Firewall Wizards mailing list archives
Re: router with 2 redundant inferfaces
From: Vladimir Vitkov <v.vitkov () cnsys bg>
Date: Tue, 15 Apr 2008 16:54:47 +0300
Simple answer ... NO Long answer: This is wrong on so many levels ... 1) If you have 2 lines you can make load balancing 2) What happens if a cpu or disk or ram blows out? ... You are down on both lines ... 3) Two machines are kinda better security if one is compromised you can turn it down and let the other take the hitting while you analyze what's happened. 4) You can keep the state of the connections with some black magic Of course there are some downsides: 1) More money for hw ... but with current prices you will be good for less than 400$ (if price is of such a concern) 2) standard software solution can't properly keep the conection state over 2 machines so if one router goes down all statefull connections/protocols break and need to be reestablished 3) fail detection takes some time Observation from real life (built by a friend and for some time taken care by me) 2 machines (supermicro boards with ich7r) 3 nics on each machine, 1G ram, no disk (network booting). Both machines were doing load balancing, failover to the other, vpn connections to remote site, trunking, traffic accounting, some filtering. They ran pretty fine. Time for a complete failover was between 11 and 15 secs. TCO was about 800$ 2 years ago (at least). They were pushing combined traffic from the both lines in excess of 30 Mbit and th load was zilch Hope this answers the question pretty completely On Sunday 13 April 2008 23:18:21 shadow floating wrote:
Hi guys, my company is having 2 leased lines internet connections and they were about to buy two routers to make them standby to each other, each with one of the internet connections, as they were discussing with some network consultant...he convinced them to reduce cost and put 2 wics in one router only each connected to the each internet connection instead of buying 2 routers....is that appropriate?? thanks alot Nad _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
-- BOFH excuse #255: Standing room only on the bus. -- Regards Vladimir Vitkov
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- router with 2 redundant inferfaces shadow floating (Apr 15)
- Re: router with 2 redundant inferfaces Fetch, Brandon (Apr 17)
- Re: router with 2 redundant inferfaces Chris Myers (Apr 17)
- Re: router with 2 redundant inferfaces Darden, Patrick S. (Apr 17)
- Re: router with 2 redundant inferfaces kevin horvath (Apr 17)
- Re: router with 2 redundant inferfaces Prabhu Gurumurthy (Apr 17)
- Re: router with 2 redundant inferfaces pkc_mls (Apr 17)
- Re: router with 2 redundant inferfaces Razeor (Apr 17)
- Re: router with 2 redundant inferfaces Paul D. Robertson (Apr 17)
- Re: router with 2 redundant inferfaces Vladimir Vitkov (Apr 21)
- Re: router with 2 redundant inferfaces shadow floating (Apr 21)
- Re: router with 2 redundant interfaces Richard Golodner (Apr 22)
- Re: router with 2 redundant interfaces Dave Piscitello (Apr 24)