[email protected] wrote: > Depending on your security policies you may want to encrypt said tunnel also. > > Other than that, it all depends on it all depends. For example - if you > receive / or have a default route pointing to the ISP, then the fact you have > the same AS and won't receive the other site's routes in BGP doesn't matter > at all - you'll follow a default from site 1 to the ISP, and the ISP will > have a route to site 2 and can pass the traffic in the right direction. If > you don't mind your traffic being passed unencrypted over the Internet, that > is. You'll obviously need to adapt your firewall policies to allow for that > flow as well.
Personally, I don't really like the tunnel idea... I've had to deal with them for v6 connectivity, and they seem so 'ugly'. My first thoughts were about de-aggregation, but since he's already advertising different space out of each site, that became irrelevant. I was just thinking that two AS numbers would be the cleanest, easiest to maintain method for him to take. Certainly tunnelling did go through my mind though to ensure site-to-site peering over the Internet. Steve
smime.p7s
Description: S/MIME Cryptographic Signature
