Re: Peering + Transit Circuits

[Tim Durack <tdurack () gmail com>]

On Tue, Aug 18, 2015 at 1:29 PM, Patrick W. Gilmore <patrick () ianai net>
wrote:

> On Aug 18, 2015, at 1:24 PM, William Herrin <bill () herrin us> wrote:
> > On Tue, Aug 18, 2015 at 8:29 AM, Tim Durack <tdurack () gmail com> wrote:
>
> > > Question: What is the preferred practice for separating peering and
> transit
> > > circuits?
> > >
> > > 1. Terminate peering and transit on separate routers.
> > > 2. Terminate peering and transit circuits in separate VRFs.
> > > 3. QoS/QPPB (
> https://www.nanog.org/meetings/nanog42/presentations/DavidSmith-PeeringPolicyEnforcement.pdf
> > > )
> > > 4. Don't worry about peers stealing transit.
> > > 5. What is peering?
> > >
> > > Your comments are appreciated.
> >
> >
> > If you have a small number of peers, a separate router carrying a
> > partial table works really well.
>
> To expand on this, and answer Tim’s question one post up in the thread:
>
> Putting all peer routes on a dedicated router with a partial table avoids
> the “steal transit” question. The Peering router can only speak to peers
> and your own network. Anyone dumping traffic on it will get !N (unless they
> are going to a peer, which is a pretty minimal risk).
>
> It has lots of other useful features such as network management and
> monitoring. It lets you do maintenance much easier. Etc., etc.
>
> But mostly, it lets you avoid joining an IX and having people use you as a
> backup transit provider.

This has always been my understanding - thanks for confirming. I'm weighing
cost-benefit, and looking to see if there are any other smart ideas. As
usual, it looks like simplest is best.

-- 
Tim:>

p.s. Perhaps I should be relieved no one tried to sell me an SDN peering
transit theft controller...