On Wed, Jan 12, 2011 at 07:13:53PM -0500, Lars Carter wrote: [snip]
There are two companies, Company A and Company B, that are planning to continuously exchange a large amount of sensitive data and are located in a mutual datacenter. They decide to order a cross connect and peer privately for the obvious reasons. Company A has a small but knowledgable engineering staff and it's network is running BGP as its only routing protocol with multiple transit vendors and a handful of other larger peers. Company B is a smaller shop that is single homed behind one ISP through a default static route, they have hardware that can handle advanced routing protocols but have not had the need to implement them as of yet. There is a single prefix on both sides that will need to be routed to the other party. It is rare that prefixes would need to change or for additional prefixes to be added.
From an technical, operational, and security standpoint what would be the preferred way to route traffic between these two networks?
Use eBGP. Company B runs a mutually-agreed private ASN (at least from company A's unused list). This scales from the initial deployment to multiple cross-connects for failover [or even IPSEC tunnel over public interfaces]. Company B should have Company A provide some clues to their staff if needed (and get more out of the deal). "Simple" static solutions wind up being entrenched, so move/add/change becomes convoluted. And how many times has one prefix really stayed that way? :-) -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE