|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Two Internet links in one FW1 box
Title: RE: [FW1] Two Internet links in one FW1 box There are many different ways to go about this as I am sure the responses you are getting indicate. We do this at two different sites. At both sites we elected to use BGP/4, one site using 2 routers and the other using a single router for both connections. Doing this can cost you more or save you a bunch of cash, depending on how you look at it. You won't need another unlimited license, but you will need a slightly more beefy router and memory to pull down probably customer routes from the two neighboring providers (~10,000 - ~32,000 routes). You will not need the HA module, that is for putting firewalls themselves in high availability. Rulebase changes are minimal, depending on which providers IPs you use, or even better if you own your own block. (Unlikely... :) You won't have to worry about needing two links from the firewall to the routers for throughput reasons as a couple T1s don't compare to a 100mb full duplex feed. In terms of shaping the traffic to send certain things out a specific link, you can use the border routers to do this via route and policy maps (on a Cisco). No, this is not a stupid idea. It all comes down to what you business goals and limits are, the cost of doing, or shall we say not doing business. From a service perspective alone, is this worth $12,000/year in additional provider bills. ($800/month for the T1; $200/month for the loop) There are also other products to do this stuff, RadWare maybe? Along with the rest of the global internet population, we have had excellent luck with the router based solution, partly because it works, partly because we configured it correctly, and partly because we use some decent providers. When we have a link go down, which happens plenty in ridiculous Verizon controlled Boston, the users don't know the difference. I will tell you though, I think the things that have saved us the most in terms of downtime are not the setup of the routers or anything on our side of the pipe, which is actually the easy part. It was how we made decisions on setup and insisted on certain things in order for the providers to win the business. Some examples being things like insisting that the second T1 go to a different CO in case there was a major CO problem, and then following up and verifying the did it by calling Verizon. (This cost us an additional $55/month on our loop.)(And our first provider lied to us as our verification showed.) We also then decided not to even use Verizon for both local loops. It came to our attention that right outside our building we had fiber passing by from AT&T local (formerly TCG) and MCI/Worldcom (formerly MFS). So we had two loops from two separate providers going to two separate COs on two separate ISP backbones. (It made for a cool Visio.) Using two T1s on EXTREMELY different and diverse providers not just from a network point of view but via actual links, which is quite hard to figure out. Example: One of our connections is with Cable & Wireless, for certain reasons we plugged it into one of the NYC POPs for a certain period of time. It rides to NYC direct from the CO on a "C&W" OC-48 down to NYC. C&W only leases 12 of the 48 pairs from Frontier though. And consequently, (this part really cracked us up), Frontier leases 36 of the 48 pairs from Level 3. You see where I am going, if we had certain circumstances whereas those mentioned were our providers and that link went down, easily getting to the New York area from Boston could get slightly impeded. Let me know if you have any specific questions about our setup. Jarrett -----Original Message-----
Trying to figure out something. I want to install a second Internet Link
- Do I _have to_ install the high availabilty module? Or is it possible to
Thanks in advance for any help, Geraldo Fonseca
================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
