On Jul 16, 2012, at 10:20 PM, valdis.kletni...@vt.edu wrote:
> On Mon, 16 Jul 2012 21:31:42 -0700, Owen DeLong said:
>> Think HA pairs in Pittsburgh, Dallas, and San Jose.
>>
>> Now imagine each has different upstream connectivity and the backbone
>> network connecting all the corporate sites lives inside those firewalls.
>>
>> The real solution to this is to move the backbone outside of the firewalls
>> and connect the internal networks via VPNS that ride the external backbone
>> and can be routed over the internet safely when a backbone link fails.
>
> Wouldn't this be even easier if you gave each machine involved multiple
> addresses, one ULA and one external? This isn't IPv4 anymore, you can
> stick multiple addresses on an interface. :)
Not really... Doesn't help with the situation where you go from
host->Firewall A-> web server on the external internet
and the response goes
web server->Firewall B-> X (Firewall B has no state table entry for the
session).
Owen
