Comments in-line...
>From: "Mark L. Decker" <[EMAIL PROTECTED]>
>Reply-To: <[EMAIL PROTECTED]>
>To: "'iden fw'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>CC: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>Subject: RE: [FW1] Multiple WAN Links.
>Date: Fri, 3 Nov 2000 15:58:52 -0800
>
>iden_fw wrote:
> > Regarding the negatives to BGP:
> > 1. uneven load sharing -- If you have 2 circuits with the
> > same ISP, this is not an issue. Otherwise, if you have a circuit
> > with 2 ISPs (as the original poster indicated) -- load sharing
> > becomes uneven, and requires a more
> > complex configuration. And constant tweaking...
>
>True, but if both circuits go to the same ISP, you don't have much
>redundancy. A problem with the carrier or ISP is likely to simultaneously
>take down both links in that case. Using different types of links (e.g. a
>T1 and a DSL) to two different providers yields the most fault tolerant
>design.
An organization can work with their ISP to have their T1s terminate on
different switches, and different routers. You would be surprised how many
customers order 2 circuits to their ISP, and then don't know that the T1s
terminate in the same channelized DS-3 card in the same Cascade 9000/500
switch, that can ride the same fiber over to the ISPs router. Or maybe you
wouldn't be surprised... ;)
Some ISPs even offer the ability to terminate a T1 in another POP. More $$
Telco could be the problem... if both circuits are ordered from the same
carrier, and ride common facilities... again, alot of times customers do not
ask for circuit path diversity.
> > How does Rainfinity load-balance incoming traffic?
>
>For connections initiated from inside, the return traffic is load balanced
>because the source address alternates between the two ISP ranges as it
>heads
>out. For connections initiated from outside to a webserver hosted
>internally, RainWall doesn't do any load balancing of the links. You'd
>need
>some kind of intelligent DNS to do that, maybe custom scripting or a
>product
>like 3DNS.
Yet another product to configure, troubleshoot, keep up-to-date on patches,
purchase, support contracts... ugh.
> > 3. requires AS number and cooperation from both ISPs --
> > Requires little
> > effort, and a little $. The only cooperation you need from
> > the ISPs is for
> > them to configure a BGP session with you, which any ISP
> > should be able to do
> > in their sleep. I would not classify this as a negative to a
> > BGP solution.
>
>Sure, if you are a big company with your own Class B (i.e., clout). If
>you're a smaller company, many major ISPs won't peer with you. They don't
>want to be bothered advertising your routes unless you have a dozen Class
>C's or more. Some smaller ISPs may have more lenient BGP peering policies,
>but even they tend to draw the line at a full Class C. Those using NAT
>with
>a CIDR block smaller than /24 are typically out of luck.
You don't need to peer with your ISP, and you don't need a Class B. You
just need to establish a BGP session. Any ISP should be able to setup a BGP
session with a customer.
The /24 is a valid point. The large ISPs tend to accept route announcements
less than a /24, but will not advertise those routes to their peers.
> > 4. giant routing tables that eat gobs of router CPU and RAM,
> > etc -- ;) A
> > full routing table is in the neighborhood of 88000 network
> > entries. I have
> > recommended, that if you are going to take full feeds from 2
> > providers on
> > one router that the customer have 128 megs on at least a 36XX Cisco.
>
>I agree. That would be my minimum spec as a BGP router; 128M should be
>able
>hold the ever-growing routing tables for at least a year or two. If you
>don't want the router to be a single point of failure, I'd recommend two of
>them with HSRP.
;) That's exactly what I was referring to...
> > What is the list price of a Rainfinity solution? What are
> > the maintenance
> > contract costs?
>
>RainWall is US $5,000 for active/standby, or US $12,000 for active/active
>with load balancing. Standard support is 25% of the software list price
>for
>a 1-year contract. For comparison, a pair of Cisco 3640s with 128M DRAM
>running BGP/HSRP will cost over US $24,000, before you even put any LAN or
>WAN modules in them.
So that's $3,000 a year for support...
I think your estimate of $12,000 for an empty 3640 chassis might be a bit
high. Maybe not...
>Mark L. Decker
>Rainfinity
Bottom line is that redundancy is a very expensive word. We haven't even
discussed redundant power, ethernet switches, redundant switches/routers for
the inside of the firewall, etc...
-iden_fw
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
