Educause Security Discussion mailing list archives
Re: Changing ISP?
From: David Gillett <gillettdavid () FHDA EDU>
Date: Wed, 4 Oct 2006 10:58:16 -0700
-----Original Message----- From: John Kaftan [mailto:jkaftan () UTICA EDU]
1. Should we leave MCI and suffer the pain of changing ISPs and receiving a new set of Public IPs?
Do the benefits *to you* outweigh the pain and expense? Others can try to help you identify the benefits and costs, but the decision has to reflect the importance of each of those in your particular case.
2. Can anyone else relate their recent experiences with MCI positive or negative?
It's 5-6 years now since I had any dealings with them, but at that time: - we had multiple MCI subsidiaries/divisions bidding competitively against each other - we had an incident where one of their internal security groups aggressively scanned one of our subnets, allegedly believing they were scanning machines internal to MCI - we ultimately dealt only with the part of MCI that had formerly been UUNET, and at that point still had a clue
3. Also, is it sufficient to use a single ISP for redundancy if they give us separate local loops, via separate ILECs, into opposite ends of the campus, to separate COs?
Again, it's your judgement. Redundancy is a measure taken to mitigate risks of certain kinds of failure. In this case, you'd be mitigating only a (fairly large) subset of the risks, but saving yourself expense and effort. You could judge that to be a reasonable trade-off.
4. Can anyone speak to setting up redundancy with separate ISPs and BGP?
This isn't something you can do without the active cooperation of the ISPs, and probably actual help from at least one of them. What we wound up doing with UUNET looked a lot like #3, talking BGP to their network but, because they were our only provider, using iBGP within their AS number rather than having to obtain our own. Actually, here we've got our own AS number and talk eBGP to our ISP through multiple gateways as #3. So that suggests that #3 above is a good starting point, especially if the ISP is willing to set up iBGP with you. At some point down the road, you can decide to take the additional step of getting your own net block and AS number and converting from iBGP to eBGP, which would lay the groundwork for, at some even further future date, bringing in connectivity from additional ISP(s), as benefits are seen to outweigh costs. So the immediate question is: If you go with multiple connections to the same ISP per #3, do you stay with MCI to do it?
We have not talked about cost with any ISPs but I imagine it would be much more affordable using a single ISP. We are planning owning our next set of IP addresses. I'm told there might be a chance that we could keep our current set. We'll see.
Odds are that your current set lie within a block allocated to the current ISP. They might or might not lie on a convenient boundary for them to relinquish them to you. David Gillett CISSP CCNP
Current thread:
- Changing ISP? John Kaftan (Oct 04)
- <Possible follow-ups>
- Re: Changing ISP? Winders, Timothy A (Oct 04)
- Re: Changing ISP? Joe St Sauver (Oct 04)
- Re: Changing ISP? Graham Toal (Oct 04)
- Re: Changing ISP? Valdis Kletnieks (Oct 04)
- Re: Changing ISP? Samuel Young (Oct 04)
- Re: Changing ISP? John Kaftan (Oct 04)
- Re: Changing ISP? David Gillett (Oct 04)
- Re: Changing ISP? Graham Toal (Oct 04)
- Re: Changing ISP? Valdis Kletnieks (Oct 04)
- Re: Changing ISP? Samuel Young (Oct 04)
- Re: Changing ISP? Brian Friday (Oct 04)
- Re: Changing ISP? Rob Whalen (Oct 13)