|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Sinkhole Architecture
On Fri, 29 Apr 2005, Howard C. Berkowitz wrote: > > I've seen some Cisco security presentations that include sinkholes > composed of an ingress and egress router, interconnected with a > switch. The switch provides access for tools such as packet > analyzers, IDS, routing analyzers, etc. The multiple routers also > provide more horsepower for inspection, filtering, and > overhead-imposing measurements such as NetFlow. the multiple routers could just be a way to get a MAC to the ingress router for delivery over the ethernet... a sun/linux/bsd/*unix box might provide the same function. (please logging, analysis, ids, flow collection) > > I am unclear about the BGP relationship between the two routers, > which are meant to be treated as one subsystem. The ingress router > (with respect to the outside) clearly has to have its BGP isolated > from the rest of the AS, so it can't be part of the iBGP mesh. > why can't it be part of the ibgp mesh? I'm not sure I see why that would be BAD, aside from it bouncing under load and affecting all ibgp neighbors... so, aside from route-churn and neighbor setup/teardown churn what other reasons?
|