We are expecting like 16 Mbps from each ISP and each is a serial.. I see your point with the single point of failure, but actually I'm concerned about the complexity of the setup with 2 routers; my concerns here are:
1- Is their a possibility that the traffic that enters the network from one link can go out from the other link?
2- I'm sure with this scenario that I'd need to deploy my FW pair in Active-Active mode, but with PIX, the Active-Active setup is not mature and I'm concerned that it will cause me problems since my understanding that Active-Active in PIX is originally designed to feed separate internal subnets and not the same internal subnet (i.e. in most of the cases you'll receive in PIX errors related to duplicate static and NAT should you have configured the NAT to be the same on the different security contexts).
I'm attaching with this post a draft design for how the network with 2 routers in the perimter and the rest of the components connected together will look like; please have a look and advise taking into account my concerns mentioned above. Please also let me know based on the link BW mentioned what router models you'd recommend me to go with in case I chose to go with 1 router.
You are correct that the safety of having two routers and eliminating the single point of failure comes with more complexity. With two routers you will need to configure EBGP on each router to the ISP peer and will need to configure IBGP between your two routers. It will make it slightly more complicated if you want to load balance traffic (how do you get traffic from the internal routers to the "right" external router for the particular destination). But I agree with Paresh that if the additional cost of two routers is not an issue that the design with two routers is probably better.
1) There is certainly a possibility that traffic could come in one link and go out the other link. This is a possibility whether you have a single router or have two routers.
2) The firewall issue can get more complicated when there are two routers, so you are correct here.
Your design scenario with 2 permiter routers with 2 firewalls is not an uncommon setup. You can load balance traffic out by running OSPF on your PIX and permiter routers.
Perimeter routers do not have to be high end routers. One thing you need to make sure is, if you are running BGP and learning full/partial internet routing table, you should have enough memory to handle the routes.
Assuming you are using BGP, you have many options to influence traffic coming into your network and that depends on whether you want incoming traffic load balanced or use one as a primary ISP and the 2nd one as redundant ISP.
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...