[j-nsp] One router/two firewalls config question
Amos Rosenboim
amos at oasis-tech.net
Wed Mar 12 13:32:41 EDT 2008
Quote:
A network may have multiple edge routers and provision
customers onto them in a round-robin fashion to mitigate
impact in case one of them fails, but that single-homed
customer still loses his connection to the ISP if his edge
router was the one that died.
End of quote.
The exception to that is when the customer access circuit is Ethernet
based (and we see more and more of this).
In such situation what we do is put a layer 2 switch to connect
customer circuits, and connect two edge routers to this switch.
Then we either configure the customer with two bgp sessions (one for
each router) or do vrrp between the edge routers and ask the customer
to point his 0.0.0.0/0 to the virtual address.
You can argue that the layer 2 switch is a single point of failure,
and it is.
However, since it's a much simpler device it's less prone to SW
failures and human mistakes.
Also it allows us flexibility in performing maintenance on the edge
routers.
The last point is that the new EX switches are the only fixed
configuration switches I know that comes with dual power supplies and
field replaceable fans.
Regards
Amos
More information about the juniper-nsp
mailing list