Hehe, curly one here :-) I'm currently planning a total re-implementation of the network here to provide as much fault tolerance as possible. That means I'm going to need multiple upstream connections running BGP4, and multiple firewalls that can auto-failover.
This is all made more complex because internally we're running 3 separate subnets (workstations, servers, and colocated servers), and they all need to be kept segregated and untrusted. I've drawn up a diagram of the proposed structure and it looks a bit like a bowl of spaghetti: http://jon.oxer.com.au/network1.png I've tried to eliminate as many potential single points of failure as possible, for example by using multiple switches between the routers and the firewalls. The only part where there is no duplication is the internal switches to the servers, mainly because in this topology it would require another 3 ethernet cards per firewall for a scare total of 9 each. The border routers will be Debian / Zebra machines running BGP4 on the upstream links, and something else suitable (maybe iBGP4?) on the internal links. Firewalls will be Debian / IPtables machines, masquerading for the machines on the internal switches. Either firewall will need to be able to detect failure of the other, perhaps using a direct crossover cable (magenta in the diagram) and then assume the IP and MAC addresses of the failed machine. Ditto for the border routers. So, the reason for posting: has anyone here done anything like this, or have alternative ideas about how it could be set up? Does my plan make sense? Is there a way to set this up without requiring 6 ethernet cards per firewall? Did I make an enormous blunder and should now retreat back under a rock? Thoughts appreciated! Cheers Jonathan
