Whilst the topic's under discussion may I present myself as a
lightning
rod
by asking:
(a) Has anyone here used any of the 'basement multi-homing in a box'
products such as Checkpoint's ISP Redundancy feature?Quantum Next Generation Firewalls (NGFW) - Check Point Software
(The 'VPN-1' brand is slightly misleading - it's a generic firewall.)This allows edge networks to multihome between separate ISPs. When it
was
first mentioned around the office I explained that it couldn't
possibly
work, and my colleagues explained to me that I was full of it and that
the
product is on the market and in use. (It has subsequently been lab'd
here
and seemed to work between our main link (UUnet) and a humble BT DSL
line.)
As far as I understand it, it's a form of NAT - the device keeps track
of
which session's packets are going where and spreads traffic around. If
one
ISP goes down it'll fail over to the other link.
There are similar boxes from FatPipe and Radware (and others) that
promise the same thing. I've done some light research on them and while
I can see some positives, I don't prefer them to our current solution.
My boss asked me to take a look at them, again, because he's concerned
that there's little BGP experience in our department apart from me and
he thought that might be one possible solution. It still may be but I
don't like the hoops you have to jump through to make these devices
work.
Then again, I don't have any practical experience with them and I hope
someone who has will chime in.
John