I think you misunderstood me. You definitely need prefix filters on the *provider* side, but the CPE doesn't necessarily need them as the impact is hopefully limited to that particular customer. They're always better of course. GG On 8/20/09, Daniel Roesen <dr@cluenet.de> wrote:
On Thu, Aug 20, 2009 at 08:47:14AM -0500, Clue Store wrote:
99% of all of our customer CPE is not managed by the customer, so that leaves it up to me to decide what to run to them.
And then you run into the customer who thinks it's better to use a CPE of his own, breaks into the CPE to read your config and hooks up his own device with his own config... and suddenly you have Problems[tm].
I've seen it happening, more than once.
The only issue with using ebgp is getting enough of my staff that actually understand bgp to the point where they can deploy it themselves without having to get me involved on every install.
Am I alone in my view that BGP is _far_ more simple and straight-forward than OSPF (except in salary negotiations of course *G*)? Especially if you leave "plain simple area 0". Or if you have to protect from external parties. With BGP prefix-filtering, things are easy and obvious.
We are moving to a new NOC so this network will get a fresh start (new 7513-sup720, few m10i's, and a dozen or so 7200vxr's). So my deployment strategy will be ebgp with multihmed customers. I just had to poke the fire so I had some ammo for upper management when they ask why I decide to go ebgp.
:-)
Best regards, Daniel
-- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0