[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Two ISP's to one DMZ
From:       Paul Ferguson <pferguso () cisco ! com>
Date:       1997-07-10 10:30:29
[Download RAW message or body]

At 12:29 AM 07/10/97 -0500, mikech@avana.net wrote:

>
>Nope, as I stated previously, how do you route one ISP's CIDR addresses 
>through another ISP? Are you saying I can grab a chunk of Sprint's CIDR 
>(Classless Inter-Domain Routing) address space and reroute it thorugh MCI? 
>Will it be added to the MCI routing tables as a separate entry? How will 
>Sprint remove the class C from its CIDR block? Won't this fragment the hell 
>out of the backbone routing tables?
>

Yes, multihoming does inject more specific prefixes into the global
routing table, and punches holes in CIDR blocks.

This is something that aggregation purists have belabored for
several years. However,the fact of the matter is that in order to
effectively multihome in an environment where your IP address
space comes from with one of the upstream provider's CIDR blocks,
this is how it works, and is perfectly feasible. In fact, there
are many organizations doing this today.

With regards to prefix announcement filtering, it is true that
there are several larger ISP's which filter announcements on
a /19 boundary. This is a political problem, not really a
technical one.

>> Exactly how does NAT and DNS provide for the announcement of AS's
>> and/or prefixes into the global routing system?
>
>It doesn't. It is an *alternate* solution. You can remap Internal address 
>space to multiple external IPs. These IPs could even come from different
ISPs. 
>The dynamic DNS allows you to remap inbound connections by changing the
IPs a 
>domain name is associated with in real time.
>

Again, I do not view this as a technically feasible method of multihoming
an organization. Use a hammer to pound nails, not a wrench.

- paul


--
Paul Ferguson                                           ||        ||
Consulting Engineering                                  ||        ||
Herndon, Virginia   USA                                ||||      ||||
tel: +1.703.397.5938                               ..:||||||:..:||||||:..
e-mail: pferguso@cisco.com                         c i s c o S y s t e m s

[prev in list] [next in list] [prev in thread] [next in thread]