My organisation is implementing a secondary ISP link (4Mb) to coexist with our primary ISP link (10Mb).
The powers above would like to make use of the 4Mb link rather than have it sit there purely for redundancy.
We are undergoing the process of requesting our own class C public address space and ASN in order to run BGP between both ISP's.
Our problem lies in the fact that BGP can not load balance between differing AS's as per:
Having out own AS and address range will sort our the issues of incoming traffic for some of the services which we present to the outside world (Citrix, OWA etc).
I am aware that the path taken by BGP can be influenced, as to how effective this would be for us is another issue.
The topology we would be looking at is as follows:
Circa 220 users inside
NAT is currently performed by the firewalls, ideally we would like to keep it this way for the sake of logs/ids etc.
They are dual checkpoints in a HA cluster. The checkpoints do have dual ISP capabilities how ever this requires us to run our own external DNS from what we have been advised.
At the end of the day we may have to settle for manually managed load sharing, or a device such as an F5. I how ever thought I would throw up the issue on here to see if anyone else has experience a similar issue.. is there a way of achieving a degree of automated load sharing between the two with failover (not effecting connection based traffic such as SSL which we use for offsite backup transfers).
*3825's have yet to be purchased, they have been chosen to allow for the throughput of the 10Mb link with headroom.