hi ben...
its a simplified drawing...
am just saying that if someone wants www.foo.com ( 1.2.3.4 ) to
be routed via isp#1.....
they can not also have www.foo.com routed by isp#2
if they want incoming traffic for www.foo.com to arrive from
either isp#1 or isp#2... they'd need to be using "autonomous"(?)
ip# that is routable by BOTH isp
for outgoing traffic...thats locally handled by ifconfig and metric
for the route
i combined the "gateway" into the firewall...
- one box that converts local internal LAN as a gateway
to either isp...
nothing fancy in this config... other than the same routable ip#
by two different ISPs to get to the same www.foo.com
- the two isp can figure out amongst them self who
can delivery that traffic at that instant ... i dont know
what protocol they use ...
have fun
alvin
On Mon, 9 Jul 2001, Ben Nagy wrote:
> > -----Original Message-----
> > From: Alvin Oga [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, July 09, 2001 10:53 AM
> > To: Byron Kennedy
> > Cc: 'Laris Benkis'; [EMAIL PROTECTED];
> > '[EMAIL PROTECTED]'
> > Subject: RE: Multi-homed Internet connection
> >
> >
> >
> > hi ya
> >
> > > Something like this:
> > >
> > > Inside---FW with Nat -----router-----------First Provider
> > > to 1st Prov |
> > > addr space |
> > > Traffic natted
> > > to 2nd provider's
> > > addr space
> > > |
> > > +--------------Second Provider
> >
> > I'd try/prefer the following
> >
> > +-------------+
> > | |
> > | +-----router--- First Provider
> > | FW |
> > Inside---+ |
> > | w/ NAT |
> > | +-----router--- Second Provider
> > | |
> > +-------------+
> >
> > if the router or first provider goes down... i can still get
> > in and out thru the 2nd provider..
>
> I think that either you've left one or two things out of that diagram, or
> that it won't work.
>
> 1. How does the firewall route to both ISPs? Most firewalls only support
> very simple routing protocols (and certainly not BGP, in most cases). I have
> seen some Crazy Hairbrained Schemes which involve NAT'ing the entire
> Internet _inbound_ on both routers (into different pools) and having the
> outbound gateway selected using some dynamic routing protocol. It works, but
> let's not go there.
>
> 2. If you're only NAT'ing into one pool then you can't make that diagram
> 'work' without using BGP - the rest of the Internet will not route to your
> external IP range through the backup provider if the primary one falls over.
>
> > if i have "autonomous"(?) ip#... both ISPs can route incoming
> > and outgoing traffic
>
> Sounds like you're obliquely referring to BGP AS's?
>
> > thanx
> > alvin
>
> Cheers,
>
> --
> Ben Nagy
> Network Security Specialist
> Marconi Services Australia Pty Ltd
> Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
