RADWare Linkproof? (or better ways to multihome)
Back in March (looking through the archives) there was some discussion on this product as a replacement for BGP-4 for multihoming. I find myself in a situation where I'm going to be setting up a site that will be multihomed at a co-lo site. We're going to be connected to two separate ISPs via fast ethernet connections. I have only discussed BGP with one of the ISP's (we will not be getting IP services from the co-lo company), but they didn't seem to indicate that they had any issues with us using BGP. So, it seems that BGP-4 is an option. We've been speaking with RADWare about their Web Server Directors for server load balancing and they brought up the Linkproof (http://www.radware.com/content/products/link.htm). I was planning on just purchasing a big ole router and running BGP, but the idea of replacing the router with a pair of Linkproofs (high availability) is very attractive both from a cost standpoint and from an expertise standpoint (I'm the only one here who has run BGP-4 at all, and that was only in a lab, playing around -- ie, we have damned near no in house BGP-4 experience). I'm waiting to hear back from our salesdroid on other customers who currently use Linkproofs in this manner (he says there are several), but since this has been discussed here (but no conclusions seem to have been reached), I thought I would ask and see if anyone has experience with this product. In the end, I'm certainly willing to look at other solutions, but we're a bit iffy on BGP and we're already planning on running NAT, so the Linkproof looks like a good fit. Thanks, Mike -- Mike Johnson Network Engineer / iSun Networks, Inc. Morrisville, NC All opinions are mine, not those of my employer
Mike, If the purpose of using BGP is to server load balance, there are other products that work as well if not better. Take a look at F5, Alteon and Arrowpoint. BGP will be a good method to load share traffic between multiple different providers Regards Mohamed On Wed, 1 Nov 2000, Mike Johnson wrote:
Back in March (looking through the archives) there was some discussion on this product as a replacement for BGP-4 for multihoming.
I find myself in a situation where I'm going to be setting up a site that will be multihomed at a co-lo site. We're going to be connected to two separate ISPs via fast ethernet connections.
I have only discussed BGP with one of the ISP's (we will not be getting IP services from the co-lo company), but they didn't seem to indicate that they had any issues with us using BGP. So, it seems that BGP-4 is an option.
We've been speaking with RADWare about their Web Server Directors for server load balancing and they brought up the Linkproof (http://www.radware.com/content/products/link.htm). I was planning on just purchasing a big ole router and running BGP, but the idea of replacing the router with a pair of Linkproofs (high availability) is very attractive both from a cost standpoint and from an expertise standpoint (I'm the only one here who has run BGP-4 at all, and that was only in a lab, playing around -- ie, we have damned near no in house BGP-4 experience).
I'm waiting to hear back from our salesdroid on other customers who currently use Linkproofs in this manner (he says there are several), but since this has been discussed here (but no conclusions seem to have been reached), I thought I would ask and see if anyone has experience with this product.
In the end, I'm certainly willing to look at other solutions, but we're a bit iffy on BGP and we're already planning on running NAT, so the Linkproof looks like a good fit.
Thanks, Mike -- Mike Johnson Network Engineer / iSun Networks, Inc. Morrisville, NC All opinions are mine, not those of my employer
Mike, If the purpose of using BGP is to server load balance, there are other products that work as well if not better. Take a look at F5, Alteon and Arrowpoint. BGP will be a good method to load share traffic between multiple different providers
Don't forget Foundry.
Regards Mohamed
Best, Tim
On Wed, 1 Nov 2000, Mike Johnson wrote:
Back in March (looking through the archives) there was some discussion on this product as a replacement for BGP-4 for multihoming.
I find myself in a situation where I'm going to be setting up a site that will be multihomed at a co-lo site. We're going to be connected to two separate ISPs via fast ethernet connections.
I have only discussed BGP with one of the ISP's (we will not be getting IP services from the co-lo company), but they didn't seem to indicate that they had any issues with us using BGP. So, it seems that BGP-4 is an option.
We've been speaking with RADWare about their Web Server Directors for server load balancing and they brought up the Linkproof (http://www.radware.com/content/products/link.htm). I was planning on just purchasing a big ole router and running BGP, but the idea of replacing the router with a pair of Linkproofs (high availability) is very attractive both from a cost standpoint and from an expertise standpoint (I'm the only one here who has run BGP-4 at all, and that was only in a lab, playing around -- ie, we have damned near no in house BGP-4 experience).
