Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: High availability firewalls

From: "Stout, William" <StoutW () pios com>
Date: Wed, 21 Jan 1998 14:51:13 -0500

You could do secondary IP failover via cron script, where the
secondaries are the 'real' IP addresses seen by external and internal
nodes.  Secondaries would live on internal, external and web LANs.

Multiple routers could be used to different providers if you have your
own Autonomous System number (an IP network that belongs to you, not a
provider).

The scenario would look like this:

         'Internet'
          /      \
        ISP1    ISP2
         |        |
        R1        R2     \
         |        |       |
       +-+--------+--+     > Autonomous System
       |             |    |
       F1--webfarm---F2  /
       |             |    .
       +-----+-------+    .
             |            .
             R3
             |
       Internal Network

You could use 10base-T to 10base-2 adapters on your nodes, and run
thinnet, but the reliability of thinnet accidents vs. hub MTBF is
debatable.

NOTE: Don't commit to this architechture before reviewing your Firewall
software for the ability to view IP addresses separately from device
names.  More scripting work may be required.

Bill Stout

Ideas that made other people rich:
  Packet Throttle 9/96:
http://www.nexial.nl/cgi-bin/firewallsfileview?d=37086
  Packet Shaper 12/96:  http://www.packeteer.com/press/crowd_pr.htm

  NTexploits:
http://www.geocities.com/researchtriangle/3372/ntexploits.html
  NTsecurity:  http://www.ntexploits.net/ (but credited  :) )
Previous By Date Next
Previous By Thread Next

Current thread: