A few days ago Homeland Security published an e-mail on threats to network devices and securing them. Rather than cut and paste I exported the e-mail to a PDF. Some good best practices in here.
As a service provider you have a mountain of terms to deal with. As you dive into the realm of BGP, you will hear many terms in regards to peers. Knowing their names AND your definition of them will serve you well. I emphasized the and in the last sentence because many people have different definitions of what these terms means. This can be due to how long they have been dealing with networks, what they do with them, and other such things. For example, many content providers use the term transit differently than an ISP. So, let’s get on to it.
Transit or upstream
This is what you will hear most often. A transit peer is someone who you go “through” in order to reach the internet. You transit their network to reach other networks. Many folks use the term “upstream provider” when talking about someone they buy their internet from.
Someone who is “downstream” is someone you are providing Internet to. They are “transiting” your network to reach the Internet. This is typically someone you are selling Internet to.
This is the term which probably needs the most clarification when communicating with others about how your BGP is setup. A peer is most often used as a generic term, much like Soda (or pop depending on where you are from). For example someone could say:
“I have a peer setup with my upstream provider who is Cogent.” This is perfectly acceptable when used with the addition of “my upstream provider”. Peers are often referred to as “neighbors” or “BGP neighbors”.
Local or Private Peer
So what is a local peer? A local peer is a network you are “peering” with and you are only exchanging routes which are their own or their downstream networks. A local peer usually happens most often at an Internet Exchange (IX) but can happen in common points where networks meet. The most important thing that defines a local peer is you are not using them to reach IP space which is not being advertised form their ASN. Your peering relationship is just between the two of you. This gets a little muddy when you are peering on an IX, but thats being picky.
I have trained myself to qualify what I mean by a peer when talking about them. I will often say a “transit peer” or a “local peer”. This helps to add a little bit of clarity to what you mean.
Why is this all important? For one, it helps with keeping everyone on the same page when talking about peering. I had a case a few weeks ago where a Content provider and I wasted configuration time because our definition of transit was different. Secondly, you want to be able to classify your peers so you can apply different filter rules to them. For example, with a downstream peer you only want to accept the IP space they have shown you which is their own. That way you are not sending your own transit traffic over their network. This would be bad. However, if you are accepting full routes from your transit provider, you want your filters to accept much more IP than a downstream provider. So if you have a team being able to be on the same page about peers will help when it comes to writing filters, and how your routers “treat” the peer in terms of access lists, route filters, etc.