[c-nsp] Best way to filter local traffic from Internet traffic

Wink dwinkworth at wi.rr.com
Tue Jun 10 18:25:40 EDT 2008 

If

(a) both their 10mbps and 100/1000mbps link are terminating on the same 
router

and

(b) "Local customers" means your directly attached customers

then

(1) you can you can influence traffic inbound to you (from the customer) 
with AS-path manipulation.  Pretty standard, does not require customer 
involvement.
(2) you can policy route traffic from you to the customer based on 
source IP.  Mainly anything originating in your block can be sent down 
the 100/1000 pipe.  Everything else will go down the 10mbps pipe.


root net wrote:
> Yes this is right, we control the routing...
>
> On Tue, Jun 10, 2008 at 6:57 AM, Wink <dwinkworth at wi.rr.com 
> <mailto:dwinkworth at wi.rr.com>> wrote:
>
>     You control the routing on your side, the customer doesn't
>     necessarily have to do anything... right?
>
>
>     root net wrote:
>
>         I do not think shaping traffic would work as I am not trying
>         to throttle his
>         traffic to everyone else but our local LAN I want to provide a
>         circuit that
>         only allows local LAN traffic meaning our directly connected
>         customers
>         routes only not any other routes.  BGP would definitely work
>         but I am not
>         sure if we can do this with this customer.  Is there an
>         alternative towards
>         BGP like with a ACL or route-map maybe?
>
>         -rootnet08
>
>         On Tue, Jun 10, 2008 at 4:40 AM, a. rahman isnaini r.sutan <
>         risnaini at indo.net.id <mailto:risnaini at indo.net.id>> wrote:
>
>          
>
>             Rate-Limit/Traffic Shape Group ?
>
>
>             rgsour
>             a. rahman isnaini r.sutan
>
>
>             root net wrote:
>
>                
>
>                 This customer is pretty savvy so BGP may be possible.
>                  But if not then
>                 what?
>
>                 On Mon, Jun 9, 2008 at 4:26 PM, Justin M. Streiner <
>                 streiner at cluebyfour.org <mailto:streiner at cluebyfour.org>>
>                 wrote:
>
>                  On Mon, 9 Jun 2008, root net wrote:
>                      
>
>                      I have a customer that wants a 100/1000 Mb/s pipe
>                     into our network for
>                     our
>
>                            
>
>                         local customers.  This customer is also a
>                         customer but he has a
>                         dedicated
>                         10
>                         Mb/s circuit to the Internet and is maxing out
>                         on bandwidth.  Wishes to
>                         buy
>                         the 100/1000 Mb/s pipe for our local network
>                         access only not Internet.
>                          What
>                         is the best way to filter this?
>
>                          If you're running BGP with this customer, or
>                         can do so, you can feed
>                                  
>
>                     them
>                     your local and customer routes and you can have
>                     them announce their
>                     blocks
>                     to you over that pipe.  Use the knobs that BGP
>                     provides, such as local
>                     preference or MED to make the prefixes sent and
>                     received over the
>                     100/1000
>                     Mb/s pipe preferred over their normal transit
>                     pipe.  This will push
>                     traffic
>                     between your network and theirs over the higher
>                     bandwidth link, and only
>                     use
>                     the 10 Mb/s pipe if the larger one is down.
>
>                     That's a pretty simplistic view of it and doesn't
>                     take into account any
>                     other connectivity the customer might have.
>
>                     jms
>                     _______________________________________________
>                     cisco-nsp mailing list  cisco-nsp at puck.nether.net
>                     <mailto:cisco-nsp at puck.nether.net>
>                     https://puck.nether.net/mailman/listinfo/cisco-nsp
>                     archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>                      _______________________________________________
>                            
>
>                 cisco-nsp mailing list  cisco-nsp at puck.nether.net
>                 <mailto:cisco-nsp at puck.nether.net>
>                 https://puck.nether.net/mailman/listinfo/cisco-nsp
>                 archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>                  _______________________________________________
>                      
>
>             cisco-nsp mailing list  cisco-nsp at puck.nether.net
>             <mailto:cisco-nsp at puck.nether.net>
>             https://puck.nether.net/mailman/listinfo/cisco-nsp
>             archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>                
>
>         _______________________________________________
>         cisco-nsp mailing list  cisco-nsp at puck.nether.net
>         <mailto:cisco-nsp at puck.nether.net>
>         https://puck.nether.net/mailman/listinfo/cisco-nsp
>         archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>          
>
>
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG. 
> Version: 7.5.524 / Virus Database: 270.0.0 - Release Date: 6/4/2008 12:00 AM
>

More information about the cisco-nsp mailing list