Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: dual ISP connections

From: "Mathew Want" <mathew.want () ac3 com au>
Date: Wed, 28 Jun 2006 10:27:51 +1000
I had BGP links at my last job (and will again soon!). Load balancing is
fine for outgoing conections but if you have incoming connections for
services you are hosting, this would be tricker. Mind you my experience is
from being an ISP/Hosting provider. 

James,

How does the DNS handle link failure? Do you run an offsite DNS system that
returns resolutions based on monitoring results? Does every host in your
environment need 2 IP addresses (1 for each link). How does this cope with
TTL expiry to cut over between failed links. I am not questiong that it can
be done I am just curious how you would do it.

Brian,

If you are just hosting the odd service for yourself, I believe that the
solution that James mentioned will probably do quite well and with far less
hassle than ASN's and /24's. If you need to run a large hosting environment,
then it may be the path of pain.....

My AU$0.02...

M@

-----Original Message-----
From: firewall-wizards-bounces () listserv cybertrust com
[mailto:firewall-wizards-bounces () listserv cybertrust com] On Behalf Of James
Paterson
Sent: Wednesday, June 28, 2006 12:12 AM
To: Firewall Wizards Security Mailing List; Firewall Wizards Security
Mailing List
Subject: Re: [fw-wiz] dual ISP connections

We went through this same thing several years back, BGP is a large
hassle that is really not necessary these days, you can get devices made
by several vendors that handle this type of high availability / load
balancing. Radware's LinkProof, F5's Big IP are a couple, and there are
many more. No need for ASN's no need for a full /24 network, it all
works via DNS.

Cheers
James
 

-----Original Message-----
From: firewall-wizards-bounces () listserv icsalabs com
[mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of
Mathew Want
Sent: Sunday, June 25, 2006 9:34 PM
To: 'Firewall Wizards Security Mailing List'
Subject: Re: [fw-wiz] dual ISP connections

Brian,

If the connections are through 2 separate ISP's then you need to run BGP
for routing. As for IP addresses, you need to apply for an AS number and
a /24
(minimum) from the more helpful of your ISP's or directly from the
designated IP allocator for your geographic region (ARIN. APNIC etc).

You must have /24 as the internet routing tables do not support routes
smaller than this anymore.

M@


-----Original Message-----
From: firewall-wizards-bounces () listserv cybertrust com
[mailto:firewall-wizards-bounces () listserv cybertrust com] On Behalf Of
Brian Loe
Sent: Friday, June 23, 2006 10:59 AM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] dual ISP connections

What is the standard, these days, for configuring dual ISP connections,
so far as routing and IPs go, when your company doesn't own a public IP
range?

I'll go into the details of how they're doing it here right now, but I'd
rather wait to show my ignorance...
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: