[c-nsp] Best way to filter local traffic from Internet traffic

Mark Tinka mtinka at globaltransit.net
Tue Jun 10 20:59:38 EDT 2008


On Tuesday 10 June 2008, root net wrote:

> I do not think shaping traffic would work as I am not
> trying to throttle his traffic to everyone else but our
> local LAN I want to provide a circuit that only allows
> local LAN traffic meaning our directly connected
> customers routes only not any other routes.  BGP would
> definitely work but I am not sure if we can do this with
> this customer.  Is there an alternative towards BGP like
> with a ACL or route-map maybe?

If you have 2 links, this becomes a little trickier 
especially for return traffic to the customer. As a 
previous poster mentioned, it might mean using one link 
until it fails, and then having the second one kick in.

If you have a single link, you can achieve what you need 
with QPPB + MQC + BGP communities (ACL's don't scale; you'd 
have to keep updating them with your/your customer's 
prefixes).

If you need to maintain 2 links, then 802.3ad is your 
friend. But AFAIK, IOS does not support channel-groups made 
up of Ethernet VLAN sub-interfaces (other vendors do 
support this, though, but I digres...).

Cheers,

Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20080611/5e8f1d7e/attachment-0001.bin>


More information about the cisco-nsp mailing list