2 other cents.. I'm not sure that the linkproof is that much less $ - you really need 2 of them to eliminate your new SPF for one thing.. so at what, $10k(8K?) a pop, it's still big bucks. What's the point of redundant connections if you have an SPF controlling the whole shebang? :) Also worth looking at Rainfinity if you want a box to do load bal/failover stuff. (I think Rainconnect is the product name)
BGP has a slight delay on failover but none of my users have ever noticed it. It's like a web site being slow for 30sec.. VPN's will die.. no way around that. But the linkproof can't stop that either (since it NAT's your hosts with 2 ranges of IP's, your host IP will change on failover if I am not mistaken.. ) And actually w/BGP you have a 50% chance (with 2 T's) of not losing the VPN since you are using both circuits all the time.. if the line that stays up is carrying the session then it is seamless. Nothing can protect you from a session on a circuit that gets dropped. Nothing I am aware of anyhow! :) FWIW in long threads on the ISP BGP lists the consensus seemed to be 90% reachability in ~5min.. that means from timbuktu.. (well, almost!) For continental US or EU, it is well under that. My "visible" reachability is there in well under a minute, and no one but me notices anything has changed.. (I only notice bc my syslog server beeps at me!) IME a basic config is not complicated or time consuming - a basic config can simply be to take two default routes.. you can do this with a 2600 series!! Providers need full tables - you probably don't unless you provide transit. You can set it and forget it once it's done. Yeah, you need to look in on it, but it is hardly a tar pit.. anyhow you don't need huge routers and tons of RAM. YOu can also take provider routes (again, a small partial table..) nothing for you to set up, just ask your ISP... Load balancing is the clincher - BGP can't do it in a "real" way (per stream for ex) bc it is not designed to. Only you can make the call as to how important load bal is.. personally I like carrier/pop/loop diversity over load bal. (and geographic diversity as well..) 2 T's to the same carrier can load bal with BGP but it IMHO defeats the purpose of BGP.. my #1 goal is business continuity. Everything after that is icing. :) For me that means an HSRP pair of routers on the edge running BGP with muliple carriers. The loops go out on different providers, to different pops to different backbones in different cities. Either router can die and it won't matter, any router can lose its T's and it doesn't matter. Our IP's don't change so there is no DNS stuff to worry about. (K.I.S.S in action..) The two edge routers run an iBGP session with each other so they exchange reachability about the their own connections.. this provides a measure of load balancing despite the "up/down" nature of HSRP. Packets whose shorter path is via the secondary router will actually bounce from the primary to the secondary and then out... just a different angle.. no right or wrong here.. whatever works best for you is best! :) >>> Kim Longenbaugh <[EMAIL PROTECTED]> 09/24/02 08:11AM >>> Yes, there is a less expensive way to do this without BGP. Look up the LinkProof by Radware www.radware.com It lets you load balance, provides redundancy, handles nat and the DNS issues involved very well. >>> [EMAIL PROTECTED] 09/24/02 04:04AM >>> I am trying to find out how to setup a pair of Nokia 350's so they load balance traffic accross two internet links. I have looked at setting up BGP but it looks like it would be very time consuming and there would be a delay when things fail over. Are there any other ways of doing this? Thanks, Richard. ********************************************************************** This email contains information which is confidential. It is for the exclusive use of the addressee. If you are not an addressee please contact us immediately on 01737 275500. Please note that any distribution, copying or use of this communication or its contents is prohibited. This footnote also confirms that this email message and all associated attachments have been swept by Network Associates VirusScan for the presence of computer viruses. ********************************************************************** ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
