W. Chris Shank on 29 Jun 2007 01:10:17 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] networking question


what you describe in the second paragraph is exactly what i want to do. I considered BGP, but wouldn't I need both links to come from the same provider? How would it be possible to advertise a single IP when I have static blocks form 2 different carriers? CAn you explain more or point me to more info? I'd do with BGP if it's possible.


----- Original Message -----
From: John Von Essen <john@essenz.com>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sent: Wednesday, June 27, 2007 5:30:08 PM GMT-0500
Subject: Re: [PLUG] networking question

Chris,

Do you truly want to build a multi-service router utilizing two different IP spaces out of a linux box? Its possible, but to be honest, its alot of extra work that doesn't have to be done.

The easiest method is to get a mutli-service router that supports BGP, like a Cisco 2600 series. You would have two uplink interfaces from two different providers (DS1/DS3/Ethernet). You would then mutli-homed your single IP space with BGP across the two uplinks. The two uplink ASN's would advertise your single IP block (minimum /24) across the world. You would balance your traffic and have redundancy.

To not do it with BGP, and utilize two separate IPs its still feasible. One easy option is to have to both IP nets going to a multi-interface router, then on that router have a static ip route that effectively routes IP A to IP C, and routes IP B to IP C. Then just put IP C on your DMZ server, with IP A and IP B added as aliases. That should do it. End users would talk to IP A or B. Problem with this setup is if one of the networks go down, you'll have an outage for those users using that IP range. Whereas with BGP, there would no service issues if a uplink went down.

-John



On Jun 27, 2007, at 4:35 PM, W. Chris Shank wrote:

actually - what i _really_ want to do is have a server that would be on LAN part of this diagram (actually for me it would be a DMZ) and have a router that would the linux box in this diagram. I don't want the server to have to know which network is connecting to it - that would be handled at the router. looks like this will do it.

thanks




----- Original Message -----
From: gyoza@comcast.net
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sent: Wednesday, June 27, 2007 4:06:52 PM GMT-0500
Subject: Re: [PLUG] networking question

Stephen Brown wrote:
> W. Chris Shank wrote:
>  
>> Is it possible to use 2 different public IP addresses to access the same
>> services? If I have 2 network addresses, NetA and NetB, can I access the
>> same server from either network and do it in such a way that requests
>> coming in from NetA are answered via the NetA path?
>>
>> thanks
>>
>> --
>> W. Chris Shank
>> ACE Technology Group, LLC
>> www.myremoteITdept.com
>> (610) 640-4223
>>    
>
> Yes - it works fine. You should look at the iproute2 howto's
>
> Your situation is covered here
>
> http://lartc.org/howto/lartc.rpdb.multiple-links.html
>
>  
That shows that two or three interfaces are needed.  Well, I guess two
logical networks can be on one physical network.  Anyway, I guess the
answer is "yes".  heh
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


--
W. Chris Shank
ACE Technology Group, LLC
www.myremoteITdept.com
(610) 640-4223

--------------------------------
Security Note: To protect against computer viruses, 
e-mail programs may prevent sending or receiving 
certain types of file attachments. Check your e-mail 
security settings to determine how attachments are 
handled. 
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org

John Von Essen (john@essenz.com)

President, Essenz Consulting www.essenz.com







--
W. Chris Shank
ACE Technology Group, LLC
www.myremoteITdept.com
(610) 640-4223

--------------------------------
Security Note: To protect against computer viruses, 
e-mail programs may prevent sending or receiving 
certain types of file attachments. Check your e-mail 
security settings to determine how attachments are 
handled. 
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug