W. Chris Shank on 29 Jun 2007 01:53:54 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] networking question


i've got my co-lo provider already picked out, but I think it will take until the end of the year before i can actually get my stuff moved there. I wanted a short-term boost with the dual connections. one of my providers doesn't support BPG - so it's plan B i guess.

thanks for the info - this will be good to know in the future.


----- Original Message -----
From: John Von Essen <john@essenz.com>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sent: Thursday, June 28, 2007 9:37:16 PM GMT-0500
Subject: Re: [PLUG] networking question

Chris,

No, both uplinks would come from two separate providers.

As for the IP's there a few ways to do this.

Basically, you want to setup a multi-homed ASN. First, you go to ARIN and pay a one time $500 fee to register an AS number. Then you get an acceptable router that supports BGP, and connect your two uplinks from two carriers who will support BGP.

Now, with some leg work and another yearly fee of $1250 you can get your own IP assignments from ARIN, OR you can use a /24 IP netblock from one of two carriers.

Each carrier would give you a small /29 or /30 subnet to be used on the two external uplink interfaces. At this point, your router/AS is up and running. Then you get a third /24 netblock from one of your uplink providers to be used by yourself on your ASN - almost all providers will allow this. That becomes "your" IP block that you advertise from your AS router out to the world. The advertisement propagates up through the two separate AS peers from your two providers. The servers you operate off that /24 BGP advertised block are now fully network redundant since any remote host can route to your location via either AS peer.

So thats the long and short. There is some cost and equipment, some knowledge, and BGP configuration/troubleshooting, but its not that bad. One cost effective alternative is to colocate the equipment with a provider who already has a multi-homed network with built-in redundancy.

-John

On Jun 28, 2007, at 9:09 PM, W. Chris Shank wrote:

what you describe in the second paragraph is exactly what i want to do. I considered BGP, but wouldn't I need both links to come from the same provider? How would it be possible to advertise a single IP when I have static blocks form 2 different carriers? CAn you explain more or point me to more info? I'd do with BGP if it's possible.


----- Original Message -----
From: John Von Essen <john@essenz.com>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sent: Wednesday, June 27, 2007 5:30:08 PM GMT-0500
Subject: Re: [PLUG] networking question

Chris,

Do you truly want to build a multi-service router utilizing two different IP spaces out of a linux box? Its possible, but to be honest, its alot of extra work that doesn't have to be done.

The easiest method is to get a mutli-service router that supports BGP, like a Cisco 2600 series. You would have two uplink interfaces from two different providers (DS1/DS3/Ethernet). You would then mutli-homed your single IP space with BGP across the two uplinks. The two uplink ASN's would advertise your single IP block (minimum /24) across the world. You would balance your traffic and have redundancy.

To not do it with BGP, and utilize two separate IPs its still feasible. One easy option is to have to both IP nets going to a multi-interface router, then on that router have a static ip route that effectively routes IP A to IP C, and routes IP B to IP C. Then just put IP C on your DMZ server, with IP A and IP B added as aliases. That should do it. End users would talk to IP A or B. Problem with this setup is if one of the networks go down, you'll have an outage for those users using that IP range. Whereas with BGP, there would no service issues if a uplink went down.

-John



On Jun 27, 2007, at 4:35 PM, W. Chris Shank wrote:

actually - what i _really_ want to do is have a server that would be on LAN part of this diagram (actually for me it would be a DMZ) and have a router that would the linux box in this diagram. I don't want the server to have to know which network is connecting to it - that would be handled at the router. looks like this will do it.

thanks




----- Original Message -----
From: gyoza@comcast.net
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sent: Wednesday, June 27, 2007 4:06:52 PM GMT-0500
Subject: Re: [PLUG] networking question

Stephen Brown wrote:
> W. Chris Shank wrote:
>  
>> Is it possible to use 2 different public IP addresses to access the same
>> services? If I have 2 network addresses, NetA and NetB, can I access the
>> same server from either network and do it in such a way that requests
>> coming in from NetA are answered via the NetA path?
>>
>> thanks
>>
>> --
>> W. Chris Shank
>> ACE Technology Group, LLC
>> www.myremoteITdept.com
>> (610) 640-4223
>>    
>
> Yes - it works fine. You should look at the iproute2 howto's
>
> Your situation is covered here
>
> http://lartc.org/howto/lartc.rpdb.multiple-links.html
>
>  
That shows that two or three interfaces are needed.  Well, I guess two
logical networks can be on one physical network.  Anyway, I guess the
answer is "yes".  heh
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


--
W. Chris Shank
ACE Technology Group, LLC
www.myremoteITdept.com
(610) 640-4223

--------------------------------
Security Note: To protect against computer viruses, 
e-mail programs may prevent sending or receiving 
certain types of file attachments. Check your e-mail 
security settings to determine how attachments are 
handled. 
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org

John Von Essen (john@essenz.com)
President, Essenz Consulting www.essenz.com






--
W. Chris Shank
ACE Technology Group, LLC
www.myremoteITdept.com
(610) 640-4223

--------------------------------
Security Note: To protect against computer viruses, 
e-mail programs may prevent sending or receiving 
certain types of file attachments. Check your e-mail 
security settings to determine how attachments are 
handled. 
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org

John Von Essen (john@essenz.com)

President, Essenz Consulting www.essenz.com







--
W. Chris Shank
ACE Technology Group, LLC
www.myremoteITdept.com
(610) 640-4223

--------------------------------
Security Note: To protect against computer viruses, 
e-mail programs may prevent sending or receiving 
certain types of file attachments. Check your e-mail 
security settings to determine how attachments are 
handled. 
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug