On Wed, Jan 12, 2011, Jon Lewis wrote: > >Unless you'd like to ensure the sensitive traffic doesn't cross an > >"unsafer" default rout path if the XC is down. > > BGP would have that same issue since B is default routing to their > provider. > > [config for B] > ip route <A's prefix> <mask> <gw to A> > ip route <A's prefix> <mask> null0 250 > ip route 0.0.0.0 0.0.0.0 <B's provider> > > problem solved. If the gw to A is reachable, traffic goes via the cross > connect. If the gw is down, traffic goes nowhere.
I was just making the observation; the solution is pretty simple. (Yes, I've seen "secure" network cross-connects get bitten by this. :-) Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $24/pm+GST entry-level VPSes w/ capped bandwidth charges available in WA -
