On Tue, Aug 18, 2015 at 1:29 PM, Patrick W. Gilmore <patrick@ianai.net> wrote:
On Aug 18, 2015, at 1:24 PM, William Herrin <bill@herrin.us> wrote:
On Tue, Aug 18, 2015 at 8:29 AM, Tim Durack <tdurack@gmail.com> wrote:
Question: What is the preferred practice for separating peering and transit circuits?
1. Terminate peering and transit on separate routers. 2. Terminate peering and transit circuits in separate VRFs. 3. QoS/QPPB (
https://www.nanog.org/meetings/nanog42/presentations/DavidSmith-PeeringPolic...
) 4. Don't worry about peers stealing transit. 5. What is peering?
Your comments are appreciated.
If you have a small number of peers, a separate router carrying a partial table works really well.
To expand on this, and answer Tim’s question one post up in the thread:
Putting all peer routes on a dedicated router with a partial table avoids the “steal transit” question. The Peering router can only speak to peers and your own network. Anyone dumping traffic on it will get !N (unless they are going to a peer, which is a pretty minimal risk).
It has lots of other useful features such as network management and monitoring. It lets you do maintenance much easier. Etc., etc.
But mostly, it lets you avoid joining an IX and having people use you as a backup transit provider.
This has always been my understanding - thanks for confirming. I'm weighing cost-benefit, and looking to see if there are any other smart ideas. As usual, it looks like simplest is best. -- Tim:> p.s. Perhaps I should be relieved no one tried to sell me an SDN peering transit theft controller...