should use firewall when peering?
Hi,everyone, yesterday our parner tell me that almost all carriers in North America implementing firewalls when they interlink with another carriers. I do not think so.But he came from one of US's carriers,and who insist on that opinion and suggest our new-building carrier network to use firewalls between Chinanet and Internet. who came from Sprint/MCI/UUNET or other ISP's,can you tell me what really the things? And our parner also said we can use private IP on our carrier's networks,who said that we use NAT on the internet access router(runing BGP,and have our own public AS),I think NAT is too low performance to use at the inter-ISP link router,and have problems of multi-ISPs interlink's torlance,and have problems with some applications which go to another ISP,do you think so? Bye the way, I came from China,any suggestion will be appreciated. Regards, miao laisheng miaols@bridge.net.cn ______________________________________ =================================================================== ÐÂÀËÃâ·Ñµç×ÓÓÊÏä http://mail.sina.com.cn ÄãÑ¡ÊÖ»úÎÒÂòµ¥£¡(http://mall.sina.com.cn/yesmobile/)
Hello LaiSheng, You did the right thing to sanity check what someone says via a list like NANOG. Your vendor is BSing you. Let me know if the person working for this vendor resembles my E-mail so I can bong him/her on the head. I do not know any US Tier 1/2 ISPs who use a firewall between them and their peers. I know of a few ISPs that use Firewalls on single homed upstream links to do political/porn filtering. Otherwise their peer connection is point to point or via an IXP - with no "firewalls" in between. Barry
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of bgp4cn Sent: Thursday, January 11, 2001 5:48 AM To: nanog@merit.edu Cc: majordomo@merit.edu Subject: should use firewall when peering?
Hi,everyone,
yesterday our parner tell me that almost all carriers in North America implementing firewalls when they interlink with another carriers. I do not think so.But he came from one of US's carriers,and who insist on that opinion and suggest our new-building carrier network to use firewalls between Chinanet and Internet. who came from Sprint/MCI/UUNET or other ISP's,can you tell me what really the things? And our parner also said we can use private IP on our carrier's networks,who said that we use NAT on the internet access router(runing BGP,and have our own public AS),I think NAT is too low performance to use at the inter-ISP link router,and have problems of multi-ISPs interlink's torlance,and have problems with some applications which go to another ISP,do you think so? Bye the way, I came from China,any suggestion will be appreciated.
Regards, miao laisheng miaols@bridge.net.cn ______________________________________
=================================================================== ÐÂÀËÃâ·Ñµç×ÓÓÊÏä http://mail.sina.com.cn
ÄãÑ¡ÊÖ»úÎÒÂòµ¥£¡(http://mall.sina.com.cn/yesmobile/)
participants (2)
-
Barry Raveendran Greene -
bgp4cn