[afnog] BGP peering via VPN tunnel
Andy Davidson
andy at nosignal.org
Fri Jul 1 14:38:17 UTC 2011
On 1 Jul 2011, at 09:55, Shepherd Magumo wrote:
> I have ample capacity on my current connection with my upstream provider and would like to use some of that additional capacity for peering. The cost of hooking directly to the INX for peering is too much and at this point prohibitive. However I can connect via another ISP with infractucture to INX.
>
> So my question would be is it possible to do peering via a VPN tunnel and what are some of the implications? This off course will not be for redundancy but for exchanging traffic with other ISPs on the INX.
Hi, Shepherd --
Most IXes do one-MAC per-port for port-security reasons, so you will still need someone to carry your own individual connection between the peering LAN to the gre tunnel endpoint device at your virtual layer 2/tunnel provider.
This gives you some nasty shared fate between your transit and peering, and a very significant risk of MTU issues, unless your layer 2 provider can guarantee the gre/tunnel will run over a jumbo path. If it can run over a jumbo path, why not just find a provider who can backhaul your own layer 2 connection to the exchange over a clean dedicated path to your peering router ? The MTU issues will cause you unexpected problems with reaching various sites, and performance issues with high-speed transfers, also the constant encapsulation/decapsulation work that your router will need to do will cost you performance at high load, too.
Can you identify who your main traffic peers would be and organise private interconnect with them, if the costs of IX peering are too high at this stage ?
Andy
More information about the afnog
mailing list