From: Mitchell, TJ (tmitchell@allianttech.com)
Date: Thu Sep 01 2005 - 10:55:51 GMT-3
Peer with BGP, send BGP local-preference out to your neighbors.
Then when one fails the other will take over inbound connections.
Thanks
T.J. Mitchell
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
AM
Sent: Thursday, September 01, 2005 9:50 AM
To: ccielab@groupstudy.com
Subject: OT: Inbound Internet Redundancy
Hi,
I have a design question that I want to run by the
group and see if there is good solution to my problem.
I want to provide Inbound redundancy to public servers
connected to two different DMZs at two different
locations. Here is current design
ISP A
| |
| |
| |
- - - - ----------
| |
| |
| |
Inet Rtr Inet Rtr at
at LA NY
| |
| |
| |
DMZ1- FW FW--DMZ 2
| |
| |
| |
RTR RTR
| |
|__Internal Network_|
As you can see from above, I am connected to one ISP
at location in LA and NY. For outbound, I have no
problems as I inject default route based on certain
route availability. For Inbound, I have a DMZ in LA
and a DMZ in NY. There is no direct connection between
my internet routers. If the Internet link in LA fails,
users can not get to DMZ servers in LA from Internet.
To fix this issue, I can peer with my provider and
send LA dmz routes via NY and vice versa. In case of
LA internet link failure, traffic can come via NY but
since there is no direct link between two Internet
routers, my traffic will have to go through my
Internal network which I want to avoid. Anyone has
similar situation. One solution that I am thinking of
is to create a tunnel between two firewalls or the
internet routers. Any suggestions appreciated.
Thanks
This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:13 GMT-3