Connections to Common Services

As was briefly mentioned in Chapter 1, "Hierarchical Design Principles," common use resources, such as server farms and connections to the Internet, can be connected directly to the core of the network or through a DMZ. If these common services are attached directly to the core, the most visible single point of failure will be the network these common services are attached to. Side A of Figure 3-13 illustrates this single point of failure.

In the network illustrated by Side B of Figure 3-13, the server farm has been connected to two core routers, so the failure of a single router will not affect the reachability of the server farm.

In a similar way, Figure 3-14 illustrates multiple connections to an external routing domain for redundancy. In this case, the links to the external routing domain are directly attached to the core.

Providing redundancy for links through a DMZ is more complicated because there are two points of failure that need to be considered: the link between the core and the DMZ, and the link between the DMZ and the external domain. Figure 3-15 illustrates an external routing domain attached through a redundant DMZ.

Listed below are some issues with having redundant links to external routing domains:

• Any routes the external routing domain is injecting into your network will be injected twice—once through each connection.

• Care must be taken so the core of your network doesn't become a transit network for traffic between two destinations in the external domain. This is particularly true for connections to the Internet.

• If multiple DMZs are used with separate firewall devices, either the firewall devices must coordinate their activities or some effort must be made to prevent a session, which initially uses the path through one firewall, from switching to the path through the other firewall in the middle of the session.