[c-nsp] Peering + Transit Circuits
Tim Durack
tdurack at gmail.com
Tue Aug 18 15:22:48 EDT 2015
On Tue, Aug 18, 2015 at 1:29 PM, Patrick W. Gilmore <patrick at ianai.net>
wrote:
> On Aug 18, 2015, at 1:24 PM, William Herrin <bill at herrin.us> wrote:
> > On Tue, Aug 18, 2015 at 8:29 AM, Tim Durack <tdurack at gmail.com> wrote:
>
> >> Question: What is the preferred practice for separating peering and
> transit
> >> circuits?
> >>
> >> 1. Terminate peering and transit on separate routers.
> >> 2. Terminate peering and transit circuits in separate VRFs.
> >> 3. QoS/QPPB (
> >>
> https://www.nanog.org/meetings/nanog42/presentations/DavidSmith-PeeringPolicyEnforcement.pdf
> >> )
> >> 4. Don't worry about peers stealing transit.
> >> 5. What is peering?
> >>
> >> Your comments are appreciated.
> >
> >
> > If you have a small number of peers, a separate router carrying a
> > partial table works really well.
>
> To expand on this, and answer Tim’s question one post up in the thread:
>
> Putting all peer routes on a dedicated router with a partial table avoids
> the “steal transit” question. The Peering router can only speak to peers
> and your own network. Anyone dumping traffic on it will get !N (unless they
> are going to a peer, which is a pretty minimal risk).
>
> It has lots of other useful features such as network management and
> monitoring. It lets you do maintenance much easier. Etc., etc.
>
> But mostly, it lets you avoid joining an IX and having people use you as a
> backup transit provider.
>
This has always been my understanding - thanks for confirming. I'm weighing
cost-benefit, and looking to see if there are any other smart ideas. As
usual, it looks like simplest is best.
--
Tim:>
p.s. Perhaps I should be relieved no one tried to sell me an SDN peering
transit theft controller...
More information about the cisco-nsp
mailing list