----- Original Message ----- From: Mark Tinka <mti...@globaltransit.net>
> On Friday 06 February 2009 05:09:30 pm Matthias Gelbhardt > wrote: > > > We have asymmetric routing in several cases. I would > > like to know, how you would deal against that? > > The moment you're multi-homed to the Internet, asymmetric > routing is a fact of life; and it's not really a bad > thing. [...] To add to that: Are you keeping state somewhere? Asymmetry does not affect stateless behavior; control (i.e. "confine to where appropriate", usually) your statekeeping and you won't have a problem either. Funny thing I noticed (knew about, but never thought much about) when I set up my SSG for failover -- I'm accustomed to devices that forward statelessly even when keeping state for filtering purposes. ScreenOS checks flows before it routes, so it forwards responses out the zone (thinking about it, I haven't checked to see if it keeps flow state per-interface when the zone contains multiple interfaces) on which the request arrived. When it's necessary, it makes for a simpler config. I'll have to look into JunOS+ES to see if it operates similarly. Peter E. Fry _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp