[c-nsp] Best way to filter local traffic from Internet traffic
jp
jp at saucer.midcoast.com
Tue Jun 10 13:57:53 EDT 2008
Perhaps you could provide layer2 access only via that connection. If you are
entirely ethernet based, you could provide VLANs between customers for this private
network. A layer3 filtering option would be to only allow access to certain
netblocks from this second pipe. If it were done with BGP routing, you'd only send
routes with one ASN hop, excluding your upstream ASNs I think. You could also say he
can only use a certain private address range 10.222.222.0/24 for example, on this
link, which could work internally on your network for customers, but not to your
Internet upstreams.
On Mon, Jun 09, 2008 at 03:19:58PM -0500, root net wrote:
> Hello,
>
> I have a customer that wants a 100/1000 Mb/s pipe into our network for our
> local customers. This customer is also a customer but he has a dedicated 10
> Mb/s circuit to the Internet and is maxing out on bandwidth. Wishes to buy
> the 100/1000 Mb/s pipe for our local network access only not Internet. What
> is the best way to filter this?
>
> This customer is on a dot1q sub-interface.
>
> -rootnet08
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
/*
Jason Philbrook | Midcoast Internet Solutions - Wireless and DSL
KB1IOJ | Broadband Internet Access, Dialup, and Hosting
http://f64.nu/ | for Midcoast Maine http://www.midcoast.com/
*/
More information about the cisco-nsp
mailing list