[j-nsp] network engineering
Peter E. Fry
pfry-lists at redsword.com
Fri Feb 6 11:09:57 EST 2009
----- Original Message -----
From: Mark Tinka <mtinka at globaltransit.net>
> On Friday 06 February 2009 05:09:30 pm Matthias Gelbhardt
> wrote:
>
> > We have asymmetric routing in several cases. I would
> > like to know, how you would deal against that?
>
> The moment you're multi-homed to the Internet, asymmetric
> routing is a fact of life; and it's not really a bad
> thing. [...]
To add to that: Are you keeping state somewhere?
Asymmetry does not affect stateless behavior; control (i.e.
"confine to where appropriate", usually) your statekeeping
and you won't have a problem either.
Funny thing I noticed (knew about, but never thought much
about) when I set up my SSG for failover -- I'm accustomed
to devices that forward statelessly even when keeping state
for filtering purposes. ScreenOS checks flows before it
routes, so it forwards responses out the zone (thinking
about it, I haven't checked to see if it keeps flow state
per-interface when the zone contains multiple interfaces) on
which the request arrived. When it's necessary, it makes
for a simpler config. I'll have to look into JunOS+ES to
see if it operates similarly.
Peter E. Fry
More information about the juniper-nsp
mailing list