[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Routing Suggestions
- Subject: Routing Suggestions
- From: owen at delong.com (Owen DeLong)
- Date: Tue, 18 Jan 2011 17:26:26 -0800
- In-reply-to: <[email protected]>
- References: <[email protected]>
On Jan 18, 2011, at 4:54 PM, Robert Bonomi wrote:
>
>> Date: Fri, 14 Jan 2011 01:50:40 -0800
>> From: Randy Bush <randy at psg.com>
>> Subject: Re: Routing Suggestions
>>
>> i'm with jon and the static crew. brutal but simple.
>>
>> if you want no leakage, A can filter the prefix from it's upstreams, both
>> can low-pref blackhole it, ...
>>
>
> One late comment --
>
> OP stated that the companies were exchanging 'sensitive' traffic. I suspect
> that they di *NOT* want this traffic to route over the public internet -if-
> he private point-to-point link goes down. if they're running any sort of a
> dynamic/active routing protocol then -that- route is going to disappear
> if/*WHEN* the private link goes down, and the packets will be subject to
> whatever other routing rules -- e.g. a 'default' route -- are in place.
>
> This would seem to be a compelling reason to use a static route -- insuring
> that traffic _fails_ to route, instead of failing over to a public internet
> route, in the event of a link failure.
>
>
That's why I always prefer to put this traffic inside an IPSEC VPN. Then,
you gain the advantage of being able to let the internet serve as a backup
for your preferred private path while still protecting your sensitive information.
Then I use dynamic routing and take advantage of the diverse path capabilities.
Owen