[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Multi site BGP Routing design
- Subject: Multi site BGP Routing design
- From: steve at ibctech.ca (Steve Bertrand)
- Date: Fri, 05 Jun 2009 20:40:03 -0400
- In-reply-to: <16984E60-4059-457B-B468-7ED5BECA0307@mimectl>
- References: <[email protected]> <[email protected]>, <[email protected]> <16984E60-4059-457B-B468-7ED5BECA0307@mimectl>
John.Herbert at ins.com wrote:
> Depending on your security policies you may want to encrypt said tunnel also.
>
> Other than that, it all depends on it all depends. For example - if you receive / or have a default route pointing to the ISP, then the fact you have the same AS and won't receive the other site's routes in BGP doesn't matter at all - you'll follow a default from site 1 to the ISP, and the ISP will have a route to site 2 and can pass the traffic in the right direction. If you don't mind your traffic being passed unencrypted over the Internet, that is. You'll obviously need to adapt your firewall policies to allow for that flow as well.
Personally, I don't really like the tunnel idea... I've had to deal with
them for v6 connectivity, and they seem so 'ugly'.
My first thoughts were about de-aggregation, but since he's already
advertising different space out of each site, that became irrelevant.
I was just thinking that two AS numbers would be the cleanest, easiest
to maintain method for him to take.
Certainly tunnelling did go through my mind though to ensure
site-to-site peering over the Internet.
Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3233 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20090605/d9e0e4c9/attachment.bin>