joshua at railgun.com.au
Thu Sep 27 19:31:56 EST 2012
While I can't think of the perfect word on the tip of my brain to describe
why, that is certainly the gist of it, especially for a relatively new IX
country like Australia. We will always need layer2 at some point, but I
guess the question you are more interested in is, how to handle 'domain'
routing, vs local routing. Not the correct word, especially as it conflicts
with broadcast domain, but that is close. RADB and projects like that are
trying to push the vulnerable BGP system to something more along the lines
of a layer2-less internet, but with IPv6 it actually makes less sense than
it did before, go figure. IMHO anyway, someone like MMC might be able to
give a better perspective :)
On Thu, Sep 27, 2012 at 6:13 PM, Mark Tees
<mark.tees at digitalpacific.com.au>wrote:
> This one has been bugging me for a while now given the common place
> problem of someone storming on one of the peering networks. Trying to work
> out if it is just an old school train of thought or if there are real life
> limitations or advantages on using layer3 in multi lateral peering setups.
> The points Ivan raises for layer-2 in that article appear to be along the
> lines of:
> * Simplicity
> * Scenarios where participants want run BGP directly between themselves.
> * Hardware costs (in the past maybe?).
> * All points towards bilateral peering.
> I only have experience with Pipe NSW IX and Equinix Peering. Read a little
> bit about LINX and AMS-IX.
> Judging from what I have read peering points like LINX moving to VPLS
> setups has not really helped the problem.
> Do the majority of people who connect to the peering fabrics in Australia
> just connect to the route servers in an MLP fashion?
> The people who use the IX ports for private connections could possibly
> have a second port provisioned or a single port VLAN'd o MPLS CCC'd? Cross
> connect costs might be a problem.
> So, for MLP type setups is it feasible to use layer 3 switching between
> Participants ports would ideally be routed interfaces on layer 3 switches
> with a BGP session to the switch they connect to. You could then limit a
> switch to only X number of members and each switch exchanges routes via
> iBGP either in a mesh or RR setup.
> If a customer then goes nuts and starts flooding their port it should be
> contained to the device they connect to. Hopefully, ACLs in place prevent
> problem traffic from getting to the control plane.
> There are other things that could be done on layer 2 in terms of ACLs for
> customer ports and monitoring that could prevent some of these problems we
> see. My first thought towards that would be as soon as customer port X
> multicast/broadcast counters start exceeding the average in a big way then
> shut it down.
> AusNOG mailing list
> AusNOG at lists.ausnog.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the AusNOG