'Re: Two ISP's to one DMZ'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Two ISP's to one DMZ
From:       mikech () avana ! net
Date:       1997-07-10 0:29:36
[Download RAW message or body]



------------------------
  From: Paul Ferguson <pferguso@cisco.com>
  Subject: Re: Two ISP's to one DMZ 
  Date: Wed, 09 Jul 1997 17:25:23 -0400 
  To: "Mark Horn [ Net Ops ]" <mhorn@funb.com>
  Cc: Firewalls@GreatCircle.COM


> At 11:40 AM 07/09/97 -0400, Mark Horn [ Net Ops ] wrote:
<Snip!>
> 
> I have no idea what you are referring to with regards to "BGP also
> requires that you have portable address space" -- this is certainly
> incorrect. Perhaps you meant something else, or meant it in a
> different context?
> 

Nope, as I stated previously, how do you route one ISP's CIDR addresses 
through another ISP? Are you saying I can grab a chunk of Sprint's CIDR 
(Classless Inter-Domain Routing) address space and reroute it thorugh MCI? 
Will it be added to the MCI routing tables as a separate entry? How will 
Sprint remove the class C from its CIDR block? Won't this fragment the hell 
out of the backbone routing tables?

I understand you have quite a few resources available (Cisco is a pretty big 
company after all ;^). Do you have any real world examples of BGP being used 
by a company with a couple of class C's supplied by an ISP to route in a 
failover situation through another ISP?

> >Having only looked at it superficially, dynamic DNS + NAT seems like a
> >workable solution when BGP isn't available.  But if BGP is available, it
> >seems better.  And that's simply on a performance basis.  BGP also
> >provides policy setting that DNS doesn't.
> >
> 
> Exactly how does NAT and DNS provide for the announcement of AS's
> and/or prefixes into the global routing system?

It doesn't. It is an *alternate* solution. You can remap Internal address 
space to multiple external IPs. These IPs could even come from different ISPs. 
The dynamic DNS allows you to remap inbound connections by changing the IPs a 
domain name is associated with in real time.

See my previous post for an example of a multi-homed NAT failover example.

<Snip!>
> 
> --
> Paul Ferguson                                           ||        ||
> Consulting Engineering                                  ||        ||
> Herndon, Virginia   USA                                ||||      ||||
> tel: +1.703.397.5938                               ..:||||||:..:||||||:..
> e-mail: pferguso@cisco.com                         c i s c o S y s t e m s
> 

---------------End of Original Message-----------------

Mike
--
00:29:36
07/10/97
_______________________________________________________________________
Michael W. Chalkley                                Tel: +1.770.823.7846
ZapNet! Inc.                                       Fax: +1.770.475.7640
Suite 400-120                                   E-mail: mikech@well.com
10945 State Bridge Road                                mikech@avana.net
Alpharetta, GA 30202                    (wireless) mikech@radiomail.net

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic