Asymmetric Routing and State Aware Security Technology

As networks increase in size, so do the chances that they have asymmetric traffic somewhere within them. Asymmetric traffic is traffic that uses a different path for its return than the original path of the request. The topology in Figure 6-21 shows a representative network with several places where asymmetric traffic can occur.

Figure 6-21. Asymmetric Traffic

Figure 6-21. Asymmetric Traffic

Traffic between the user PC and either the finance server or the WWW server can flow in an asymmetric manner at several points along the network. Between the PC and the finance server, switches S1 and S3 are the main location it can occur. Between the PC and the WWW server, traffic could take an asymmetric route at S1 and S2 or at the Internet when returning through ISP A or ISP B.

So far, this is network design 101. Most network designers don't have any problem with asymmetric traffic because IP networks are asymmetric by nature. At each point in the transmission, an IP router makes a forwarding decision based on its view of the network.

This becomes problematic when security devices are introduced that rely on state information to make forwarding decisions. Consider the revised diagram in Figure 6-22, where two stateful firewalls are introduced between campus A and the two Internet connections.

100 SEO Tips

100 SEO Tips

100 SEO Tips EVERY SEO Enthusiast Should Know. This Report 100 SEO Tips will help you to Utilize These Tips to Dominate The Search Engine Today.

Get My Free Ebook


Post a comment