I'm waiting to hear back from our salesdroid on other customers who currently use Linkproofs in this manner (he says there are several), but since this has been discussed here (but no conclusions seem to have been reached), I thought I would ask and see if anyone has experience with this product.
In the end, I'm certainly willing to look at other solutions, but we're a bit iffy on BGP and we're already planning on running NAT, so the Linkproof looks like a good fit.
Thanks, Mike -- Mike Johnson Network Engineer / iSun Networks, Inc. Morrisville, NC All opinions are mine, not those of my employer
Mohamed Hirse [madlion@justin.net] wrote:
Mike, If the purpose of using BGP is to server load balance, there are other products that work as well if not better. Take a look at F5, Alteon and Arrowpoint. BGP will be a good method to load share traffic between multiple different providers
I might not have made myself clear. We will be buying ISP services ('net connections) from two different providers. We are looking at other products for server load balancing. I've kinda narrowed it down to Alteon, RADWare, and Foundry. But that's for server load balancing, not for load balancing between providers. Thanks, Mike -- Mike Johnson Network Engineer / iSun Networks, Inc. Morrisville, NC All opinions are mine, not those of my employer
At 11:38 AM 11/1/2000 -0500, you wrote:
Mohamed Hirse [madlion@justin.net] wrote:
Mike, If the purpose of using BGP is to server load balance, there are other products that work as well if not better. Take a look at F5, Alteon and Arrowpoint. BGP will be a good method to load share traffic between multiple different providers
I might not have made myself clear. We will be buying ISP services ('net connections) from two different providers.
We are looking at other products for server load balancing. I've kinda narrowed it down to Alteon, RADWare, and Foundry. But that's for server load balancing, not for load balancing between providers.
Thanks, Mike -- Mike Johnson Network Engineer / iSun Networks, Inc. Morrisville, NC All opinions are mine, not those of my employer
Mike, I know exactly what you're talking about. How much does the Linkproof cost? It could come down to a cost issue. Looking at the Linkproof documentation, it looks like you MAY still need a router. It sounds like the Linkproof is just a smart NAT box with some QOS features. Are you going to be advertising your IP block to both providers? If one goes down, will you still be routable globally? If not, how could the Linkproof possibly handle that? Brantley
have you considered getting 2 ranges (1 from each provider) and then getting agreements from each where they cross advertise your allocated ranges out, e.g. ISP 1 advertises its own /19 + /23 allocated to you from ISP2 ISP 2 advertises its own /19 + /23 allocated to you from ISP1 Some ISP's will not do this but I do know some of the big boys in the UK will do it and the US is where we first saw this idea in us. Then load each server across an address out of each range This then gives you full redundancy of running BGP without the expense or without requiring the in house expertise Thanks Richard Smith Firstnet email: rsmith@firstnet.co.uk **************************************************************************** ****** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. The views expressed in the email and files transmitted with it are those of the individual, not the company. If you have received this email in error please notify rsmith@firstnet.co.uk ******************************************** ************************************** -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Brantley Jones Sent: 01 November 2000 16:50 To: Mike Johnson Cc: nanog@merit.edu Subject: Re: RADWare Linkproof? (or better ways to multihome) At 11:38 AM 11/1/2000 -0500, you wrote:
Mohamed Hirse [madlion@justin.net] wrote:
Mike, If the purpose of using BGP is to server load balance, there are other products that work as well if not better. Take a look at F5, Alteon and Arrowpoint. BGP will be a good method to load share traffic between multiple different providers
I might not have made myself clear. We will be buying ISP services ('net connections) from two different providers.
We are looking at other products for server load balancing. I've kinda narrowed it down to Alteon, RADWare, and Foundry. But that's for server load balancing, not for load balancing between providers.
