What is border (edge) router for?

Discussion in 'Cisco' started by Anton Panyushkin, Nov 7, 2004.

  1. I've got rather stupid network desing question.

    Let's consider the following network diagram

    Enterprise Border
    Central --------- Firewall --------- router -------- Internet
    Router

    I saw a lot of IP networks diagram from cisco based on the template
    listed above. They gave good explanation for purpose of access
    routers, central router and firewall, but, according to cisco's
    diagrams, the only reason border router is delpoyed between firewall
    and Internet is that this router provide some kind of WAN (serial)
    Interface for Internet access.
    Therefore U have a series of question abount border router:
    Why do I need border router in this network?
    What kings of work are executed by border router?
    Is it safe to directly connect outside interface of my firewall to
    Internet?
     
    Anton Panyushkin, Nov 7, 2004
    #1
    1. Advertisements

  2. Anton Panyushkin

    Layer3guru Guest

    Well for starters you are right this is mainly used to terminate
    connectivity that is not supported on the firewall devices. So things like
    Serial, HSSI etc to terminate ds3's and the like. The other is for things
    like routing like our provider has given us a ethernet connection burstable
    to gigabit but to connect with them you must be using BGP even if you just
    want to get a default route from them. So those 2 things are the most things
    you will run in to.
     
    Layer3guru, Nov 7, 2004
    #2
    1. Advertisements

  3. If your firewall has the right kind of interface, you could do that.
    But most firewalls don't support T1/E1, Frame Relay, ATM, or other
    high-speed WAN connections.

    Having a separate router also allows you to put some servers outside the
    firewall, if necessary.

    Enterprise Border
    Central --------- Firewall ---+----- router -------- Internet
    Router |
    Public |
    Server------|

    This isn't necessarily the best configuration -- if your firewall has
    three or more interfaces, it may be better to put public servers on a
    "service" network connected to the third interface. But some protocols
    may be difficult to operate through a firewall, so they need to be
    outside completely.
     
    Barry Margolin, Nov 7, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.