Screen OS

Hi Valuable Members,

 

                                                    I am having SSG550M firewall.  I am using internet leased line from 2 ISP in my datacenter. And i am doing failover via static route and Track-IP mechanism.  The inbound traffic is coming in both link and outbound is going via primary static route (ie., low metric). So the both ISP link are using concurrently

 

                                                     Now., i bought 255 IP addresses (/24) without AS Number from APNIC for my company.  I have applied for AS number from APNIC. I will get the AS Number soon. I don't know how to implement using this IP addresses and AS Number.

 

 

My requirement is....

 

1)   What type of scenario will be going to use. (The Both ISP link will be available)

2)  The Inbound  and outbound traffic will be coming and going via both link using my IP Pool.

3)  Where can i NAT my 255 IPaddresses for my internal servers

5)  What type of protocol will be going to use.

 

Pls. help me to implement.

 

Regards

 

Sasikumar

Hi Sasi,

 

There is no straight forward answer to this query as we have to consider several things while implementing this design:

 

1. Since you be buying an AS number, I believe you will use BGP with your ISP.

2. With BGP in place, you have to talk to your ISPs to accept the routes for your subnet you bought from APNIC.

3. BGP can do load balancing however if you are planning NAt then there has to some rule regarding what type of traffic  

    will go to wich ISP.

 

I will suggest to engage Juniper Professional services to design this for you because wrong design could impact the network performance severly.

 

Regards

Sarab

 

Hi Sarab,

 

                       Thank you for your suggested answer.  My running implementaion is...

 

All inbound traffics are coming via both ISP link and outbound is going via primary static route (ie;low metric) currenly.  Thst is link failover and load sharing. 

 

Now i require to routes the inbound and outbound traffics in both link.

 

 

Regards

 

Sasikumar.

Now receiving and sending traffic on both links would depend upon what sort of traffic are you receiving.

Are you hosting some web servers which users from internet be accessing ?

Are you doing any NAT ?

Also , how are you planning to do inbound load balancing , will you advertise half IPs to one ISP and remaining to other ?

My requirement is....

 

1)   What type of scenario will be going to use. (The Both ISP link will be available)

2)  The Inbound  and outbound traffic will be coming and going via both link using my IP Pool.

3)  Where can i NAT my 255 IPaddresses for my internal servers

5)  What type of protocol will be going to use.

 

Pls. help me to implement.

 

Regards

 

Sasikumar

Hi Sasi,

 

Please find my responses inline:

 

1)   What type of scenario will be going to use. (The Both ISP link will be available)

2)  The Inbound  and outbound traffic will be coming and going via both link using my IP Pool.

 

response to 1 and 2

 

[Sarab] : It depends how to advertise you subnets to ISP. Because it is them who would influence inbound traffic.

                One way would be to advertise half os subnet via one and other half through other ISP. Though this wont ensure equal utilisation however it will keep both links occupied depening on the traffic sent for the subnets advertised to these ISP.

 

For outbound traffic, since you will be employing NAT,  you can try doing Policy based routing to push traffic based on certain conditions like source/destination prefix or port to desired ISP.

 

3)  Where can i NAT my 255 IPaddresses for my internal servers

 

[Sarab] : You have to NAT them on the outgoing interfaces only depending on which ISP you are advertising prefix to.

 

5)  What type of protocol will be going to use.

 

[Sarab] : For such cases BGP is best suited as you have your public subnet as well as AS number.