Firewall Wizards mailing list archives

Re: router with 2 redundant inferfaces

From: "shadow floating" <nadengine () googlemail com>
Date: Sun, 20 Apr 2008 10:49:40 +0200

i would like to thank you all guys, you are advice is great thank you very much

Nad

On Tue, Apr 15, 2008 at 3:54 PM, Vladimir Vitkov <v.vitkov () cnsys bg> wrote:

Simple answer ... NO

Long answer:
 This is wrong on so many levels ...
 1) If you have 2 lines you can make load balancing
 2) What happens if a cpu or disk or ram blows out? ... You are down on both
lines ...
 3) Two machines are kinda better security if one is compromised you can turn
it down and let the other take the hitting while you analyze what's happened.
 4) You can keep the state of the connections with some black magic

Of course there are some downsides:
 1) More money for hw ... but with current prices you will be good for less
than 400$ (if price is of such a concern)
 2) standard software solution can't properly keep the conection state over 2
machines so if one router goes down all statefull connections/protocols break
and need to be reestablished
 3) fail detection takes some time

Observation from real life (built by a friend and for some time taken care by
me)
2 machines (supermicro boards with ich7r) 3 nics on each machine, 1G ram, no
disk (network booting). Both machines were doing load balancing, failover to
the other, vpn connections to remote site, trunking, traffic accounting, some
filtering. They ran pretty fine. Time for a complete failover was between 11
and 15 secs. TCO was about 800$ 2 years ago (at least). They were pushing
combined traffic from the both lines in excess of 30 Mbit and th load was
zilch

Hope this answers the question pretty completely

On Sunday 13 April 2008 23:18:21 shadow floating wrote:

Hi guys,
my company is having 2 leased lines internet connections and they were
about to buy two routers to make them standby to each other, each with
one of the internet connections, as they were discussing with some
network consultant...he convinced them to reduce cost and put 2 wics
in one router only each connected to the each internet connection
instead of buying 2 routers....is that appropriate??

thanks alot

Nad
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


--
BOFH excuse #255:
Standing room only on the bus.
--
Regards
Vladimir Vitkov

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

router with 2 redundant inferfaces shadow floating (Apr 15)
- Re: router with 2 redundant inferfaces Fetch, Brandon (Apr 17)
- Re: router with 2 redundant inferfaces Chris Myers (Apr 17)
- Re: router with 2 redundant inferfaces Darden, Patrick S. (Apr 17)
- Re: router with 2 redundant inferfaces kevin horvath (Apr 17)
- Re: router with 2 redundant inferfaces Prabhu Gurumurthy (Apr 17)
- Re: router with 2 redundant inferfaces pkc_mls (Apr 17)
- Re: router with 2 redundant inferfaces Razeor (Apr 17)
- Re: router with 2 redundant inferfaces Paul D. Robertson (Apr 17)
- Re: router with 2 redundant inferfaces Vladimir Vitkov (Apr 21)
  - Re: router with 2 redundant inferfaces shadow floating (Apr 21)
  - Re: router with 2 redundant interfaces Richard Golodner (Apr 22)
    - Re: router with 2 redundant interfaces Dave Piscitello (Apr 24)