North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: should use firewall when peering?

  • From: Sean Donelan
  • Date: Thu Jan 11 12:18:59 2001

On Thu, 11 January 2001, bgp4cn wrote:
> yesterday  our parner tell me that almost all carriers in North America
> implementing firewalls when they interlink with another carriers.

I do not know of a single major US carrier which inserts a "firewall"
in its inter-carrier connections.  Generally "firewalls" are used between
the Internet and "terminal" networks, not between transit carriers.  For
historical reasons, traffic between most US commercial transit providers
occurs on an "AUP-free" basis.

However, the word "firewall" is one of those marketing terms which has
variable meanings depending on the speaker and on the customer.  Most
carriers do have certain technical filters (i.e. a list of valid or
invalid IP addressese) they apply to their inter-carrier peering links.
For example, they won't accept a route with an address of 0.0.0.0
(i.e. default route) between backbones.

Because a firewall by its nature imposes policy on all downstream connections,
any carrier wanting to be a major international transit provider would not
use a firewall on its peering links.  Different countries have very different
ideas what is or is not acceptable, international transit providers don't
make that decision at the backbone level.  Likewise they don't make that
decision at the connections between major international transit providers.
Even Singapore, which has fairly strict domestic controls, has an AUP-free
policy for traffic between carriers at its international exchange point.