[f-nsp] foundry-nsp Digest, Vol 85, Issue 5

Brad Grant bgrant at scad.edu
Sat Feb 6 13:18:16 EST 2010


   
Brad Grant
Executive Director for Campus Technology Systems
Savannah - Atlanta - Lacoste - Hong Kong
Savannah College of Art and Design

-----Original Message-----
From: foundry-nsp-request at puck.nether.net
Date: Sat, 06 Feb 2010 12:00:08 
To: <foundry-nsp at puck.nether.net>
Subject: foundry-nsp Digest, Vol 85, Issue 5

Send foundry-nsp mailing list submissions to
	foundry-nsp at puck.nether.net

To subscribe or unsubscribe via the World Wide Web, visit
	http://puck.nether.net/mailman/listinfo/foundry-nsp
or, via email, send a message with subject or body 'help' to
	foundry-nsp-request at puck.nether.net

You can reach the person managing the list at
	foundry-nsp-owner at puck.nether.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of foundry-nsp digest..."


Today's Topics:

   1. Re: Policy based routing? (Nick Morrison)


----------------------------------------------------------------------

Message: 1
Date: Fri, 5 Feb 2010 22:27:19 +0000
From: Nick Morrison <nick at nick.on.net>
To: Randy McAnally <rsm at fast-serv.com>
Cc: foundry-nsp <foundry-nsp at puck.nether.net>
Subject: Re: [f-nsp] Policy based routing?
Message-ID:
	<f084149c1002051427y21a9bcc9w8238ec653aaf539c at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

as an example of why you might decide to go out on the PBR limb...

in a company's network, you may have:


a network edge (foundry) with servers with lots of data on them

-- a distribution layer (foundry)

----  a core layer (foundry)

----  a core firewall (vendor X)

-- a dmz distribution layer (foundry)

a dmz network edge (foundry) with servers with lots of data on them


for most things, this is fine.  data is routed through the whole kit and
kaboodle.

the core firewall, though, is not capable of 10Gbps (or higher),

so for *some* traffic - massive file transfers, etc - we want to skip the
firewall layer.  for this, we'd use PBR on the core layer and on the dmz
distribution layer, using a (say) 20Gbps link between the two (configured
with a /30 - the far side is the next-hop.)  nothing but the selected
special traffic is allowed over this 20Gbps link; everything else goes
through the firewalls.


for musing.


n


On Fri, Feb 5, 2010 at 9:56 PM, Randy McAnally <rsm at fast-serv.com> wrote:

>  That's how I do it.
>
> --
> Randy
>
>
> *---------- Original Message -----------*
> From: Nick Morrison <nick at nick.on.net>
> To: seph at directionless.org
> Cc: foundry-nsp <foundry-nsp at puck.nether.net>
> Sent: Fri, 5 Feb 2010 21:29:33 +0000
> Subject: Re: [f-nsp] Policy based routing?
>
> > Silly question,
> >
> > If all you want is an ACL to block traffic, why not just use an
> access-group?
> >
> > N
> *l Message -------*
>



-- 
Nick Morrison <nick at nick.on.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20100205/0183d437/attachment-0001.html>

------------------------------

_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp

End of foundry-nsp Digest, Vol 85, Issue 5
******************************************


More information about the foundry-nsp mailing list