Re: Speeds and feeds

[tqbf () pobox com]

> pipe.  If you are a looking to multiplex T-1's in order to get that fatter
> pipe, you might as well build some additional redundancy into the system by
> pulling from more than one provider.  Also, the best that you can really

In some circumstances, it is impractical to attempt to obtain connections
from multiple providers. 

In those circumstances, when an organization needs to obtain extra
bandwidth over a DS1, the customer tends to have a limited number of
choices, which boil down to (typically):

A.) Obtain more DS1 circuits and balance traffic across them.

B.) Obtain a high-capacity (ie, DS3) connection.

Solution (A) has the advantage of being more reliable; if you lose a
single DS1 circuit, you continue to maintain connectivity (albeit at a
degraded level). In solution (B), if you lose your DS3, you lose all
connectivity.

Of course, solution (B) is more scaleable; there's a limit to how many
DS1s you can attempt to tie together. The question I'd ask is, "within
what time frame will we outgrow the multiple-DS1 solution?". If that's not
going to happen in the near future, I'd say (A) is the better solution.

> if they are to the same provider.  If they are to different providers, you
> bring performance problems into the mix by inducing possibly sub-optimal
> asymmetric routing from the point of origin.

Any problems you introduce by multi-homing are going to be more than
offset by the benefits obtained from having two different providers,
instead of relying on one. If you can multi-home, you should (IMO).

> Also, unless you are running a dynamic routing protocol on your firewall
> (something that we built at my last company and are writing a paper about),

Eeek! Why would you run a dynamic routing protocol in a firewall? Factor
connectivity and routing out of the firewall and do routing on boxes you
can "afford" to lose.

> you will find that when one of your routers goes down you see extremely
> sub-optimal routing. You will be dropping n/2 packets with two routers.

Don't use two routers for two DS1 connections. Use one router that can
handle both DS1s --- better yet, buy something that will scale to DS3s
later on down the road. Poof. There goes this problem.

> routes qualify as an IGP.  However, static routes defeat many of the
> benefits of having multiple links with multiple providers.  As for your

How exactly do static routes defeat the purpose of having multiple links
(to a single provider, the context within which I was discussing this)?

> anything that you want to pay for.  However, even the eight hundred pound
> gorilla can't always get what he wants.  He can, however, always take his
> bananas an eat them somewhere else.

The 800lb gorilla (the customer, if you are buying DS1-level connectivity)
can always get what he/she wants, unless the customer happens to live in
the middle of Wyoming. If the big players won't give you what you want, go
give the little players some business. You will be surprised how much
better a small independant ISP is in terms of performance, reliability,
and support than a large nationwide ISP.

> Don't you think that since the original poster was **discussing** a capped
> DS-3, that he is looking for more bandwidth than just two DS-1's?????  The

No, I don't. He was discussing DS3s in the context of "hey, my DS1 looks
saturated, time for a DS3". I think it is a mistake to assume that DS3 is
the next step up from single DS1. 

> weakest link in a WAN configuration is almost always the link itself.  If
> you are going to build dual-links, you might as well try to build in some
> technology which will help to reduce the impact that an inevitable outage
> will have upon you.

You mean, like, say, two different DS1 connections? =)

-----------------------------------------------------------------------------
Thomas H. Ptacek          The Company Formerly Known As Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.pobox.com/~tqbf       "If you're so special, why aren't you dead?"