oh all right. I just don't like the idea, that's all. I put this dislike
down to excessive exposure to Checkpoint FW-1 + ospf in a previous
existence. It still makes me shudder to think about it.
Yikes!
A somewhat-relevant point: we use two netscreen 5400s with BGP routing
to split the traffic between them. One reason that BGP specifically is a
useful protocol is that (of course) outbound and inbound traffic must be
routed along the same paths. BGP provides the necessary path control
knobs to do this.
Doing it with OSPF is very hard (we used to, but it required active
tuning of the OSPF metrics on the routed p2p inside the firewalls - yuck)
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
