[f-nsp] foundry-nsp Digest, Vol 85, Issue 5
Brad Grant
bgrant at scad.edu
Sat Feb 6 13:16:46 EST 2010
Brad Grant
Executive Director for Campus Technology Systems
Savannah - Atlanta - Lacoste - Hong Kong
Savannah College of Art and Design
-----Original Message-----
From: foundry-nsp-request at puck.nether.net
Date: Sat, 06 Feb 2010 12:00:08
To: <foundry-nsp at puck.nether.net>
Subject: foundry-nsp Digest, Vol 85, Issue 5
Send foundry-nsp mailing list submissions to
foundry-nsp at puck.nether.net
To subscribe or unsubscribe via the World Wide Web, visit
http://puck.nether.net/mailman/listinfo/foundry-nsp
or, via email, send a message with subject or body 'help' to
foundry-nsp-request at puck.nether.net
You can reach the person managing the list at
foundry-nsp-owner at puck.nether.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of foundry-nsp digest..."
Today's Topics:
1. Re: Policy based routing? (Nick Morrison)
----------------------------------------------------------------------
Message: 1
Date: Fri, 5 Feb 2010 22:27:19 +0000
From: Nick Morrison <nick at nick.on.net>
To: Randy McAnally <rsm at fast-serv.com>
Cc: foundry-nsp <foundry-nsp at puck.nether.net>
Subject: Re: [f-nsp] Policy based routing?
Message-ID:
<f084149c1002051427y21a9bcc9w8238ec653aaf539c at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
as an example of why you might decide to go out on the PBR limb...
in a company's network, you may have:
a network edge (foundry) with servers with lots of data on them
-- a distribution layer (foundry)
---- a core layer (foundry)
---- a core firewall (vendor X)
-- a dmz distribution layer (foundry)
a dmz network edge (foundry) with servers with lots of data on them
for most things, this is fine. data is routed through the whole kit and
kaboodle.
the core firewall, though, is not capable of 10Gbps (or higher),
so for *some* traffic - massive file transfers, etc - we want to skip the
firewall layer. for this, we'd use PBR on the core layer and on the dmz
distribution layer, using a (say) 20Gbps link between the two (configured
with a /30 - the far side is the next-hop.) nothing but the selected
special traffic is allowed over this 20Gbps link; everything else goes
through the firewalls.
for musing.
n
On Fri, Feb 5, 2010 at 9:56 PM, Randy McAnally <rsm at fast-serv.com> wrote:
> That's how I do it.
>
> --
> Randy
>
>
> *---------- Original Message -----------*
> From: Nick Morrison <nick at nick.on.net>
> To: seph at directionless.org
> Cc: foundry-nsp <foundry-nsp at puck.nether.net>
> Sent: Fri, 5 Feb 2010 21:29:33 +0000
> Subject: Re: [f-nsp] Policy based routing?
>
> > Silly question,
> >
> > If all you want is an ACL to block traffic, why not just use an
> access-group?
> >
> > N
> *l Message -------*
>
--
Nick Morrison <nick at nick.on.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20100205/0183d437/attachment-0001.html>
------------------------------
_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp
End of foundry-nsp Digest, Vol 85, Issue 5
******************************************
More information about the foundry-nsp
mailing list