asymmetric routes/security concerns/Fortinet

• Previous message (by thread): asymmetric routes/security concerns/Fortinet
• Next message (by thread): asymmetric routes/security concerns/Fortinet
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks John for your input.

You are correct,  ORION is a dedicated high speed research network.

Based on the fact that we access ORION via one of our ISPs (3rd party,  we don't  BGP/directly peer with ORION),  I'm not sure if i can use this solution here.   I could do that for the routes learned from that ISP,  but we receive the entire internet routing table from them…  I'd have to understand things more before I went down that road.  perhaps I shouldn't be accepting the full table from them.

the localpref is something I'll look at,  thanks for that.   I'm not a BGP expert by any stretch,  and our requirements here are "simple".  we are not a transit.    I've only attempted to make the config safe,  not efficient.


 i'd like to hear what you have to say about the original question,  is there good reason in this day and age to drop traffic as described in the original post in your opinion?

-g



On Jan 7, 2011, at 1:15 PM, John Kristoff wrote:

> On Fri, 7 Jan 2011 12:40:32 -0500
> Greg Whynott <Greg.Whynott at oicr.on.ca> wrote:
>
>> we have multiple internet connections of which one is a research
>> network where many medical institutions and universities are also
>> connected to threw out the country.  This research network (ORION)
>> also has internet access but is not meant to be used as a primary
>> path to the internet by its customers.     Connected to the ORION
>> network are many sites we exchange email with daily who also have
>> multiple internet connections.   One of these sites is not reachable
>> by us.   After investigating,  it was discovered this site is
>> dropping our connections as the path back to use would use a
>> different interface on the firewall ( a Fortinet device) than that
>> which it arrived upon.
>
> Correct me if I'm wrong, I'm not very familiar with ORION, but if it's
> like some of the research networks in the U.S. have been built in the
> past, ORION is dedicated high speed, low latency network that
> interconnects research institutions together.  The way these are often
> used is that you localpref routes you learn from ORION participants so
> that traffic between each of you goes over the research network.  You'd
> typically want this since the performance is good and there is plenty of
> capacity available, but it is also paid for, probably through some
> research grant, helping to reduce the use and expense of your commercial
> transit.
>
> You should be sending your traffic to them via ORION and they
> likewise.  However, if that path is down, then it would make sense for
> it to go via another route.  Hence, asymmetry may happen.
>
> Are you not sending the traffic via ORION?  If so, then I'd suggest you
> both have something to fix.  :-)
>
> John


--

This message and any attachments may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by anyone other than the person for whom it was originally intended is strictly prohibited. If you have received this message in error, please contact the sender and delete all copies. Opinions, conclusions or other information contained in this message may not be that of the organization.

• Previous message (by thread): asymmetric routes/security concerns/Fortinet
• Next message (by thread): asymmetric routes/security concerns/Fortinet
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]