[119126] in North American Network Operators' Group
Re: Failover how much complexity will it add?
daemon@ATHENA.MIT.EDU (Joe Maimon)
Sun Nov 8 10:48:18 2009
Date: Sun, 08 Nov 2009 10:47:35 -0500
From: Joe Maimon <jmaimon@ttec.com>
To: adel@baklawasecrets.com
In-Reply-To: <53061.1257681097@baklawasecrets.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
adel@baklawasecrets.com wrote:
> HI,
>
>
> Now I couldn't get any good answers as to why Internet connections 1 and 2 need to be separate. I think the idea was to make sure that there was enough bandwidth for the third party support VPN. I feel that I can consolidate this into one connection and just use rate limiting to reserve some portion of the bandwidth on the connection and this should be fine. Now if I was to do this then I can make a case for just having one backup Internet connection. However I'm still concerned about failover and reliability issues. So my questions regarding this are:
>
I wouldnt jump to any conclusions that everything will work properly if
you are terminating multiple connections directly on the SSG, what with
egress likely being different than the ingress, even if you are using
the same IP range (BGP) on all the links.
You could really be asking for trouble if you are planning on using a
different ISP provided IP range on each connection for each purpose.
Front it all with routers that can policy route, whether or not you also
use BGP.
Joe
