On Sat, Oct 06, 2001 at 01:15:41AM +0200, Rafi Sadowsky wrote:
Anyone ever try using the RADWARE LinkProof ? (or similar - are there any others ? )
<http://www.radware.com/content/products/link.htm>
It looks like a combination between link monitoring & NAT'ing internal address the the "best" ISP's NetBlock
I have not in fact used the product, but I was invited to a presentation with lots of technical details. I then went for beers with a couple of the techies, which was quite educational too :) The way it works is as follows: - you put all your servers that you want redundant (it is hardly protocol-specific, which is good) in RFC1918 space. - you hook up to a couple of ISPs, and get from each a block the same size as your RFC1918 block. - you delegate DNS for any service you want redundant to the linkproof box/boxes (they can failover amongst themselves), one NS+A record for each ISP you have space from. The inherent failover in DNS caches/resolvers makes sure clients will always at least get a reply (this is the neat bit - the real failover is in DNS resolvers everywhere, not in the box itself). - the box, continually monitoring rtt's and reachability of networks, returns the A record pointing to the most 'optimal' ISP for that client. This request then comes in, it NATs it to the RFC1918 space and handles it. The neat thing is that it does not need a netblock big enough to get through BGP filters - you just get a /24 or whatever from *each* ISP, out of their larger netblocks. The concept is nice, it sounds like it will work. I have, however, never tried it so I can't vouch for the implementation. Greetz, Peter [not affiliated with RadWare or anything] -- Monopoly http://www.dataloss.nl/monopoly.html