[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Highly available Internet connection
From:       hoff () nodewarrior ! net (Christofer Hoff)
Date:       1997-01-30 0:41:49
[Download RAW message or body]

At 4:40 PM -0600 1/29/97, Starkweather, Mike wrote:
>My company wants to move toward Electronic Commerce on the Internet.
> One of the requirements would be a highly available, secure
>connection.  One of the ideas I have considered is two firewalls going
>out over two routers to two wide area links to two ISPs.  This is a
>pretty brute force approach.
>
>Does anyone have any ideas to share on how we might build an Internet
>connection that would approach 100 percent availability?
>
>Thanks for all your help.
>
>Mike Starkweather
>Anheuser-Busch

Mike:

Your requirements are not unlike those of many of my customers.

In many cases, we've provided for similar scenarios without the added cost
and possible routing/addressing complexities of two routers.  A single
router does, of course, present a single point of failure, but most of my
client's find it difficult to justify two $4-5,000 routers and instead
concentrate on providing HA where it normally fails (at least in their
eyes) -- at their connection to
the ingress/gress points to the local loop and to the ISP.

Here's a typical installation:

We've implemented Checkpoint in a High-Availability Configuration using
Veritas or Qualix or OpenVision's HA solution; two Sparcs running in a
Master-Slave asymmetric configuration with a single Cisco on the "evil
side" of the Firewalls.   The Cisco (4x00) is multihomed to two different
ISPs using (quite importantly) TWO DISTINCT local-loop providers (PacBell
and MFS in one case)

This has, in most cases, provided for the best up-time we could hope for
given the balance of bandwidth, cost, and up-time.

To address your example, however, we have in the past utilized two Cisco
2501's (16 Mb RAM) running BGP sessions Staticly routed to two providers,
and  utilized IGRP/RIP internally.  The default routing metrics provided
for 'redundancy' not load-balancing and it worked jest fine when the
'primary' link failed.  We arranged for a tiered pricing plan on the
secondary circuit such that we only paid for usage, not flat-rate since we
utilized it more for a hot-backup rather than optimizing outbound routing;
I suppose we could/should have done that, but I had 'other' tasks to tend
to (like the 'little' FireWall-1 install sitting in the middle of
everything.

At any rate, my opinion is to build resiliency and HA from the inside out,
make sure your hosts (which fail more often that a Cisco [No FLAMES
please!]) and physical connectivity are up to snuff; especially your
local-loop providers.  I have run out of fingers counting how many times
some hick with a back-hoe has dug his way through an OC-3!

Just my 3 cents.

Chris




            ,,,
           (o-o)
------.oOO--(_)--OOo.--------------------------------------------------
Christofer L. Hoff                \  No true genius is
                                   \  possible without a
NodeWarrior Networks, Inc           \  little intelligent
                                     \  madness!
hoff@nodewarrior.net                  \
http://www.nodewarrior.net             \ -Peter Uberoth
"Nuthin' but Net!"                      \
-----------------------------------------------------------------------
> Windows 95 Rules!  I've been using it for 12  years on my Macintosh <

[prev in list] [next in list] [prev in thread] [next in thread]