No announcement yet.

border router, screening router & choke router

  • Filter
  • Time
  • Show
Clear All
new posts

  • border router, screening router & choke router

    I always get confuse with these term. So Iíll share it here.

    define:border router
    A router at the edge of a provider network that interfaces to another provider's border router using the EBGP protocol.

    Diagram of Border router

    define:screening router
    A screening router performs packet-filtering and is used as a firewall. In some cases a screening router may used as perimeter protection for the internal network or as the entire firewall solution.

    Diagram of Screening Router

    define:choke router
    No definitions were found for choke router

    Couldnít find the definition on the google, but I found it somewhere else

    What is a "choke" router?
    The choke router sits behind the perimeter router on the customer side of the network,
    blocking the DMZ from the internal network.
    Last edited by networkerz; 24th February 2010, 03:37.

  • #2
    Re: border router, screening router & choke router

    It's good to know how Cisco defines things, especially when studying for exams but please bear in mind theirs isn't the only definition. A Border Router (a.k.a. edge router) can also be defined as a router at the 'border' of a network. In other words a router between a LAN or Firewall and an Internet Service Provider (ISP) connection to the Internet:

    The border router is the last router you control before an untrusted network such as the Internet.
    Border (or edge) routers can also be programmed to screen or filter traffic by having them drop and log, or null-route BOGON and Martian traffic, and having them drop and log dangerous ports, or by having them allow only explicitly permitted traffic. These steps can help protect the router itself and lighten the load on the firewall by eliminating traffic that is obviously fake or that results from misconfigurations.

    It has been my personal experience that instead of a choke router, many organizations use a DMZ port on a firewall or router for their DMZ. I don't discount the utility of having a router specifically assigned to the function of protecting the firewall from stray DMZ traffic or malicious traffic, but it seems like an expensive option compared to utilizing an interface on an already existing device.

    I'm not trying to confuse any of you studying for exams, I'm just pointing out that real world use of routers isn't necessarily the same as how they're defined by Cisco, even when using Cisco equipment.

    Please study and remember the Cisco definitions for certification exams.


    • #3
      Re: border router, screening router & choke router

      this is really great explanation networkerz , i get confused a lot between these router types and you made things clear now , i searched a lot on the net and maybe this is the only article explaining the difference .
      thanks again
      Wireless routers home
      Last edited by SarahLacy; 8th August 2010, 19:07.


      • #4
        Re: border router, screening router & choke router

        I havent heard the term choke router or screening router used a whole lot these days mainly because they have been replaced with dedicated firewall appliances (ASA PIX)

        Border routers can also be termed as PE (Provider Edge) routers when facing client networks and CE (Customer Edge) for the customer border facing the provider network. Also OSPF has ABR's ASBR's (Area Border and Autonomous System Boundary)
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)