On Wed, Jan 12, 2011 at 07:13:53PM -0500, Lars Carter wrote: [snip] > There are two companies, Company A and Company B, that are planning to > continuously exchange a large amount of sensitive data and are located in a > mutual datacenter. They decide to order a cross connect and peer privately > for the obvious reasons. Company A has a small but knowledgable engineering > staff and it's network is running BGP as its only routing protocol with > multiple transit vendors and a handful of other larger peers. Company B is a > smaller shop that is single homed behind one ISP through a default static > route, they have hardware that can handle advanced routing protocols but > have not had the need to implement them as of yet. There is a single prefix > on both sides that will need to be routed to the other party. It is rare > that prefixes would need to change or for additional prefixes to be added. > > > From an technical, operational, and security standpoint what would be the > preferred way to route traffic between these two networks?
Use eBGP. Company B runs a mutually-agreed private ASN (at least from company A's unused list). This scales from the initial deployment to multiple cross-connects for failover [or even IPSEC tunnel over public interfaces]. Company B should have Company A provide some clues to their staff if needed (and get more out of the deal). "Simple" static solutions wind up being entrenched, so move/add/change becomes convoluted. And how many times has one prefix really stayed that way? :-) -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE