On Jan 18, 2011, at 4:54 PM, Robert Bonomi wrote:
Date: Fri, 14 Jan 2011 01:50:40 -0800 From: Randy Bush <randy@psg.com> Subject: Re: Routing Suggestions
i'm with jon and the static crew. brutal but simple.
if you want no leakage, A can filter the prefix from it's upstreams, both can low-pref blackhole it, ...
One late comment --
OP stated that the companies were exchanging 'sensitive' traffic. I suspect that they di *NOT* want this traffic to route over the public internet -if- he private point-to-point link goes down. if they're running any sort of a dynamic/active routing protocol then -that- route is going to disappear if/*WHEN* the private link goes down, and the packets will be subject to whatever other routing rules -- e.g. a 'default' route -- are in place.
This would seem to be a compelling reason to use a static route -- insuring that traffic _fails_ to route, instead of failing over to a public internet route, in the event of a link failure.
That's why I always prefer to put this traffic inside an IPSEC VPN. Then, you gain the advantage of being able to let the internet serve as a backup for your preferred private path while still protecting your sensitive information. Then I use dynamic routing and take advantage of the diverse path capabilities. Owen