Re: RADWare Linkproof? (or better ways to multihome)

[tony bourke <tony () vegan net>]

I usually opt for an "appliance" solution, rather than putting together
some booty PC that you've go tto worry about disk capacity, other things 
etc.  

Forgive me if someone else has already mentioned this, but I can't
understand why people go and by big Cisco 7xxx series routers to handle
nothing more than LAN-based routing (as opposed to LAN and WAN such as
OC-3)  when there are plenty of good Layer 2/3 switches on the market,
such as Extreme or ServerIron.  Both of them can do BGP I believe, the
only limitation I could think of was the amount of RAM.  Some of the
NetIrons I've looked at 6 or more monthes ago only had 32 Meg of RAM, but
newer models might have more.  It may be enough for a limited BGP session.

I've seen companies buy outrageously expensive 7200s just to do packet
filtering and NAT.  A load balancer could do those tasks, and they are
probably already part of the setup.  Or a Layer 2/3 switch.

Also, Nokia firewalls do BGP I think...  I know they do RIP and
OSPF.  You can get quad cards on a Nokia 450, although they aren't much
more than glorified FreeBSD boxes with Checkpoint running on them.

Sorry if this was redundant, I might have missed some of the posts on this
thread.

Tony


On Wed, 1 Nov 2000, Mike Johnson wrote:

> Brantley Jones [bjones () redundant net] wrote:
>  
> > Mike,
> >
> > I know exactly what you're talking about.  How much does the Linkproof 
> > cost?  It could come down to a cost issue.  Looking at the Linkproof 
> > documentation, it looks like you MAY still need a router.  It sounds like 
> > the Linkproof is just a smart NAT box with some QOS features.  Are you 
> > going to be advertising your IP block to both providers?  If one goes down, 
> > will you still be routable globally?  If not, how could the Linkproof 
> > possibly handle that?
>
> The cost issue is one reason why I'm shopping around.
>
> 1 RADWare Linkproof: $10k list (we would buy two for redundancy)
> 1 Cisco 7206VXR/NPE300 with four Fast e-net links: $33k
>
> I'm beginning to wonder if the 7206 is overkill for our needs.
>
> Our connections will be via fast ethernet, so we don't need any serial
> cards.  The LinkProof would esentially look like and endpoint node
> on each of the two provider's networks.  It can act as a router,
> albeit without OSPF or BGP (it'll do RIP).
>
> We're not planning on getting our own IP block, rather we'd get one
> block from each of the providers.  The LinkProof relies heavily on
> DNS.  Assuming both providers are up, it sends out the IP address
> that it thinks would get the client to the site the fastest.  IE,
> if our site has connections with ISP A and B, and you come in through
> B, the LinkProof tries to figure out if a path back through B is
> fastest, or if A might be fastest.  It then responds with the IP
> address (related to my DNS records) on A or B, depending on which
> it thinks is best.  If B is down, the LinkProof will know this (it
> monitors link state) and will only respond to DNS queires with IPs
> from A.
>
> So, it can handle it, but it does so with DNS tricks.  DNS tricks
> won't always work, but for at least 75% of the clients that will
> be connecting to us, DNS tricks should work.  And in this instance,
> when DNS tricks fail, our site is still reachable, but it might
> not be the best route. 
>  
> > Brantley
>
> Mike
> -- 
> Mike Johnson
> Network Engineer / iSun Networks, Inc.
> Morrisville, NC
> All opinions are mine, not those of my employer

-------------- -- ---- ---- --- - - - -  -  -- -  -  -  -   -     -
Tony Bourke                             tony () vegan net