Andrew,
Great information -- so the 36XX series router is not necessary. Brings
the price-point down... What is the ball-park price of a 2524?
I prefer to use BGP for circuit and routing redundancy as well. I still
think that Rainfinity/Stonebeat definitely has a place -- but for load
balancing/failover/HA of the firewalls.
As far as DSL, my opinion is that "it depends". If you're close enough
to the CO to get 768k or better, I say go for it. Especially because DSL
boxes like Netopia let you bond DSL circuits.
One thing to consider with DSL is the provider -- does the DSL provider
own the local loop, DSLAM, network, and the router that your DSL connection
terminates on? I have seen some ISPs that have telco carry the circuit to a
DSLAM owned by Rhytms/Northpoint/Covad/etc. The DSL carrier then carries
the circuit across their network, where they hand it off to the ISP on a
DS-3 containing many DSL circuits.
-iden_fw
>From: "Andrew Bagrin" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>CC: <[EMAIL PROTECTED]>
>Subject: RE: [FW1] Multiple WAN Links.
>Date: Tue, 07 Nov 2000 09:29:24 -0500
>
>
>I have a 2524 with 14m of processor memory running BGP between two
>different ISP's, and it works fine.
>Rainwall is excellent for load balancing firewalls, but for Internet
>connections, I'd stick with BGP. I know it work, I've been running it for
>over a year now. My firewalls have been load balanced behind my ISP BGP
>connection for almost one year.
>
>Andrew Bagrin
>Network Analyst
>
>Regal Cinemas, Inc.
>7132 Commercial Park Drive
>Knoxville, TN 37918
>
>(865) 925-9467
>
> >>> "Mark L. Decker" <[EMAIL PROTECTED]> 11/06/00 05:35PM >>>
>
> > The only point that I would make is that you have to have a
> > router for connectivity -- so the only price increase is the additional
> > RAM, and if you are upgrading from a 26XX series to a 36XX series router
> > (which is not inexpensive, granted).
>
>True. Upgrading from the default 32M DRAM to 128M DRAM on a 3640 will
>"only"
>cost $5,760 per router. ;-) But that assumes you already have two 3640s.
>Most people who have T1 internet access have a single lower-end router like
>a 2600 or 1700 series Cisco. For them, a move to fully-redundant routers
>running BGP/HSRP means buying two brand new routers. And, that only
>addresses the ISP link and router redundancy. They still haven't
>eliminated
>the firewall as a single point of failure. If you want to protect all
>three, you're looking at some sort of firewall HA solution anyway.
>
>So, let's look at total purchase price for a fully redundant setup with
>BGP/HSRP vs. a fully redundant setup using RainWall:
>
>Secure, fully redundant T1 access with BGP/HSRP
>pair of 3640 routers: $30,920 ($15,460 x 2, includes T1 CSU/DSUs)
>firewall HA solution: $12,000 (based on RainWall with LB)
>TOTAL LIST PRICE: $42,920 (does not include firewalls themselves)
>
>Secure, fully redundant T1 access with RainWall
>pair of 1720 routers: $ 4,390 ($2,195 x 2, includes T1 CSU/DSUs)
>firewall HA solution: $12,000 (based on RainWall with LB)
>TOTAL LIST PRICE: $16,390 (does not include firewalls themselves)
>
>That's a big price difference. Plus, if you already have a T1 router, you
>can subtract another $2,195 from the cost of the RainWall solution. If
>transparent failover for inbound connections is worth $28,725 to you (and
>it
>may be if you're hosting an e-commerce website internally), then BGP is
>still the best answer. But if you just want increased capacity and
>automatic failover for regular outbound browsing and email, RainWall can be
>a useful, less-expensive alternative.
>
>While we're on the subject of cost, consider this: How much could you save
>on access costs by replacing your T1 with DSL? Most people wouldn't dare,
>because DSL is typically not quite as fast or reliable as a T1. But if you
>had multiple redundant DSL links... Something to think about, anyway. ;-)
>
>
>
>================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>================================================================================
>
>
>
>================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>================================================================================
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
