On 8 Jul 2001, at 18:23, Alvin Oga wrote:
> hi ya
>
> > Something like this:
> >
> > Inside---FW with Nat -----router-----------First Provider
> > to 1st Prov |
> > addr space |
> > Traffic natted
> > to 2nd provider's
> > addr space
> > |
> > +--------------Second Provider
>
> I'd try/prefer the following
>
> +-------------+
> | |
> | +-----router--- First Provider
> | FW |
> Inside---+ |
> | w/ NAT |
> | +-----router--- Second Provider
> | |
> +-------------+
>
> if the router or first provider goes down... i can still get
> in and out thru the 2nd provider..
>
> if i have "autonomous"(?) ip#... both ISPs can route incoming
> and outgoing traffic
>
> thanx
> alvin
The issue, I think, is that the poster DOESN'T have an autonomous
or portable address. So in this latter arrangement, while he can
play all sorts of router tricks about which provider a given outbound
packet gets sent to ("shouldn't" matter, since both providers peer
with the rest of the Internet), *inbound* traffic only ever comes
over one link, and when that's down, he's dead.
An alternative that I've used, besides NAT on the second space, was
to put a proxy on the second line that then locally accessed stuff
via the primary addresses.
That, or the NAT approach, will allow outbound-origin connections
via the second line. Where you need either a BGP-able (protable, if
not actually autonomous) address (OR *possibly* some ugly DNS tricks)
is if you want inbound-origin traffic to find your hosts even when
the primary line is down.
David Gillett
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
