Re: Control Inbound Internet Traffic.

Hi Andre,

Just to clarify things, BGP ORF is used to limit the BGP updates (about
public routes) on the Provider side rather than filtering them on your side.
It has nothing to do with traffic itself (FTP/HTTP...etc) all traffic types
that can go across the internet by different applications & different types
of users..It is just used to limit BGP updates according to the customer's
wishes. I would go with Muhammad's suggestion that it has to be done on the
provider side. We will wait to hear the opinions of the great experts on
this issue but the way i see it is:
1)Policing will make 0 effect, because eventhough you are limiting the
inbound traffic from the internet that traffic already came to your outside
interface and was policed there. Thus the bandwidth is already consumed.
2) Shaping or bandwidth commands are queueing mechanisms that can only be
applied outbound. Thus no sense exists in applying them inbound.

Thus,the only solution I see is limit the traffic from the ISP side.

Best Regards,

On Tue, Dec 8, 2009 at 4:39 PM, Dufour, Andre <Andre.Dufour_at_paetec.com>wrote:

> What about BGP ORF?
>
> As long as the capabilities are available on both neighbors, this is a good
> option.
>
> INE has a lot of great free material on their site that explains it in an
> easy-to-know fashion.
>
>
> http://blog.internetworkexpert.com/2008/05/05/understanding-bgp-outbound-route-filtering-bgp-orf/
>
> Andre
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Muhammad Nasim
> Sent: Tuesday, December 08, 2009 9:34 AM
> To: Amr Masoud
> Cc: ccielab_at_groupstudy.com
> Subject: Re: Control Inbound Internet Traffic.
>
> What your concern can be addressed at the ISP site.
>
> You can no stop any kind of traffice coming to your router external
> interface (or inbound traffi)
>
> What you can do is that you can coordinate with you service provider and
> discuss with them and then they can put policing and other mehanism on the
> interface connected with your router external interface.
>
> Kind of Managed service as well we can say
>
> HTH
>
>
> 2009/12/8 Amr Masoud <amr.eng_at_gmail.com>
>
> > Dears,
> >
> > How we can control (Police or shape or reserve BW ) traffic coming
> > from Internet to my network (download traffic). Lets say I need to
> > shape CLASS-A to 1 Mbps and reserve BW for CLASS-B with 2 Mbps.
> >
> > First: For Policing if we policed the incoming traffic at external
> > interface, then fine, traffic that is coming to internal side will
> > be policed when it comes to internal side . But the whole traffc
> > already came to the external interface and already consumed the
> > download BW of the external interface !!
> >
> > Second: For BW reservation, it is a queuing mechanism. so it has to be
> > applied outbound, so it will be applied to internal interface as
> outbound.
> > So again the same problem, this traffic still not guaranteed at
> > external interface :(
> >
> > I hope you got what I am trying to explain, and hope to hear from
> > people who already faced this issue in life networks.
> >
> >
> > Regards.
> > Amr Mahmoud
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Muhammad Nasim
> Network Engineer
> Saudi Arabia
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
KJ
Blogs and organic groups at http://www.ccie.net