On Wed, Jan 12, 2011 at 07:13:53PM -0500, Lars Carter wrote:
[snip]
> There are two companies, Company A and Company B, that are planning to
> continuously exchange a large amount of sensitive data and are located in a
> mutual datacenter. They decide to order a cross connect and peer privately
> for the obvious reasons. Company A has a small but knowledgable engineering
> staff and it's network is running BGP as its only routing protocol with
> multiple transit vendors and a handful of other larger peers. Company B is a
> smaller shop that is single homed behind one ISP through a default static
> route, they have hardware that can handle advanced routing protocols but
> have not had the need to implement them as of yet. There is a single prefix
> on both sides that will need to be routed to the other party. It is rare
> that prefixes would need to change or for additional prefixes to be added.
>
>
> From an technical, operational, and security standpoint what would be the
> preferred way to route traffic between these two networks?
Use eBGP. Company B runs a mutually-agreed private ASN (at least from
company A's unused list). This scales from the initial deployment to
multiple cross-connects for failover [or even IPSEC tunnel over public
interfaces]. Company B should have Company A provide some clues to
their staff if needed (and get more out of the deal).
"Simple" static solutions wind up being entrenched, so move/add/change
becomes convoluted. And how many times has one prefix really stayed
that way? :-)
--
RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
