I usually opt for an "appliance" solution, rather than putting together some booty PC that you've go tto worry about disk capacity, other things etc. Forgive me if someone else has already mentioned this, but I can't understand why people go and by big Cisco 7xxx series routers to handle nothing more than LAN-based routing (as opposed to LAN and WAN such as OC-3) when there are plenty of good Layer 2/3 switches on the market, such as Extreme or ServerIron. Both of them can do BGP I believe, the only limitation I could think of was the amount of RAM. Some of the NetIrons I've looked at 6 or more monthes ago only had 32 Meg of RAM, but newer models might have more. It may be enough for a limited BGP session. I've seen companies buy outrageously expensive 7200s just to do packet filtering and NAT. A load balancer could do those tasks, and they are probably already part of the setup. Or a Layer 2/3 switch. Also, Nokia firewalls do BGP I think... I know they do RIP and OSPF. You can get quad cards on a Nokia 450, although they aren't much more than glorified FreeBSD boxes with Checkpoint running on them. Sorry if this was redundant, I might have missed some of the posts on this thread. Tony On Wed, 1 Nov 2000, Mike Johnson wrote:
Brantley Jones [bjones@redundant.net] wrote:
Mike,
I know exactly what you're talking about. How much does the Linkproof cost? It could come down to a cost issue. Looking at the Linkproof documentation, it looks like you MAY still need a router. It sounds like the Linkproof is just a smart NAT box with some QOS features. Are you going to be advertising your IP block to both providers? If one goes down, will you still be routable globally? If not, how could the Linkproof possibly handle that?
The cost issue is one reason why I'm shopping around.
1 RADWare Linkproof: $10k list (we would buy two for redundancy) 1 Cisco 7206VXR/NPE300 with four Fast e-net links: $33k
I'm beginning to wonder if the 7206 is overkill for our needs.
Our connections will be via fast ethernet, so we don't need any serial cards. The LinkProof would esentially look like and endpoint node on each of the two provider's networks. It can act as a router, albeit without OSPF or BGP (it'll do RIP).
We're not planning on getting our own IP block, rather we'd get one block from each of the providers. The LinkProof relies heavily on DNS. Assuming both providers are up, it sends out the IP address that it thinks would get the client to the site the fastest. IE, if our site has connections with ISP A and B, and you come in through B, the LinkProof tries to figure out if a path back through B is fastest, or if A might be fastest. It then responds with the IP address (related to my DNS records) on A or B, depending on which it thinks is best. If B is down, the LinkProof will know this (it monitors link state) and will only respond to DNS queires with IPs from A.
So, it can handle it, but it does so with DNS tricks. DNS tricks won't always work, but for at least 75% of the clients that will be connecting to us, DNS tricks should work. And in this instance, when DNS tricks fail, our site is still reachable, but it might not be the best route.
Brantley
Mike -- Mike Johnson Network Engineer / iSun Networks, Inc. Morrisville, NC All opinions are mine, not those of my employer
-------------- -- ---- ---- --- - - - - - -- - - - - - - Tony Bourke tony@vegan.net