'Re: Two ISP's to one DMZ'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Two ISP's to one DMZ
From:       "Mark Horn [ Net Ops ]" <mhorn () funb ! com>
Date:       1997-07-09 11:40:56
[Download RAW message or body]

mikech@avana.net says:
>In our customer trials, Dynamic DNS response has been under 20 minutes (we 
>reload the databse every 10 minutes) from a large percentage (95%) of the net. 
>We haven't found a production DNS server yet that didn't age out the cache 
>properly. However, we have seen route update times of 24 hours or more in 
>about 75 percent of the cases under BGP (if not total failure due to the old 
>route not being removed). 

In BGP terms, this is called convergence.  The tests that I've run here
show that BGP converges around a network outage in a few seconds (it
averaged about 6 seconds, but was as fast as 2 and as slow as 20).  It
converges around a network coming back online in a few minutes (the
average was about 2 minutes but was as slow as 10 minutes).  

I have never seen a case where a BGP update on the Internet took more than
a few minutes to converge.  I have seen several cases where a provider
does not make the change except during a specified change control window.
And that sometimes takes as long as 24 hours to happen.  But that's only
because the provider is doing the BGP.  If I'm doing my own BGP,
convergence times are very small.

I'd love to hear more data about BGP convergence from people who are using
BGP ... pferguso@cisco.com?

>Most routers are definitely not up to updating a 
>route through BGP. Besides, how are you going to switch between CIDRs? If I am 
>using a Sprint Class B or C IP block how am I going to route it through MCI? 

Both of these issues are legitimate.  BGP gobbles memory, especially if
you're getting full Internet routes.  BGP also requires that you have
portable address space - a rare commodity.

Having only looked at it superficially, dynamic DNS + NAT seems like a
workable solution when BGP isn't available.  But if BGP is available, it
seems better.  And that's simply on a performance basis.  BGP also
provides policy setting that DNS doesn't.

-- 
Mark Horn <mhorn@funb.com>

PGP Public Key available from: http://www.es.net/hypertext/pgp.html
PGP KeyID/fingerprt: 00CBA571/32 4E 4E 48 EA C6 74 2E  25 8A 76 E6 04 A1 7F C1

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic