sub-basement multihoming (Re: Verio Peering Question)

Peter van Dijk peter at dataloss.nl
Fri Oct 5 23:31:47 UTC 2001


On Sat, Oct 06, 2001 at 01:15:41AM +0200, Rafi Sadowsky wrote:
>  Anyone ever try using the RADWARE LinkProof ?
> (or similar - are there any others ? )
> 
>  <http://www.radware.com/content/products/link.htm>
> 
>  It looks like a combination between link monitoring & NAT'ing internal
> address the the "best" ISP's NetBlock

I have not in fact used the product, but I was invited to a
presentation with lots of technical details. I then went for beers with
a couple of the techies, which was quite educational too :)

The way it works is as follows:
- you put all your servers that you want redundant (it is hardly
  protocol-specific, which is good) in RFC1918 space.
- you hook up to a couple of ISPs, and get from each a block the same
  size as your RFC1918 block.
- you delegate DNS for any service you want redundant to the linkproof
  box/boxes (they can failover amongst themselves), one NS+A record
  for each ISP you have space from. The inherent failover in DNS
  caches/resolvers makes sure clients will always at least get a reply
  (this is the neat bit - the real failover is in DNS resolvers everywhere,
  not in the box itself).
- the box, continually monitoring rtt's and reachability of networks,
  returns the A record pointing to the most 'optimal' ISP for that
  client. This request then comes in, it NATs it to the RFC1918 space
  and handles it.

The neat thing is that it does not need a netblock big enough to get
through BGP filters - you just get a /24 or whatever from *each* ISP,
out of their larger netblocks.

The concept is nice, it sounds like it will work. I have, however,
never tried it so I can't vouch for the implementation.

Greetz, Peter [not affiliated with RadWare or anything]
-- 
Monopoly        http://www.dataloss.nl/monopoly.html



More information about the NANOG mailing list