Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Nokia & ISP Load Balance

To: [email protected]
Subject: Re: [FW-1] Nokia & ISP Load Balance
From: Steve McNutt <[email protected]>
Date: Thu, 2 May 2002 18:14:39 -0400
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
Thread-index: AcHyIfodpzWrDf9pRsWAYs9/0hYBVgAAVi9w
Thread-topic: Re: [FW-1] Nokia & ISP Load Balance

Multihoming with failover is simple for outbound originated connections,
if stateful failover is not required.

For inbound originated connections, it depends on a number of factors.
I you are lucky enough to own a pre-IDR "swamp" /24 prefix or a /23 or
bigger, you are good to go.  If not, getting a block of addresses that
will be broadcasted by both ISPs, getting them broadcasted properly, and
not getting filtered by other ISPs route filters is an interesting
challenge.  ISPs do not like to take small blocks, some will filter any
non-swamp /24's by default, and good luck trying to broadcast a /25.

There is also an issue of social responsibility here.  If everybody and
their dog insisted on being multihomed and broadcasting their little
prefixes across the entire Internet, the Internet would collapse.  By
not unessecarily cluttering up the Internet routing table, you are doing
the world a favor.  In my view, if you are a stub network, you should
only multihome in ways that do not involve your prefix being advertised
across the internet.

You 'could' use the nokias as edge routers by using OSPF or RIP to
broadcast the prefix to the ISP routers, assuming they would agree to
redistribute it into their BGP.  So if you did have a broadcastable
Network number (one that other networks on the Internet would accept),
you could use the IGP (RIP or OSPF) to inform the world at large of your
network's reachability, without running BGP on the Firewalls.  From a
security standpoint this is horrible design though.

-----Original Message-----
From: Don [mailto:[email protected]]
Sent: Thursday, May 02, 2002 1:10 PM
To: [email protected]
Subject: Re: [FW-1] Nokia & ISP Load Balance


Multi-homing with fail-over is not that bad, but multi-homing with load
sharing is nearly impossible. It is hard from a techinical persepctive,
even harder from a "Getting the ISP to understand what you want"
perspective, and finally nearly impossible when it comes to getting the
ISP's to cooperate.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] DNS Question
Next by Date: Re: [FW-1] Latest service pack of FW-1 4.1
Previous by thread: Re: [FW-1] Nokia & ISP Load Balance
Next by thread: [FW-1] Is it a Overlapping encryption domain problem ????????????????
Index(es):
- Date
- Thread