Re: Routing Suggestions

[Joe Provo <nanog-post () rsuc gweep net>]

On Wed, Jan 12, 2011 at 07:13:53PM -0500, Lars Carter wrote:
[snip]
> There are two companies, Company A and Company B, that are planning to
> continuously exchange a large amount of sensitive data and are located in a
> mutual datacenter. They decide to order a cross connect and peer privately
> for the obvious reasons. Company A has a small but knowledgable engineering
> staff and it's network is running BGP as its only routing protocol with
> multiple transit vendors and a handful of other larger peers. Company B is a
> smaller shop that is single homed behind one ISP through a default static
> route, they have hardware that can handle advanced routing protocols but
> have not had the need to implement them as of yet. There is a single prefix
> on both sides that will need to be routed to the other party. It is rare
> that prefixes would need to change or for additional prefixes to be added.
>
>
> From an technical, operational, and security standpoint what would be the
> preferred way to route traffic between these two networks?

Use eBGP. Company B runs a mutually-agreed private ASN (at least from 
company A's unused list).  This scales from the initial deployment to 
multiple cross-connects for failover [or even IPSEC tunnel over public 
interfaces].  Company B should have Company A provide some clues to 
their staff if needed (and get more out of the deal).

"Simple" static solutions wind up being entrenched, so move/add/change 
becomes convoluted.  And how many times has one prefix really stayed 
that way? :-)


-- 
             RSUC / GweepNet / Spunk / FnB / Usenix / SAGE