[j-nsp] eBGP with internet provider from DataCenters

Michael Hallgren m.hallgren at free.fr
Fri Nov 15 12:19:21 EST 2013

Le 15/11/2013 18:14, Dave Curado a écrit :
> Hi Yham,
> FYI - I think one of my email messages on this thread didn't go out,
> the body of the message was larger than
> some threshold, and it requires a moderator approval.  (they'll get to
> it at some point =-)
>> can you comments on how AS-confederation will benefit more over
>> having all BRs part of single public AS with iBGP peering with
>> neighbors. Datacenter-1 one is already on public AS so it will be
>> difficult to make changes.
>> The only reason with two AS is architectural complexity when you
>> suggest one AS for both DCs or do you think any routing issues can
>> also be encounters.
> The way your current topology uses a number of private-ASes, it starts
> to look like a BGP confederation.
> The benefit of a confederation is the ability to present your network
> as a single AS, while internally using
> a set of private ASes allowing a separation of administrative and
> policy choices for each private AS.
> But that flexibility does come with a bit more complexity.  (I'm sure
> there are people on this list who
> have worked with confederations and will hopefully chime in on this.)

Yes, I agree. Never do more complex than projected to be needed mid-term
(or so). In other words,
AS-confed if you feel that policing between your subs is or will become
important, else:

> Since the two BR-1/BR-2 pairs are interconnected, and one already has
> a public ASN, making them all part
> of the same ASN and putting an ibgp mesh into place would be
> relatively easy, and would save
> a second public ASN from being used.   At least, it looks relatively
> easy to me, and that is attractive. =-)

Voilà !


> HTHs,
> Dave

More information about the juniper-nsp mailing list