[27771] in North American Network Operators' Group
Re: Alternative to BGP-4 for multihoming?
daemon@ATHENA.MIT.EDU (Dana Hudes)
Sun Mar 12 17:51:10 2000
Message-ID: <003c01bf8c75$2c137c40$3d5cdcd1@hudes.org>
From: "Dana Hudes" <dhudes@panix.com>
To: "Peter A. van Oene" <vantech@sympatico.ca>, <nanog@merit.edu>
Date: Sun, 12 Mar 2000 17:49:06 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Errors-To: owner-nanog-outgoing@merit.edu
Products like the Nortel Accelar 700 do layer 7 redirect.
http://www.nortelnetworks.com/products/02/datasheets/3377.html
----- Original Message -----=20
From: "Peter A. van Oene" <vantech@sympatico.ca>
To: <nanog@merit.edu>
Sent: Sunday, March 12, 2000 4:44 PM
Subject: Re: Alternative to BGP-4 for multihoming?
>=20
> This is great feedback / moderate flaming. However, consider the
> following. =20
>=20
> I have only moderate experience with the F5 3DNS & similar products =
however
> I am familiar with BGP routing. My client base are high traffic =
e-commerce
> style (for lack of a better over used marketing term) web sites. They =
sit
> on /28's and smaller in some cases. I'm certainly not going to be
> successful in acquiring ASN's for these people to do proper load =
balancing
> between multiple ISP's and most major ISP's see little benefit in =
modifying
> route tables to include our small netblock. Its these cases I'm =
concerned
> with. In my mind, irrespective of the comments on the functionality =
of DNS
> for this purpose, I see little other choice.
>=20
> As a direct FYI, the 3DNS can make fairly intelligent decisions about =
where
> to direct traffic beyond simply gauging TCP/53 handshake times. These =
is
> quite a detailed, informatative interaction that can take place =
between the
> 3DNS and F5's local load distributor, the BIG-IP.
>=20
> That being said, if anyone has better ideas on how to provide for high
> availability to millions of web sites worldwide, please let me know.
>=20
> Pete
>=20
>=20
> *********** REPLY SEPARATOR ***********
>=20
> On 3/12/00 at 1:32 PM Chris Brenton wrote:
>=20
> >"Peter A. van Oene" wrote:
> >>=20
> >> Essentially, the 3DNS box assumes the DNS entry for the site for =
which
> the
> >> customer requires multihoming and it intelligently balances traffic
> amongst
> >> any geographically disparate sites. This allows for high =
availability.
> >
> >If I'm not mistaken, it accomplishes this in a somewhat obtrusive
> >manner. The box attempts an xfer back to TCP/53 on the querying DNS
> >server. Based on response time, a proper route is chosen. I've seen a
> >lot of posts to Intrusion & GIAC from people who assumed someone was
> >trying enumeration in preparation for an attack, only to find out it =
was
> >one of these boxes.
> >
> >I also seem to remember a post on GIAC showing Snort traces of one of
> >these boxes actually performing a full xfer if the box was not locked
> >down. Do you use one of these boxes? If so, any idea what happens to =
the
> >xfer data?
> >
> >Ignoring the argument as to whether its appropriate to attempt xfers =
on
> >unsuspecting networks, I also see this as being pretty inefficient. A
> >good quantity of sites are now running split DNS so the querying =
server
> >is not even reachable. This means a fair percentage of the time the =
load
> >balance attempt will outright fail.
> >
> >Don't see this replacing BGP anytime soon. ;)
> >
> >Chris
> >--=20
> >**************************************
> >cbrenton@sover.net
> >
> >* Multiprotocol Network Design & Troubleshooting
> >http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
> >* Mastering Network Security
> >http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
>=20
>=20
> -------
> Peter Van Oene
> Senior Systems Engineer
> UNIS LUMIN Inc.
> www.unislumin.com
>=20
>=20
