Thoughts inline below....
| Howard's comment brings to mind a problem my Design Engineer raised when
| responding to a customer RFI.
|
| Howard's comment: . (Pause for usual mystification on why someone wants
| routing protocols to pass through
| a firewall, a fairly frequent question).
|
| The customer RFI stated requirement ( wording as best as I can remember
):
| Solution will entail two internet connections, a T1 and a DSL. Routing
will
| be configured such that priority traffic will use the T1 connection, and
| ordinary internet browsing will use the DSL connction.
|
| Lindy and I were having a real good laugh about the vagueness of the
| requirement, when we decided to try to come up with a solution. We came
up
| with a number of questions for the customer to elaborate upon, and a
| possible solution. Would anyone else care to use this as a test of design
| issues?
|
| If memory serves, the customer defined "priority" traffic as e-mail and
| connectivity to a certain external web site.
|
| So:
|
| 1) what are some of the questions the customer still needs to |
answer?
My first question to them would be "Do you really think that email and that
one website alone justify a full T-1, while the rest of the internet traffic
for you company goes upstream on a measly DSL circuit?"
Question #2: Do you desire some sort of fault-tolerance? Should one
circuit be able to take over in case of a failure on the other? If the T-1
fails and we move everything to the DSL circuit, do you care if we
completely squash the rest of your traffic if necessary to prioritize the
email and web traffic formerly on the T-1?
Question #3: Do you really need a T-1? Could you get by with another DSL
circuit or a fractional T-1?
|
| 2) What are some possible solutions to this requirement?
| ( assume the T1 and the DSL terminate on the same router )
|
Question #4: Are these circuits coming from the same or different
providers? Do you have your own address space available? (silly question,
let's assume not ) If the answer is "different providers" then IP
address allocation and return-traffic paths become an issue. Let's say that
Provider A (T-1) issues a /27 and Provider B issues a /28. If we NAT
internal addresses to only provider A's addresses--even for traffic leaving
toward Provider B--then all that return web traffic will come in on the T-1,
which kinda violates the spirit of the requirements.
[Actually, upon further reflection, this is an issue even if the circuits
are from the same provider. With two connections to the internet,
successfully manipulating traffic going both directions on both circuits can
be tricky.]
So then, how do you decide who to NAT to which addresses?
One solution to that problem is to check out a Fatpipe Xtreme or a similar
product by Radware that handles a lot of this for you. Pretty cool stuff,
we'll be getting the Radware box in the near future for just this purpose.
On another routing issue, it appears that there will be a very limited
number of destinations for traffic on the T-1 so one very simple solution
would be static routes pointing out the T-1 and a default route pointing to
the DSL circuit.
Policy routing might also come in handy, I think, but it might be a bigger
hammer than is necessary. No need to complicate this if it doesn't need to
be complicated.
Is any of that the sort of thing you're looking for? You keep catching me
late at night when I should be sleeping. I may not be thinking clearly
enough to answer this.
Regards,
John
_______________________________________________________
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=197&t=195
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
