Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Multiple WAN Links.

To: [email protected], [email protected]
Subject: RE: [FW1] Multiple WAN Links.
From: "iden fw" <[email protected]>
Date: Tue, 07 Nov 2000 15:52:51 GMT
Cc: [email protected]
Sender: [email protected]

Andrew, Great information -- so the 36XX series router is not necessary. Brings the price-point down... What is the ball-park price of a 2524? I prefer to use BGP for circuit and routing redundancy as well. I still think that Rainfinity/Stonebeat definitely has a place -- but for load balancing/failover/HA of the firewalls.

As far as DSL, my opinion is that "it depends". If you're close enough to the CO to get 768k or better, I say go for it. Especially because DSL boxes like Netopia let you bond DSL circuits.

One thing to consider with DSL is the provider -- does the DSL provider own the local loop, DSLAM, network, and the router that your DSL connection terminates on? I have seen some ISPs that have telco carry the circuit to a DSLAM owned by Rhytms/Northpoint/Covad/etc. The DSL carrier then carries the circuit across their network, where they hand it off to the ISP on a DS-3 containing many DSL circuits.

-iden_fw

From: "Andrew Bagrin" <[email protected]>
To: <[email protected]>, <[email protected]>
CC: <[email protected]>
Subject: RE: [FW1] Multiple WAN Links.
Date: Tue, 07 Nov 2000 09:29:24 -0500
I have a 2524 with 14m of processor memory running BGP between two different ISP's, and it works fine. Rainwall is excellent for load balancing firewalls, but for Internet connections, I'd stick with BGP. I know it work, I've been running it for over a year now. My firewalls have been load balanced behind my ISP BGP connection for almost one year.
Andrew Bagrin
Network Analyst
Regal Cinemas, Inc.
7132 Commercial Park Drive
Knoxville, TN 37918
>>> "Mark L. Decker" <[email protected]> 11/06/00 05:35PM >>>
> The only point that I would make is that you have to have a
> router for connectivity -- so the only price increase is the additional
> RAM, and if you are upgrading from a 26XX series to a 36XX series router
> (which is not inexpensive, granted).
True. Upgrading from the default 32M DRAM to 128M DRAM on a 3640 will "only" cost $5,760 per router. ;-) But that assumes you already have two 3640s. Most people who have T1 internet access have a single lower-end router like a 2600 or 1700 series Cisco. For them, a move to fully-redundant routers running BGP/HSRP means buying two brand new routers. And, that only addresses the ISP link and router redundancy. They still haven't eliminated the firewall as a single point of failure. If you want to protect all three, you're looking at some sort of firewall HA solution anyway.
So, let's look at total purchase price for a fully redundant setup with
BGP/HSRP vs. a fully redundant setup using RainWall:
Secure, fully redundant T1 access with BGP/HSRP
pair of 3640 routers: $30,920 ($15,460 x 2, includes T1 CSU/DSUs)
firewall HA solution: $12,000 (based on RainWall with LB)
TOTAL LIST PRICE:     $42,920 (does not include firewalls themselves)
Secure, fully redundant T1 access with RainWall
pair of 1720 routers: $ 4,390 ($2,195 x 2, includes T1 CSU/DSUs)
firewall HA solution: $12,000 (based on RainWall with LB)
TOTAL LIST PRICE:     $16,390 (does not include firewalls themselves)
That's a big price difference. Plus, if you already have a T1 router, you can subtract another $2,195 from the cost of the RainWall solution. If transparent failover for inbound connections is worth $28,725 to you (and it may be if you're hosting an e-commerce website internally), then BGP is still the best answer. But if you just want increased capacity and automatic failover for regular outbound browsing and email, RainWall can be a useful, less-expensive alternative.
While we're on the subject of cost, consider this: How much could you save
on access costs by replacing your T1 with DSL?  Most people wouldn't dare,
because DSL is typically not quite as fast or reliable as a T1.  But if you
had multiple redundant DSL links...  Something to think about, anyway.  ;-)
================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at http://profiles.msn.com.

================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- RE: [FW1] Multiple WAN Links.
  - From: "Mark L. Decker" <[email protected]>

Prev by Date: [FW1] Free Check Point Firewall-1 2000 Training!
Next by Date: Re: [FW1] unknown established TCP packet
Previous by thread: RE: [FW1] Multiple WAN Links.
Next by thread: RE: [FW1] Multiple WAN Links.
Index(es):
- Date
- Thread