From: David Heaton (David.Heaton@citec.com.au)
Date: Wed Jan 14 2004 - 04:15:41 GMT-3
there is stateful NAT in IOS 12.2T if that helps:
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1839/products_
feature_guide09186a00801124ad.html
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
asadovnikov
Sent: Wednesday, 14 January 2004 3:42 PM
To: amgroupstudy@hotmail.com
Cc: ccielab@groupstudy.com
Subject: RE: OT:Fault tolerant CEO's home network setup.
Andrew,
The answer depends on your application requirements...
If the application requires continues connectivity, but can deal with
changing of IP address (i.e. usual WEB browsing) then all you need is a
box which provides redundant NAT availability such as
http://www.radware.com/content/products/lpb/default.asp (you can get
similar functionality at about half the price). All this products work
similarly, they can NAT into either provider IP space, but then they
check each link for health (not just link light) and choose one of 2
spaces, even loadbalancing is supported. Obviously no protection
against box itself failing but this is not what you looking for, right?
If application requires persistent IP then setup is a little more
difficult but not impossible. Usually it is achieved with BGP, but it
is not an option. What you can do though:
* you need a secondary site (such as your home office) where you have
highly reliable Internet connectivity
* then you put one of the loadbalancers at your reliable site and
another at your CEO home office
* then you run VPN tunnel between 2 boxes, the boxes will be able
to make the tunnel available as long as at least one path exists
* then you tunnel all IP traffic via VPN to your reliable site and
send it to Internet from there
This way high availability from CEO home office is only provided to
reliable site, but from there it is much easier to send it reliably to
Internet keeping same IP. Packets will make 2 Internet trips one to
your reliable site and another to the ultimate destination.
Best regards,
Alexei
P.S. Cisco does not have an easy solution for ether of 2 options, you
get to go third party but the technology was around for a while and
works well.
-----Original Message-----
>From: "Andrew Moriarty" <amgroupstudy@hotmail.com>
>Reply-To: "Andrew Moriarty" <amgroupstudy@hotmail.com>
>To: ccielab@groupstudy.com
>Subject: OT:Fault tolerant CEO's home network setup.
>Date: Wed, 07 Jan 2004 00:53:20 -0500
>
>Ever have the feeling that you are missing something incredibly basic
>that
>will make you look stupid later? I do right now, and I hope someone can
>help.
>
>The scenario: The customers CEO often works from home. He accesess
>company
>servers in california, and he lives in Canada. Because of where he
lives,
>all he can get at his house is a relatively basic DSL from one
provider,
>and a basic cable modem setup from another. Both of these are "Home
user"
>type setups, with addresess assigned by DHCP. The DSL provider is
>frequently down for a day or more. Problem is, thats the high speed
>connection! The cable in this area is much slower, and not much more
>reliable. (Don't ask me to explain why this so- it just is!- and before
>anyone makes any canada jokes, yes he can get a canoe at the local
>supermarket, all the TV netoworks carry hockey, and yes, there are wild
elk
>running around in the parking lot)
>
>The CEO has a relatively robust home network- a unix based firewall,
>and a
>half dozen computers behind it.
>
>His goal is to have seemless fail-over, for as cheap as possilbe. He
>wants
>to be connected in to a contact management system all day long, and not
>worry about which ISP is up or down. In other words, he might buy a
router
>or two, but he won't upgrade his personal "Home" service to a business
>class service. (its not available in that area anyways)
>
>Each ISP provides him with a public IP address. Right now he only uses
>one
>of them, and uses NAT on his unix firewall to provide internet access
for
>his six machines. He wants to add the second ISP to the configuration,
to
>povide fault tolerance.
>
>I've suggested buying a router and connecting it to both ISP's, and
>using
>one interface as the primary and one as the backup, with static routes
and
>NAT.Cheap, simple solution. Problem is, if one ISP fails, there goes
his
>public address that the NAT is using, and he'll have to log out of his
>contact managment software, and restart his session, potentially
loosing
>data. He does NOT want to do that. Its no good flipping over to the
second
>ISP/NAT connection, because then his public address will change, and
his
>session will be invalid and have to start again.
>
>He doesn't have any public ip addresses inside his house, can't get any
>either with the services on offer in that area. He's not going to do
>anything complex like run BGP etc. The ISP's won't let him anyways.
>
>I'm not sure I can solve his problem, but I've got a tickle in the back
>of
>my mind about something, thinkingI saw this somewhere before. I even
got
>out my Halabi and Doyle books and re-read some stuff.
>
>Does anyone have any suggestions on what to do here? Or even something
>to
>research.....
>
>am
>
>_________________________________________________________________
>The new MSN 8: smart spam protection and 2 months FREE*
>http://join.msn.com/?page=features/junkmail
>http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoi
n.ms
n.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:44 GMT-3