Differences

This shows you the differences between two versions of the page.

--- peering-toolbox:hardware [2022/08/26 15:23] – [BGP] philip
+++ peering-toolbox:hardware [2023/03/27 11:57] (current) – [BGP] philip
@@ Line 54: / Line 54: @@
 ==== BGP ====
+(UPDATED)
 Most "first time" Internet connections will simply use a static default route pointing to the upstream provider, with the upstream pointing a route to their customer for the customer's address space.
@@ Line 63: / Line 65: @@
 If BGP is going to be used on the link, the router must be BGP capable, although it does not have to or need to carry the full BGP table (which is large and growing rapidly). Most modern routers have implemented the latest BGP standards and extended capabilities - reviewing [[https://bgp4all.com/pfs/_media/workshops/05-bgp-bcp.pdf|BGP Best Practices]] documentation and comparing with vendors' claimed feature support is strongly recommended.
-If BGP is being used on this transit link, and there are no other external links for this network, then all the operator needs to do is announce their address space to their upstream, and accept a default router from their upstream. This scenario is discussed in the [[single_upstream#single_upstream|Single Upstream]] section of the Toolbox.
+If BGP is being used on this transit link, and there are no other external links for this network, then all the operator needs to do is announce their address space to their upstream, and accept a default route from their upstream. This scenario is discussed in the [[single_upstream#single_upstream|Single Upstream]] section of the Toolbox.
+The control plane needs of the router (the processor to handle BGP and other routing protocols) are not significant where there are just a few BGP peers and only a few routes are being handled as in this case.
 ==== Packet Filtering ====
-The final router requirement is the ability to do packet filtering, with at least being able to filter by source address, destination address, source port, destination port, and IP protocol.
+The final router requirement is the ability to do packet filtering, with at least the ability to filter by source address, destination address, source port, destination port, and IP protocol.
 It is important to check how many of these filter rules the router will support, and if performance degrades as more rules are added. Ideally there should be minimal performance impact as rules are added; be aware that CPU based routers are likely to show a significant performance hit as rules are added.
@@ Line 74: / Line 78: @@
   * allow all ICMP
   * allow inbound established TCP connections (sessions originated internally)
-  * allow inbound connections to public hosted services
+  * allow externally originated connections inbound to public hosted services (website, email server)
   * block external access to network infrastructure control planes
   * allow outbound traffic only from public address space used internally (anti-spoofing)
@@ Line 114: / Line 118: @@
 The discussion about the type of router used in the [[hardware#ipv4_ipv6|Transit Connection]] applies here too. If the operator has deployed IPv6 in addition to IPv4 to their upstream provider, then naturally the router procured for the peering link needs full dual-stack support as well.
+When operating a dual stack network, it is strongly recommended to ensure that whatever connectivity is supplied for IPv4 is also replicated for IPv6. For example, if the peering links are IPv4-only, yet the transit is dual stack IPv4/IPv6, then potential peering traffic will use the paid-for transit link, rather than the free peering link.
 ==== BGP ====
+(UPDATED)
 BGP will be required for any peering connection, in which case the peering router has to fully support BGP.
@@ Line 122: / Line 130: @@
 The BGP configuration used on a private peering connection is discussed in the [[single_upstream_private_peer|Single Upstream and Private Peer]] section of the Toolbox.
+The control plane needs of the router (the processor to handle BGP and other routing protocols) are not significant where there are just a few BGP peers and only a few routes are being handled as in this case.
 ==== Packet Filtering ====
@@ Line 163: / Line 173: @@
 ==== BGP ====
+(UPDATED)
 The discussion about BGP support for the router used in the [[hardware#bgp1|Private Peering Link]] fully applies here too.
 The BGP configuration used on a public peering connection is discussed in the [[single_upstream_ixp|Single Upstream and IXP]] section of the Toolbox.
+The control plane needs of the router (the processor to handle BGP and other routing protocols) in this case can be quite significant and care is needed when selecting suitable hardware.
+Small IXPs will have only a few peers so there it a likelihood that only a few thousand routes will be received by the new member. Most standard router hardware has sufficient control plane capability to handle this.
+Larger IXPs will likely have dozens of members, with the largest IXPs today approaching one thousand members. This has significant control plane demands on the peering router, and it is important that one with a powerful control plane CPU is chosen, especially one that is proven to handle several hundred peers and tens of thousands of routes with ease. In this case it can be helpful to consult with existing IXP members seeking suggestions or recommendations. Note the usual caveat between vendor marketing claims and real world experience of network operators.
 ==== Packet Filtering ====
@@ Line 172: / Line 191: @@
 The discussion about Packet Filtering support for the router used in the [[hardware#packet_filtering1|Private Peering Link]] fully applies here too.
-[[:peering-toolbox/how-to-peer| Back to "What I need to Peer" page]]
+[[:peering-toolbox/how-to-peer| Back to "What is required for Peering" page]]