[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] RE: Multiple ISPs
Lee, The answer is yes, if I understand your question correctly. RainWall 1.5's Symmetric Routing feature should allow this to work. In that case, your diagram would look like this: ISP A ISP B | | T1 xDSL | | Router Router 193.193.193.1 194.194.194.1 | | 193.193.193.2 194.194.194.2 RainWall A RainWall B (NAT) (NAT) 192.168.1.1 192.168.1.2 \ / \ / 192.168.1.100 (Virtual IP) | LAN | Web Server 192.168.1.3 (default gateway is 192.168.1.100) Each RainWall node will statically NAT a public address to the web server. So even though the web server only has one private IP address, it will appear to the world as both 193.193.193.5 and 194.194.194.6. (Note: RainWall by itself is not performing the NAT. I'm assuming each RainWall node is also a FW-1 server, which is doing the NAT.) With Symmetric Routing turned on, RainWall will make sure that a connection that comes in via ISP A also goes out via ISP A. -Mark > -----Original Message----- > From: Lee Hughes > Sent: Monday, November 06, 2000 12:37 PM > Subject: RE: [FW1] Multiple WAN Links. > > Will the Rainwall help me in this configuration.. > > ISP A ISP B > | | > T1 xDSL > | | > Router Router > 193.193.193.1 194.194.194.1 > | > LAN > | > Web Server > 193.193.193.5 / 194.194.194.6 > > So, I have a web server , It's got dual IP address of > > 193.193.193.5 and > 194.194.194.6 > > so, I need traffic to be always routed in a symertic way... > i.e. if the first packet of a connection comes in from ISP A > (connection to 193.193.193.5) > it should always be routed back through ISP A. If a connection > comes into the web server via ISP B (194.194.194.6) then it's > routed back through ISP B > > I've cracked the load balacing bit for DNS, and it work's well, > but if I define default routes on the web server, > I've got no idea's which route the traffic is going to take on > the return path.... > > d/g 0.0.0.0 193.193.193.1 > d/g 0.0.0.0 194.194.194.1 > > So, I rekon the operating system will route traffic in an > unpredicatble way, > it be really nice if connections to 194.194.194.6 port 80, > were routed back > via the 194.194.194.1 router, but my ip knowlage tell's me that's not > going to really happen, as routing is done at network level, > and does not > take into consideration the source IP address when replying.... > or does it??? I've not tested it...but this article look like > doom and gloom > to this idea... > > > is there anyway I can tell the operating system to route > symetric way?.. > (i.e. the source address of a returning IP packet's is linked to the > gateway choosen to route the actually traffic) > > The only way I can think around it, is to add static routes > (detrimined from the source IP of the incomming connection). > this could be dangerous for my web server's heath, I'd rather > have just > two default gateway, rather than add static router (around > 80,000) :-(. > > Now, running BGP-4 not going to help me really, I'm looking > for low cost > fault tollerance, which can be done with out /22 /24 block, > and expensive > bgp-4 routers...... > > hope you guy can help. > Cheers, > Lee > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|