Re: OT: Inbound Internet Redundancy

From: john matijevic (john.matijevic@gmail.com)
Date: Thu Sep 01 2005 - 11:12:47 GMT-3

• Next message: Scott Morris: "RE: ip multicast boundary vs. ip igmp access-group"
• Previous message: gladston@br.ibm.com: "Shape Peak and Shape Average"
• Maybe in reply to: AM: "OT: Inbound Internet Redundancy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello am(not sure if this is correct name?),
If the link to LA goes down you are not going to be able to tunnel
externally between the two routers, or the firewalls, without going through
the internal network. Solution is to look to see if provider has a backup,
(ex. shadow line).
Sincerely,
John

 On 9/1/05, AM <am_1974@yahoo.com> wrote:
>
> Hi,
>
> I have a design question that I want to run by the
> group and see if there is good solution to my problem.
>
>
> I want to provide Inbound redundancy to public servers
> connected to two different DMZs at two different
> locations. Here is current design
>
>
>
> ISP A
> | |
> | |
> | |
> - - - - ----------
> | |
> | |
> | |
> Inet Rtr Inet Rtr at
> at LA NY
> | |
> | |
> | |
> DMZ1- FW FW--DMZ 2
> | |
> | |
> | |
> RTR RTR
> | |
> |__Internal Network_|
>
> As you can see from above, I am connected to one ISP
> at location in LA and NY. For outbound, I have no
> problems as I inject default route based on certain
> route availability. For Inbound, I have a DMZ in LA
> and a DMZ in NY. There is no direct connection between
> my internet routers. If the Internet link in LA fails,
> users can not get to DMZ servers in LA from Internet.
> To fix this issue, I can peer with my provider and
> send LA dmz routes via NY and vice versa. In case of
> LA internet link failure, traffic can come via NY but
> since there is no direct link between two Internet
> routers, my traffic will have to go through my
> Internal network which I want to avoid. Anyone has
> similar situation. One solution that I am thinking of
> is to create a tunnel between two firewalls or the
> internet routers. Any suggestions appreciated.
>
> Thanks
>
>
>
>
> ____________________________________________________
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

--
John Matijevic, CCIE #13254
U.S. Installation Group
Senior Network Engineer
954-969-7160 ext. 1147 (office)
305-321-6232 (cell)

• Next message: Scott Morris: "RE: ip multicast boundary vs. ip igmp access-group"
• Previous message: gladston@br.ibm.com: "Shape Peak and Shape Average"
• Maybe in reply to: AM: "OT: Inbound Internet Redundancy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:13 GMT-3