After a merger we have somewhat large corporate network soon to run MPLS & BGP all the way through the company (so far I've just done a quick&dirty eBGP between couple of our networks to add the other half of our new company). We have some overlapping networks, however I don't think they're that critical as they're usually some old local LAN networks that mostly need to talk to local servers or we can NAT them
But what I'd like to ask you guys is how would you do route-policies in this kind of a network? Would you manually enter all the network each site has and then add them to your IPAM as you go (the other company only has Excel sheets for their networks...). Then permit the networks you've gone through that don't overlap and you want to allow to the core network? Or just allow anything and then figure it out later if something breaks?
Larger sites currently have something like 500 routes, and then there are smaller sites that have only few. On our side we also have firewalls doing BGP, we try to avoid manually entering static routes anywhere. FWs don't however do much policing or anything advanced as that's not their main purpose.
Thanks!
No comments:
Post a Comment