On Jul 16, 2012, at 10:20 PM, valdis.kletni...@vt.edu wrote: > On Mon, 16 Jul 2012 21:31:42 -0700, Owen DeLong said: >> Think HA pairs in Pittsburgh, Dallas, and San Jose. >> >> Now imagine each has different upstream connectivity and the backbone >> network connecting all the corporate sites lives inside those firewalls. >> >> The real solution to this is to move the backbone outside of the firewalls >> and connect the internal networks via VPNS that ride the external backbone >> and can be routed over the internet safely when a backbone link fails. > > Wouldn't this be even easier if you gave each machine involved multiple > addresses, one ULA and one external? This isn't IPv4 anymore, you can > stick multiple addresses on an interface. :)
Not really... Doesn't help with the situation where you go from host->Firewall A-> web server on the external internet and the response goes web server->Firewall B-> X (Firewall B has no state table entry for the session). Owen