Whilst the topic's under discussion may I present myself as a
rod :) by asking:
(a) Has anyone here used any of the 'basement multi-homing in a box' products such as Checkpoint's ISP Redundancy feature?
http://www.checkpoint.com/products/connect/vpn-1_isp_redundancy.html (The 'VPN-1' brand is slightly misleading - it's a generic firewall.)
This allows edge networks to multihome between separate ISPs. When it was first mentioned around the office I explained that it couldn't
work, and my colleagues explained to me that I was full of it and that
product is on the market and in use. (It has subsequently been lab'd here and seemed to work between our main link (UUnet) and a humble BT DSL
lightning possibly the line.)
As far as I understand it, it's a form of NAT - the device keeps track of which session's packets are going where and spreads traffic around. If one ISP goes down it'll fail over to the other link.
There are similar boxes from FatPipe and Radware (and others) that promise the same thing. I've done some light research on them and while I can see some positives, I don't prefer them to our current solution. My boss asked me to take a look at them, again, because he's concerned that there's little BGP experience in our department apart from me and he thought that might be one possible solution. It still may be but I don't like the hoops you have to jump through to make these devices work. Then again, I don't have any practical experience with them and I hope someone who has will chime in. John --
John Neiberger wrote:
Whilst the topic's under discussion may I present myself as a
lightning
rod :) by asking:
(a) Has anyone here used any of the 'basement multi-homing in a box' products such as Checkpoint's ISP Redundancy feature?
http://www.checkpoint.com/products/connect/vpn-1_isp_redundancy.html (The 'VPN-1' brand is slightly misleading - it's a generic firewall.)
You can do the same thing with your existing cisco: http://www.cisco.com/warp/customer/cc/pd/iosw/ioft/ionetn/tech/emios_wp.htm
There are similar boxes from FatPipe and Radware (and others) that promise the same thing. I've done some light research on them and while I can see some positives, I don't prefer them to our current solution.
Then again, I don't have any practical experience with them and I hope someone who has will chime in.
On the fatpipe side, I can chime in. I've worked with their Superstream products. As with all products there are good points, but I have a LOT of bad points for the Superstream. It starts with being based on Caldera openlinux and a required Java interface for all management. I wouldn't use this product again if I could help it. They may have other products that work better, particularly in the case of true multihoming (the superstream is really so a business can pay for two DSL connections and get double the bandwidth) and such. If anyone wants more details, let me know.
participants (3)
-
John Neiberger
-
Rob Nelson
-
Steve Francis