Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Enterprise Multihoming

  • From: Andrew Simmons
  • Date: Thu Mar 11 13:31:47 2004

John Neiberger wrote:

On another list we've been having multihoming discussions again and I
wanted to get some fresh opinions from you.
Whilst the topic's under discussion may I present myself as a lightning
rod :) by asking:

(a) Has anyone here used any of the 'basement multi-homing in a box'
products such as Checkpoint's ISP Redundancy feature?
(The 'VPN-1' brand is slightly misleading - it's a generic firewall.)

This allows edge networks to multihome between separate ISPs.  When it was
first mentioned around the office I explained that it couldn't possibly
work, and my colleagues explained to me that I was full of it and that the
product is on the market and in use. (It has subsequently been lab'd here
and seemed to work between our main link (UUnet) and a humble BT DSL line.)
As far as I understand it, it's a form of NAT - the device keeps track of
which session's packets are going where and spreads traffic around. If one
ISP goes down it'll fail over to the other link.

(b) I suspect the answer will be a vehement 'no!' -- if so, why? Obviously
this won't scale terribly well at the service provider level but for edge
networks - what's wrong with it?

Obviously this only works for outbound sessions but there are plenty of
large enterprises happy to keep the majority of inbound services (web etc)
off in a nice secure hosting centre where real netops will use BGP for real



Andrew Simmons
Penetration Tester | Security Consultant
MIS Corporate Defence Solutions, Ltd.
Hermitage Court, Hermitage Lane, Maidstone, Kent ME16 9NT
Tel: 01622 723432 / Mobile: 07739 834833

(sorry about the disclaimer - there's nothing I can do about it :(  )

The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the intended recipient.  If you are not the intended recipient any disclosure, reproduction, distribution or other dissemination or use of this
communications is strictly prohibited.   The views expressed in this e-mail
are those of the individual and not necessarily of MIS Corporate Defence Solutions Ltd.  Any prices quoted are only valid if followed up by a formal written quote.  If you have received this transmission in error, please contact our Security Manager on +44 (01622) 723410.

This email is intended for the recipient only and contains confidential information, some or all of which may be legally privileged. If you are not the intended recipient, you must not use, save, disclose, distribute, copy, print or rely on this email or any information contained within it. Please notify the sender by return and delete it from your computer. Thank you.

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.