Great Circle Associates Firewalls
(January 1998) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Reliability/n routers (was SNI revised -- (was: Fraudulent SA 's solved))
From: rdew @ el . nec . com (Bob De Witt)
Date: Thu, 22 Jan 1998 16:16:03 -0800
To: daemond @ ibm . net, ryanr @ sybase . com
Cc: firewalls @ GreatCircle . COM 
On Wed, 21 Jan 1998, Geoff Gowey wrote to Ryan Russell:

----- Begin Included Message -----

On Tue, 20 Jan 1998, Ryan Russell wrote:

> >Reliability for the system as a whole (as stated) would be
> >half because if either of the routers goes down, the system
> >*as a whole* is gone.  

>Not if it's a two router design and the internal router is the one that
>blows.  A one router design would take down the entire net if it went, but a
>two router wouldn't unless your outside router gets knocked out.  

My understanding is that Ryan's system had the 2 routers in series.  If 
either one is down, the internal net is off-line.

> >In general, the MTBF is divided by
> >the number of devices if they are interdependent.

>Eh?  I thought MTBF was the rating for the reliability of the device its
>self.  With a two router design (if both routers were identical
>[manufacturer, model, etc.]) the MTBF would be equal.

Not true.  MTBF adds like resistors in parallel.  1/xxx + 1/xxx = 2/xxx ;
that's 1/2 the 'xxx' value.

> >If you only care about the outside router, then a one router
> >design has the same chance of failure, and costs half
> >as much (or is free, if the one router is already owned.)

>The outside router is an important part of any link, but don't let it be the
>only link.

OK on this one, but ...

> >Filtering capabilites are the same in either design.  Chances
> >for screwing up the config should be approximatly the same.

Not true.  The access lists should be different due to their placement in
the DMZ area.  The internal one is a serious choke router, while the other
must provide world wide, but limited, access.

>Granted.  However, I am also concerned with reliability and not letting the
>network be taken down in one swoop.  One scenario: a surge hits your
>outside router.  If your outside router is your only router (one router
>design) then your shop is closed until that can be rectified.  However, if
>you're running two the second router can be quickly modified to do your one
>router design until a replacement for the blown router is replaced.  L8r.

Redundancy is the name of the game if you are serious about providing a link
to the outter world.  Do NOT forget the bandwidth issue as an equivalent to 
down (or nearly down) time.  Include an alternate router to an alternate ISP
in your equation.

***  stuff removed  ***

----- End Included Message -----

Ciao,
   Robert De Witt,
   1-408-588-5525,
   rdew @
 el .
 nec .
 com
Indexed By Date Previous: SNMP MAIL LIST ?
From: sethuram @ crlbel . ernet . in
Next: OPSEC
From: Les Arrow <larrow @ vpnet . com>
Indexed By Thread Previous: SNMP MAIL LIST ?
From: sethuram @ crlbel . ernet . in
Next: OPSEC
From: Les Arrow <larrow @ vpnet . com>
Google
 
Search Internet Search www.greatcircle.com