Thanks, Mike -- Mike Johnson Network Engineer / iSun Networks, Inc. Morrisville, NC All opinions are mine, not those of my employer
Mike, I know exactly what you're talking about. How much does the Linkproof cost? It could come down to a cost issue. Looking at the Linkproof documentation, it looks like you MAY still need a router. It sounds like the Linkproof is just a smart NAT box with some QOS features. Are you going to be advertising your IP block to both providers? If one goes down, will you still be routable globally? If not, how could the Linkproof possibly handle that? Brantley
Couldn't you also advertise both blocks to both ISP then simply prepend or add community attributes to prefer one over the other with each provider. BTW, us providers I know or worked for will advertise blocks that are given to you so long as you have the provider that own the blocks to SWIP them with ARIN. Regards Mohamed On Wed, 1 Nov 2000, rick wrote:
have you considered getting 2 ranges (1 from each provider) and then getting agreements from each where they cross advertise your allocated ranges out,
e.g.
ISP 1 advertises its own /19 + /23 allocated to you from ISP2 ISP 2 advertises its own /19 + /23 allocated to you from ISP1
Some ISP's will not do this but I do know some of the big boys in the UK will do it and the US is where we first saw this idea in us.
Then load each server across an address out of each range
This then gives you full redundancy of running BGP without the expense or without requiring the in house expertise
Thanks
Richard Smith Firstnet email: rsmith@firstnet.co.uk **************************************************************************** ******
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. The views expressed in the email and files transmitted with it are those of the individual, not the company. If you have received this email in error please notify rsmith@firstnet.co.uk
******************************************** **************************************
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Brantley Jones Sent: 01 November 2000 16:50 To: Mike Johnson Cc: nanog@merit.edu Subject: Re: RADWare Linkproof? (or better ways to multihome)
At 11:38 AM 11/1/2000 -0500, you wrote:
Mohamed Hirse [madlion@justin.net] wrote:
Mike, If the purpose of using BGP is to server load balance, there are other products that work as well if not better. Take a look at F5, Alteon and Arrowpoint. BGP will be a good method to load share traffic between multiple different providers
I might not have made myself clear. We will be buying ISP services ('net connections) from two different providers.
We are looking at other products for server load balancing. I've kinda narrowed it down to Alteon, RADWare, and Foundry. But that's for server load balancing, not for load balancing between providers.
Thanks, Mike -- Mike Johnson Network Engineer / iSun Networks, Inc. Morrisville, NC All opinions are mine, not those of my employer
Mike,
I know exactly what you're talking about. How much does the Linkproof cost? It could come down to a cost issue. Looking at the Linkproof documentation, it looks like you MAY still need a router. It sounds like the Linkproof is just a smart NAT box with some QOS features. Are you going to be advertising your IP block to both providers? If one goes down, will you still be routable globally? If not, how could the Linkproof possibly handle that?
Brantley
Brantley Jones [bjones@redundant.net] wrote:
Mike,
I know exactly what you're talking about. How much does the Linkproof cost? It could come down to a cost issue. Looking at the Linkproof documentation, it looks like you MAY still need a router. It sounds like the Linkproof is just a smart NAT box with some QOS features. Are you going to be advertising your IP block to both providers? If one goes down, will you still be routable globally? If not, how could the Linkproof possibly handle that?
The cost issue is one reason why I'm shopping around. 1 RADWare Linkproof: $10k list (we would buy two for redundancy) 1 Cisco 7206VXR/NPE300 with four Fast e-net links: $33k I'm beginning to wonder if the 7206 is overkill for our needs. Our connections will be via fast ethernet, so we don't need any serial cards. The LinkProof would esentially look like and endpoint node on each of the two provider's networks. It can act as a router, albeit without OSPF or BGP (it'll do RIP). We're not planning on getting our own IP block, rather we'd get one block from each of the providers. The LinkProof relies heavily on DNS. Assuming both providers are up, it sends out the IP address that it thinks would get the client to the site the fastest. IE, if our site has connections with ISP A and B, and you come in through B, the LinkProof tries to figure out if a path back through B is fastest, or if A might be fastest. It then responds with the IP address (related to my DNS records) on A or B, depending on which it thinks is best. If B is down, the LinkProof will know this (it monitors link state) and will only respond to DNS queires with IPs from A. So, it can handle it, but it does so with DNS tricks. DNS tricks won't always work, but for at least 75% of the clients that will be connecting to us, DNS tricks should work. And in this instance, when DNS tricks fail, our site is still reachable, but it might not be the best route.
Brantley
Mike -- Mike Johnson Network Engineer / iSun Networks, Inc. Morrisville, NC All opinions are mine, not those of my employer
The cost issue is one reason why I'm shopping around.
