Only a very small network segment, called the customer demilitarized zone (DMZ), has been assigned public addresses.
The customer network is connected to the customer DMZ using two alternate firewalls with both firewalls doing NAT. All packets leaving the customer network have their addresses translated to a public address belonging to the DMZ subnet. The reverse translation is made in the reverse traffic direction.
In this case, the customer requires only a very small block of public addresses. These addresses can be PA addresses. If the customer decides to change its service provider, renumbering is not a problem because only a few devices need to be reconfigured by the customer.
Care must be taken so that traffic flows symmetrically through the firewalls. Otherwise, NAT does not work. The easiest way to achieve this symmetry is to allow only one firewall be active at a time.
Configuring BGP on Cisco Routers (BGP) v3.2
Was this article helpful?
This is the 2nd volume of a 9 volume series called the Webmasters Toolbox package. Search engines are the number one way that internet users find websites. In most cases, a listing in a search engine is free. So, it's no surprise that Search Engine Optimization SEO is often the first priority when marketing a website.