North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Alternative to BGP-4 for multihoming?
Products like the Nortel Accelar 700 do layer 7 redirect. http://www.nortelnetworks.com/products/02/datasheets/3377.html ----- Original Message ----- From: "Peter A. van Oene" <[email protected]> To: <[email protected]> Sent: Sunday, March 12, 2000 4:44 PM Subject: Re: Alternative to BGP-4 for multihoming? > > This is great feedback / moderate flaming. However, consider the > following. > > I have only moderate experience with the F5 3DNS & similar products however > I am familiar with BGP routing. My client base are high traffic e-commerce > style (for lack of a better over used marketing term) web sites. They sit > on /28's and smaller in some cases. I'm certainly not going to be > successful in acquiring ASN's for these people to do proper load balancing > between multiple ISP's and most major ISP's see little benefit in modifying > route tables to include our small netblock. Its these cases I'm concerned > with. In my mind, irrespective of the comments on the functionality of DNS > for this purpose, I see little other choice. > > As a direct FYI, the 3DNS can make fairly intelligent decisions about where > to direct traffic beyond simply gauging TCP/53 handshake times. These is > quite a detailed, informatative interaction that can take place between the > 3DNS and F5's local load distributor, the BIG-IP. > > That being said, if anyone has better ideas on how to provide for high > availability to millions of web sites worldwide, please let me know. > > Pete > > > *********** REPLY SEPARATOR *********** > > On 3/12/00 at 1:32 PM Chris Brenton wrote: > > >"Peter A. van Oene" wrote: > >> > >> Essentially, the 3DNS box assumes the DNS entry for the site for which > the > >> customer requires multihoming and it intelligently balances traffic > amongst > >> any geographically disparate sites. This allows for high availability. > > > >If I'm not mistaken, it accomplishes this in a somewhat obtrusive > >manner. The box attempts an xfer back to TCP/53 on the querying DNS > >server. Based on response time, a proper route is chosen. I've seen a > >lot of posts to Intrusion & GIAC from people who assumed someone was > >trying enumeration in preparation for an attack, only to find out it was > >one of these boxes. > > > >I also seem to remember a post on GIAC showing Snort traces of one of > >these boxes actually performing a full xfer if the box was not locked > >down. Do you use one of these boxes? If so, any idea what happens to the > >xfer data? > > > >Ignoring the argument as to whether its appropriate to attempt xfers on > >unsuspecting networks, I also see this as being pretty inefficient. A > >good quantity of sites are now running split DNS so the querying server > >is not even reachable. This means a fair percentage of the time the load > >balance attempt will outright fail. > > > >Don't see this replacing BGP anytime soon. ;) > > > >Chris > >-- > >************************************** > >[email protected] > > > >* Multiprotocol Network Design & Troubleshooting > >http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet > >* Mastering Network Security > >http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet > > > ------- > Peter Van Oene > Senior Systems Engineer > UNIS LUMIN Inc. > www.unislumin.com > >