Failover how much complexity will it add?

Joe Maimon jmaimon at ttec.com
Sun Nov 8 09:47:35 CST 2009


adel at baklawasecrets.com wrote:
> HI,
>
>
> Now I couldn't get any good answers as to why Internet connections 1 and 2 need to be separate.  I think the idea was to make sure that there was enough bandwidth for the third party support VPN.  I feel that I can consolidate this into one connection and just use rate limiting to reserve some portion of the bandwidth on the connection and this should be fine.  Now if I was to do this then I can make a case for just having one backup Internet connection.  However I'm still concerned about failover and reliability issues.  So my questions regarding this are:
>

I wouldnt jump to any conclusions that everything will work properly if 
you are terminating multiple connections directly on the SSG, what with 
egress likely being different than the ingress, even if you are using 
the same IP range (BGP) on all the links.

You could really be asking for trouble if you are planning on using a 
different ISP provided IP range on each connection for each purpose.

Front it all with routers that can policy route, whether or not you also 
use BGP.


Joe






More information about the NANOG mailing list