NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] RE: Multiple ISPs



Lee,

The answer is yes, if I understand your question correctly.  RainWall 1.5's
Symmetric Routing feature should allow this to work.  In that case, your
diagram would look like this:

   ISP A            ISP B
      |                |
     T1              xDSL
      |                |
   Router          Router
193.193.193.1   194.194.194.1
      |                |
193.193.193.2   194.194.194.2
 RainWall A      RainWall B
    (NAT)            (NAT)
 192.168.1.1     192.168.1.2
       \              /
        \            /
        192.168.1.100 (Virtual IP)
               |
              LAN
               |
          Web Server
          192.168.1.3
(default gateway is 192.168.1.100)

Each RainWall node will statically NAT a public address to the web server.
So even though the web server only has one private IP address, it will
appear to the world as both 193.193.193.5 and 194.194.194.6.  (Note:
RainWall by itself is not performing the NAT. I'm assuming each RainWall
node is also a FW-1 server, which is doing the NAT.)  With Symmetric Routing
turned on, RainWall will make sure that a connection that comes in via ISP A
also goes out via ISP A.

-Mark

> -----Original Message-----
> From: Lee Hughes
> Sent: Monday, November 06, 2000 12:37 PM
> Subject: RE: [FW1] Multiple WAN Links.
>
> Will the Rainwall help me in this configuration..
>
> ISP A          ISP B
>    |              |
>    T1            xDSL
>    |              |
>   Router        Router
> 193.193.193.1   194.194.194.1
>            |
>           LAN
>            |
>        Web Server
> 193.193.193.5 / 194.194.194.6
>
> So, I have a web server , It's got dual IP address of
>
> 193.193.193.5 and
> 194.194.194.6
>
> so, I need traffic to be always routed in a symertic way...
> i.e. if the first packet of a connection comes in from ISP A
> (connection to 193.193.193.5)
> it should always be routed back through ISP A. If a connection
> comes into the web server via ISP B (194.194.194.6) then it's
> routed back through ISP B
>
> I've cracked the load balacing bit for DNS, and it work's well,
> but if I define default routes on the web server,
> I've got no idea's which route the traffic is going to take on
> the return path....
>
> d/g 0.0.0.0 193.193.193.1
> d/g 0.0.0.0 194.194.194.1
>
> So, I rekon the operating system will route traffic in an
> unpredicatble way,
> it be really nice if connections to 194.194.194.6 port 80,
> were routed back
> via the 194.194.194.1 router, but my ip knowlage tell's me that's not
> going to really happen, as routing is done at network level,
> and does not
> take into consideration the source IP address when replying....
> or does it??? I've not tested it...but this article look like
> doom and gloom
> to this idea...
>
>
> is there anyway I can tell the operating system to route
> symetric way?..
> (i.e. the source address of a returning IP packet's is linked to the
> gateway choosen to route the actually traffic)
>
> The only way I can think around it, is to add static routes
> (detrimined from the source IP of the incomming connection).
> this could be dangerous for my web server's heath, I'd rather
> have just
> two default gateway, rather than add static router (around
> 80,000)  :-(.
>
> Now, running BGP-4 not going to help me really, I'm looking
> for low cost
> fault tollerance, which can be done with out /22 /24 block,
> and expensive
> bgp-4 routers......
>
> hope you guy can help.
> Cheers,
> Lee
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.