[c-nsp] BGP Peering with new client for vrf's
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Fri Sep 17 04:17:28 EDT 2010
>
> We have an existing network (4 POPS all 7200s) that run MPLS/iBGP and
eBGP
> to IP transit providers - We have a new client that wants to peer with
us so
> that we can provision a large number of vrf's.
>
> Our existing 7200's peering is all utilising our own AS - What is the
> preferred(i.e. Most "secure") way to peer with this new client so that
they
> only have visibility into there own vrf's?
>
> Would we setup a "private" AS with this client(with router bgp 64512
for
> example on each of our 7200's)?
Well, if this is a customer of your's and security is of a concern, you
just want to provision multiple (sub)-interfaces, one per VRF you want
to send over.
More scalable Inter-AS options (RFC 4364, chapter 10b and 10c) assume a
level of trust between the parties, so I'm not sure this is a deployment
I would consider with a customer.
Not sure why you bring a new BGP AS into the picture. what would be the
benefit?
oli
More information about the cisco-nsp
mailing list