RE: [FW1] Single Nokia IP to two outbound switches

["R. Benjamin Kessler" <ben@FW1-NOSPAMkesslerconsulting.com>]

So, if I understand the original question correctly, you're looking to
implement layer-2 redundancy between the Nokia and the router in case a
switch fails.  Are we just missing part of the picture here, is there a
redundant Nokia and router to go along with this?

If the router(s) in question are Cisco's you'd need to bridge between the
two interfaces as they typically don't like to have two interfaces on the
same (layer 3) network - you would then need to make a bridged virtual
interface (BVI) to apply the ip address and such to while running some type
of Spanning Tree protocol between the interfaces to eliminate the L2
loops...this is getting ugly really quick.

What problem are you trying to solve?

Again, perhaps there is something missing from the diagram but I don't see
the benefits of having this type of redundancy if the Nokia and router on
each end is still a single point of failure.  It seems to me that you'd be
going through a bunch of headaches for little or no gain - assuming the
Nokia's supported a redundant L2 configuration and I don't recall seeing
that as an option (I'll admit that I haven't looked for it either).

Do you even need the switch(es) between the firewall and router?  If they
are single devices, wouldn't a cross-over cable between them do the trick -
again, I'm assuming that servers, etc. are protected behind the firewall not
sitting vulnerable outside the firewall.

-----Original Message-----
From: owner-fw-1-mailinglist@lists.us.checkpoint.com
[mailto:owner-fw-1-mailinglist@lists.us.checkpoint.com]On Behalf Of
casmith@VertisInc.com
Sent: Thursday, May 24, 2001 2:32 PM
To: species3@tampabay.rr.com
Cc: fw-1-mailinglist@beethoven.us.checkpoint.com;
owner-fw-1-mailinglist@beethoven.us.checkpoint.com; Paul Murphy
Subject: RE: [FW1] Single Nokia IP to two outbound switches




I will be attempting something similar, only my Internal connection will be
dual homed to my network core.  My strategy will use OSPF Static Policy and
Costs for default routes for failover.  This can be done with almost any L3
Switch.


Chad Smith
Sr. Network Engineer
Vertis, Inc."The purpose of the race is not necessarily to win, but to test the limits
of the human heart"



                    "Tom Louis"
                    <species3@tampabay.rr.com>                  To:
"Paul Murphy" <paul.murphy@crestco.co.uk>,
                    Sent by:
<fw-1-mailinglist@beethoven.us.checkpoint.com>
                    owner-fw-1-mailinglist@lists.us.chec        cc:
                    kpoint.com                                  Subject:
RE: [FW1] Single Nokia IP to two outbound switches


                    05/23/2001 12:48 PM
                    Please respond to species3







I have not seen a setup like this before.

I guess it could be done but I do not know how to make it work

The fail over stuff usually has two routers internal and 2 routers external
running HSRP

2 Nokias running VRRP.

I have never seen someone put dual switches in-between a router and a FW.


Thomas Stala
species3@tampabay.rr.com
Hope this helps

-----Original Message-----
From: owner-fw-1-mailinglist@lists.us.checkpoint.com
[mailto:owner-fw-1-mailinglist@lists.us.checkpoint.com]On Behalf Of Paul
Murphy
Sent: Tuesday, May 22, 2001 11:40 AM
To: fw-1-mailinglist@beethoven.us.checkpoint.com
Subject: [FW1] Single Nokia IP to two outbound switches



How bout this:


       Internal
         |
       Nokia
     /      \
Switch   Switch
     \      /
      Router
        |
     The world

Suppose inbetween my firewall and internet router, there were two switches
configured in failover.

So if anything went wrong with one switch, it would failover to the other.

Logically, this would require two external interfaces on my Nokia, one
connected to one switch, the other to the other.

Having said that I can't think how to implement this, on the Nokia, or in
fw-1.

Has anyone any comments?  Ignore the router end of this for the moment.


Cheers,

Paul.



----------------------------------------------------------------------------

-----------------------------------------------
CRESTCo Ltd.             The views expressed above are not necessarily
those
33 Cannon Street.        held by CRESTCo Limited.
London  EC4M 5SB (UK)
+44 (020) 7849 0000     http://www.crestco.co.uk
----------------------------------------------------------------------------

-----------------------------------------------


============================================================================

====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================

====



============================================================================
====

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====






============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================