John Neiberger wrote:
On another list we've been having multihoming discussions again and I wanted to get some fresh opinions from you.
Whilst the topic's under discussion may I present myself as a lightning rod :) by asking: (a) Has anyone here used any of the 'basement multi-homing in a box' products such as Checkpoint's ISP Redundancy feature? http://www.checkpoint.com/products/connect/vpn-1_isp_redundancy.html (The 'VPN-1' brand is slightly misleading - it's a generic firewall.) This allows edge networks to multihome between separate ISPs. When it was first mentioned around the office I explained that it couldn't possibly work, and my colleagues explained to me that I was full of it and that the product is on the market and in use. (It has subsequently been lab'd here and seemed to work between our main link (UUnet) and a humble BT DSL line.) As far as I understand it, it's a form of NAT - the device keeps track of which session's packets are going where and spreads traffic around. If one ISP goes down it'll fail over to the other link. (b) I suspect the answer will be a vehement 'no!' -- if so, why? Obviously this won't scale terribly well at the service provider level but for edge networks - what's wrong with it? Obviously this only works for outbound sessions but there are plenty of large enterprises happy to keep the majority of inbound services (web etc) off in a nice secure hosting centre where real netops will use BGP for real multihoming. cheers \a -- Andrew Simmons Penetration Tester | Security Consultant MIS Corporate Defence Solutions, Ltd. Hermitage Court, Hermitage Lane, Maidstone, Kent ME16 9NT Tel: 01622 723432 / Mobile: 07739 834833 (sorry about the disclaimer - there's nothing I can do about it :( ) The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the intended recipient. If you are not the intended recipient any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited. The views expressed in this e-mail are those of the individual and not necessarily of MIS Corporate Defence Solutions Ltd. Any prices quoted are only valid if followed up by a formal written quote. If you have received this transmission in error, please contact our Security Manager on +44 (01622) 723410. This email is intended for the recipient only and contains confidential information, some or all of which may be legally privileged. If you are not the intended recipient, you must not use, save, disclose, distribute, copy, print or rely on this email or any information contained within it. Please notify the sender by return and delete it from your computer. Thank you.