mailing list archives
Re: DVB/IP from teleglobe (and/or others)
From: John Fraizer <nanog () EnterZone Net>
Date: Tue, 13 Jun 2000 22:48:07 -0400 (EDT)
On Tue, 13 Jun 2000, Dan Hollis wrote:
On Tue, 13 Jun 2000, Jon Mansey wrote:
Its like asking UUnet to put a firewall in their core just for you, forget it.
They wont put one on the edges either :) :)
It is the same exact thing. The only difference between a fiber/copper
bound carrier and someone like InterPacket or TeleGlobe is the media on
which the packets are distributed.
No flames from the carriers on this one please but, one alternative might
be the following:
(1)Announce the customers network from only ONE earthstation into the IGP
(2)Charge the customer accordingly for carrying the data on your network
from the edges to only that one earthstation.
(3)Charge the customer for an ethernet port on the core router at the
earthstation and a switch.
(4)Lay out the earthstation network accordingly:
EDGE<----->CORE ROUTER<----->SWITCH<--->DVB/IP Router<--->Magic RF stuff
Customers port---> |--FIREWALL-|
Since you're only announcing the customers prefix into IGP via the one
earthstation, it should only get into the network via that single
earthstation. Ya, sure... It's a royal pain in the butt to do this and if
you do it for every customer, you'll end up with 60 customer aggregation
routers at each earthstation but, if you make it painfull enough costwise,
only those who are _really_ paranoid about it will pursue it.
We do something similar within our network for clients who want some
special ACL. When we limited the ACLs on the border to BOGONS, networks
we announce, and other misc garbage that shouldn't be seen to begin with
(if only all the other operators would do the same!) and moved all the
anal-retentive ACLs to customer routers, life became much easier!