Re: [c-nsp] Peering + Transit Circuits
On Tue, Aug 18, 2015 at 11:25 AM, Scott Granados <scott@granados-llc.net> wrote:
So in our case we terminate peering and transit on different routers. Peering routers have well flow enabled (the one that starts with a J that’s inline). With NFSEN / NFDUMP we’re able to collect that flow data and look for anomalous flows or other issues. We pretty much detect and then deal with peering issues rather than prevent them with whitelists and so forth but then again we’ve been lucky and not experienced to many issues other than the occasional leakage of prefixes and such which maxprefix handles nicely.
Can I ask why you terminate peering and transit on different routers? (Not suggesting that is bad, just trying to understand the reason.) Tim:>
On 18/Aug/15 18:02, Tim Durack wrote:
Can I ask why you terminate peering and transit on different routers? (Not suggesting that is bad, just trying to understand the reason.)
Easier policy enforcement for us. Lowers the chance of you dealing with traffic in ways you don't intend (although that can always be fixed). Spreading both commercial and technical risk, depending on whether you value transit more than peering, or vice versa. Avoiding kinky things with VRF's. Mark.
participants (2)
-
Mark Tinka
-
Tim Durack