Hi, this is what I can think of. Correct me if I am wrong. Thanks.
If your route is too specific and not able to be accepted by your upstream
provider(s), the next good thing I can think of is to use a load balancer
and insert it between the firewall and the web servers.
- You obtain another block of IP from pacbell. Small size may do.
- You configure your IGP to include IP addresses from both government and
Pacbell.
- You configure EBGP so that both of your router knows the best routes to
return. Don't forget iBGP also. Set local preference if required. Also,
inject default (or u do your own) if necessary. You don't need to annouce
anything to ur upstream, therefore a private AS is needed.
- You use a single block of private IP for your webservers.
- At your load balancer, configure two IP maps. One map for IP of
governmental ISP, another map for IP from Pacbell.
- Configure ur DNS to announce 2(or more, if needed) IPs for any host you
need to load balance.
- Done -
There are pros and cons.
- The good thing is, you have another level of protection by the load
balancer. (Smurf, ICMP bomb, scanning won't hurt you now). You may even
consider throw away your PIXs.
- The bad thing is, you have to buy two load balancers. :(
- Also, you have to make sure the IP packet with right source IP to get out
to the right uplink. Otherwise, the packet will be dropped by your ISP. This
may need route-map.
"Brian Wilcox" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I am currently adding another circuit to an additional
> ISP for my network. I want to be able to use the
> first circuit for a redundant backup but am not clear
> on how to accomplish this.
>
> The setup:
> (diagram located at
> http://www.geocities.com/bwilcox_email/Routing_Design.html)
> - watch word wrap
> Internal LAN connected to two PIX's, one in failover
> mode. The PIX's current default route points to the
> old ISP (government). All of our internal (public)
> addresses are from the Government ISP's address space,
> which we have a /25 block. I'm currently NATing my 10
> net to this pool. I have an internal web server that
> the users need access to from outside the network.
> I'm adding the new circuit via PacBell and would like
> traffic to take that route and failover to the
> Government ISP.
>
> First solution: do BGP. Well, I can't. I only have a
> /25, too specific, from the Government ISP and I have
> to maintain the same address space. So my next
> thought would be to PAT everything out the PacBell
> circuit. That's fine and dandy but then the web
> server will reply to the source with a different
> address. I'd like to route the web server to the
> Government ISP. The only way I can think of doing
> that is via some sort of route map or policy map.
>
> Any comments would be greatly appreciated.
>
> Thanks, Brian
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Photos - Share your holiday photos online!
> http://photos.yahoo.com/
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
