On Jul 16, 2012, at 10:20 PM, valdis.kletni...@vt.edu wrote:

> On Mon, 16 Jul 2012 21:31:42 -0700, Owen DeLong said:
>> Think HA pairs in Pittsburgh, Dallas, and San Jose.
>> 
>> Now imagine each has different upstream connectivity and the backbone
>> network connecting all the corporate sites lives inside those firewalls.
>> 
>> The real solution to this is to move the backbone outside of the firewalls
>> and connect the internal networks via VPNS that ride the external backbone
>> and can be routed over the internet safely when a backbone link fails.
> 
> Wouldn't this be even easier if you gave each machine involved multiple
> addresses, one ULA and one external?  This isn't IPv4 anymore, you can
> stick multiple addresses on an interface. :)

Not really... Doesn't help with the situation where you go from
        host->Firewall A-> web server on the external internet
and the response goes
        web server->Firewall B-> X (Firewall B has no state table entry for the 
session).

Owen


Reply via email to