The BGP part will be easy to do. HSRP will be easy to do however if you are
going to have 2 router (each running EBGP to the ISP) that connect to a
firewall (whether it is a PIX or not) understand that most firewalls do not
pass Multicast traffic. So HSRP will break because hellos will not be
passed along from one router to another so therefore adjacencies will not be
formed. Dave is correct that some firewalls do break when they receive
traffic from another port that they sent it out on. So if you have
something like this (sorry if the ASCII gets messed up when it this email
gets posted):
RouterA RouterB
| |
| HSRP |
Firewall
|
LAN
It will not work. You will probably have to front end the routers ethernet
interfaces that would be connecting into the Firewall with a small switch so
that you can pass the HSRP traffic. If someone has a better idea, please
post it.
Mario Puras
SoluNet Technical Support
-----Original Message-----
From: MADMAN [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 25, 2002 10:13 AM
To: [EMAIL PROTECTED]
Subject: Re: Need help with Simple BGP Solution [7:53936]
Wayne Jang wrote:
>
> have a customer that wants to implement BGP at his office. They want to
> have complete redundancy, not load balancing. They have some users coming
> in from the outside for VPN and email servers.
>
> They will be using T-1s to two separate ISPs and will use a separate
router
> for each ISP connection.
>
> My questions are as follows:
>
> Can I use just one firewall? (I could run HSRP on the two routers,
firewall
> would just forward to the phantom default gateway)
> They currently own a Sonicwall Pro 100. I would prefer they use a PIX, is
> there any reason why they can't use the Sonic?
>
> Do ISPs charge subcribers extra for advertising routes through the other
ISP
> (BGP)?
Not that I'm aware of.
>
> I also want to have default routes to the ISP. I don't believe this
> customer needs the added routing accuracy, if it means they will need
> routers with 128 MB or ram.
If each router has only a defualt route to it respective provider and
your doing HSRP you will only use 1 ISP for your egrees traffic, is that
acceptable since most customers want to utilize both connections their
paying for.
I don't know about Sonic but I have seen firewalls that break if you
send traffic out router A and it returns via router B.
Dave
>
> Thanks
>
> Wayne
--
David Madland
CCIE# 2016
Sr. Network Engineer
Qwest Communications
612-664-3367
"You don't make the poor richer by making the rich poorer." --Winston
Churchill
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54062&t=53936
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
