[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Two ISP's to one DMZ
From:       Paul Ferguson <pferguso () cisco ! com>
Date:       1997-07-06 23:02:15
[Download RAW message or body]

At 03:39 PM 07/06/97 +0000, marc@sniff.ct-net.de wrote:

>Paul Ferguson answered quite short to the question:
>
>> No problem -- run BGP between all peers.
>> 

>
>Uhh ... what has the problem to do with BGP?
>

Uh, because the original question asked how to connect two
or more different routin domains (ISP's) to a shared (or
perhaps switched) media interconnect point, and BGP is
the de facto method for exterior routing between dissimilar
administrative routing domans. That has everything to do
with the problem, as well as the solution. You don't use
a wrench to hammer a nail -- you use the correct tool for
the job.

>I was thinking in terms of "trust" and such ...
>We are talking about a building with several ISP's working in this
>building? And they want to share the cost's for a DMZ installation?
>

Trust is a very bad thing, but even if you are foolish enough
to open your kimono, you still need the BGP protocol for routing
beteen different administrative routin domains.


>Or several ISP's at several locations? In this case I would have
>expected a tunnel solution between my outside router and the DMZ
>somewhere out in the world - or there is no difference between this
>outsourced DMZ and the "big bad internet(TM)".
>
>So: what exactly is the problem? (and is BGP the answer? ;-)
>

The problem perhaps was miscommunicated, but as it stands,
if the problem is simply how to exchange data between two
ISP's at a common location,, BGP is the answer.

- paul

>Regards, Marc
>
>> At 08:36 AM 07/06/97 -0500, Bertrum Carroll wrote:
>> 
>> >I'm looking for advice from someone who has connected two or more
>> >different ISP's to the same DMZ.
>> >
>> >Are there pitfalls in doing this?  Is it not possible.  I need to stay
>> >up to aleast part of the net when a single ISP is having problems.
>> >
>> >Has anyone done this with success?
>
>-- 
>Marc Binderberger                                  97076 Wuerzburg, Germany
>marc@sniff.ct-net.de                               Powered by FreeBSD ;-)
>


--
Paul Ferguson                                           ||        ||
Consulting Engineering                                  ||        ||
Herndon, Virginia   USA                                ||||      ||||
tel: +1.703.397.5938                               ..:||||||:..:||||||:..
e-mail: pferguso@cisco.com                         c i s c o S y s t e m s

[prev in list] [next in list] [prev in thread] [next in thread]