> -----Original Message-----
> From: Alvin Oga [mailto:[EMAIL PROTECTED]]
> Sent: Monday, July 09, 2001 10:53 AM
> To: Byron Kennedy
> Cc: 'Laris Benkis'; [EMAIL PROTECTED];
> '[EMAIL PROTECTED]'
> Subject: RE: Multi-homed Internet connection
>
>
>
> hi ya
>
> > Something like this:
> >
> > Inside---FW with Nat -----router-----------First Provider
> > to 1st Prov |
> > addr space |
> > Traffic natted
> > to 2nd provider's
> > addr space
> > |
> > +--------------Second Provider
>
> I'd try/prefer the following
>
> +-------------+
> | |
> | +-----router--- First Provider
> | FW |
> Inside---+ |
> | w/ NAT |
> | +-----router--- Second Provider
> | |
> +-------------+
>
> if the router or first provider goes down... i can still get
> in and out thru the 2nd provider..
I think that either you've left one or two things out of that diagram, or
that it won't work.
1. How does the firewall route to both ISPs? Most firewalls only support
very simple routing protocols (and certainly not BGP, in most cases). I have
seen some Crazy Hairbrained Schemes which involve NAT'ing the entire
Internet _inbound_ on both routers (into different pools) and having the
outbound gateway selected using some dynamic routing protocol. It works, but
let's not go there.
2. If you're only NAT'ing into one pool then you can't make that diagram
'work' without using BGP - the rest of the Internet will not route to your
external IP range through the backup provider if the primary one falls over.
> if i have "autonomous"(?) ip#... both ISPs can route incoming
> and outgoing traffic
Sounds like you're obliquely referring to BGP AS's?
> thanx
> alvin
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
