were done with BGP routing, you'd only send 
routes with one ASN hop, excluding your upstream ASNs I think. You could also say he 
can only use a certain private address range 10.222.222.0/24 for example, on this 
link, which could work internally on your network for customers, but not to your 
Internet upstreams.

On Mon, Jun 09, 2008 at 03:19:58PM -0500, root net wrote:
> Hello,
> 
> I have a customer that wants a 100/1000 Mb/s pipe into our network for our
> local customers.  This customer is also a customer but he has a dedicated 10
> Mb/s circuit to the Internet and is maxing out on bandwidth.  Wishes to buy
> the 100/1000 Mb/s pipe for our local network access only not Internet.  What
> is the best way to filter this?
> 
> This customer is on a dot1q sub-interface.
> 
> -rootnet08
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
/*
Jason Philbrook   |   Midcoast Internet Solutions - Wireless and DSL
    KB1IOJ        |   Broadband Internet Access, Dialup, and Hosting 
 http://f64.nu/   |   for Midcoast Maine    http://www.midcoast.com/
*/


More information about the cisco-nsp mailing list