1 RADWare Linkproof: $10k list (we would buy two for redundancy) 1 Cisco 7206VXR/NPE300 with four Fast e-net links: $33k
Add the option of an idustrialised PC running OpenBSD, zebra(/old-gated) with one or more DLink 570TX quad FE Ethernet cards. The 32 PCI bus will be the eventual bottleneck, but that's up in the almost wire-speed area for (cough) "normal" sized packets. There are lots of people who will offer "commercial grade" (I use the quotes for sarcasm WRT to some router vendors) support on this, and it works very well. Make it two boxes for H/W redundandy, and you will still get change out of US$5,000. Peter
I usually opt for an "appliance" solution, rather than putting together some booty PC that you've go tto worry about disk capacity, other things etc. Forgive me if someone else has already mentioned this, but I can't understand why people go and by big Cisco 7xxx series routers to handle nothing more than LAN-based routing (as opposed to LAN and WAN such as OC-3) when there are plenty of good Layer 2/3 switches on the market, such as Extreme or ServerIron. Both of them can do BGP I believe, the only limitation I could think of was the amount of RAM. Some of the NetIrons I've looked at 6 or more monthes ago only had 32 Meg of RAM, but newer models might have more. It may be enough for a limited BGP session. I've seen companies buy outrageously expensive 7200s just to do packet filtering and NAT. A load balancer could do those tasks, and they are probably already part of the setup. Or a Layer 2/3 switch. Also, Nokia firewalls do BGP I think... I know they do RIP and OSPF. You can get quad cards on a Nokia 450, although they aren't much more than glorified FreeBSD boxes with Checkpoint running on them. Sorry if this was redundant, I might have missed some of the posts on this thread. Tony On Wed, 1 Nov 2000, Mike Johnson wrote:
Brantley Jones [bjones@redundant.net] wrote:
Mike,
I know exactly what you're talking about. How much does the Linkproof cost? It could come down to a cost issue. Looking at the Linkproof documentation, it looks like you MAY still need a router. It sounds like the Linkproof is just a smart NAT box with some QOS features. Are you going to be advertising your IP block to both providers? If one goes down, will you still be routable globally? If not, how could the Linkproof possibly handle that?
The cost issue is one reason why I'm shopping around.
1 RADWare Linkproof: $10k list (we would buy two for redundancy) 1 Cisco 7206VXR/NPE300 with four Fast e-net links: $33k
I'm beginning to wonder if the 7206 is overkill for our needs.
Our connections will be via fast ethernet, so we don't need any serial cards. The LinkProof would esentially look like and endpoint node on each of the two provider's networks. It can act as a router, albeit without OSPF or BGP (it'll do RIP).
We're not planning on getting our own IP block, rather we'd get one block from each of the providers. The LinkProof relies heavily on DNS. Assuming both providers are up, it sends out the IP address that it thinks would get the client to the site the fastest. IE, if our site has connections with ISP A and B, and you come in through B, the LinkProof tries to figure out if a path back through B is fastest, or if A might be fastest. It then responds with the IP address (related to my DNS records) on A or B, depending on which it thinks is best. If B is down, the LinkProof will know this (it monitors link state) and will only respond to DNS queires with IPs from A.
So, it can handle it, but it does so with DNS tricks. DNS tricks won't always work, but for at least 75% of the clients that will be connecting to us, DNS tricks should work. And in this instance, when DNS tricks fail, our site is still reachable, but it might not be the best route.
Brantley
Mike -- Mike Johnson Network Engineer / iSun Networks, Inc. Morrisville, NC All opinions are mine, not those of my employer
-------------- -- ---- ---- --- - - - - - -- - - - - - - Tony Bourke tony@vegan.net
On Sun, Nov 05, 2000 at 01:51:26AM -0500, tony bourke wrote:
I usually opt for an "appliance" solution, rather than putting together some booty PC that you've go tto worry about disk capacity, other things etc.
LRP and gnatbox s/w both boot from floppy. no hard drive needed. gnatbox also sells hardware. i think they even sell a flashdisk that connects to an ide connector. OBplug: i've used LRP, it's ok. never used gnatbox freebsd-based). -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
participants (8)
-
Brantley Jones
-
Henry Yen
-
Mike Johnson
-
Mohamed Hirse
-
Peter Galbavy
-
rick
-
Timothy Brown
-
tony bourke