On 2007/02/15 20:00, Jacob Yocom-Piatt wrote: > i plan on connecting the 2nd connection that supplies netblock > w.x.y.z/29 to the same firewall and, unless someone can point me towards > a better option, changing the DNS for the site to point to an IP in the > new netblock. if there are any "gotchas" about such a setup, please > point me towards the relevant docs. > > i've read about using the route-to to balance outbound connections in > the pf address pools docs, but i don't see this being immediately > helpful for hosting purposes since the inbound connections should come > in on both netblocks in the case that the load is spread over the two > connections.
best setup unless the ISPs are somewhat specialist and you have access to clueful techs to whom you can communicate your requirements would be to list two addresses (one from each block) in DNS and use *reply-to*. otherwise, as mentioned, you may or may not have problems with ISP ingress filters, more importantly it also be ok now but stop working later at some random and quite inconvenient moment. (this also may be a problem with clueful techs; it's often less trouble to avoid asking ISPs to do something they don't normally do). asymmetric routing is, in itself, rarely a problem (it's pretty common in BGP-land since each router makes its own decision about best path).
