Border/Core/Access is great thinking when your a sales rep for a vendor that sells under power kit. No reason for it any more.
-jim On Wed, Feb 17, 2010 at 8:38 PM, Scott Weeks <sur...@mauigateway.com> wrote: > > > --- st...@ibctech.ca wrote: > From: Steve Bertrand <st...@ibctech.ca> > > layered. My thinking is that my 'upstream' connections should be moved > out of the core, and onto the edge. My reasoning for this is so that I > > What do other providers do? Are your transit peers connected directly to > the core? I can understand such a setup for transit-only providers, but > -------------------------------------------- > > > Border, core, access. > > Border routers only connect the core to the upstreams. They do nothing else. > No acls, just prefix filters. For example, block 1918 space from leaving > your network. Block other bad stuff from leaving your network too. Allow in > only what you're expecting from the upstream; again 1918 space, etc. They > can fat finger like anyone else. > > Core is for moving bits as efficiently as possible: no acls; no filters. > > Connect downstream BGP customers to access routers that participate in the > iBGP mesh. Filter them only allowing what they're supposed to advertise. > They'll mess it up a lot if they're like my customers by announcing > everything under the sun. Filter what you're announcing to them. You can > fat finger just as well as anyone else. ;-) > > scott > >
