Query: Constructing community with a number of ISP, selective Routing.
A ISP, which one for Native Nation Community, with Anti-DDoS Scrubbing (Inbound Supplier).
B ISP, which one for Native Nation Community (Outbound Supplier).
Path.internet, which one for World Community, with Anti-DDoS Scrubbing, Require Symmetric Routing.
A and C ISP is related through Web (utilizing GRE Tunnel)
B ISP is immediately related. (Native IDC Present)
Path.internet doesn’t helps our Native Location, and Path.internet technician saying: for higher anti-ddos efficiency, have to setup Symmetric Community.
We’re presently routing through PBR, A ISP to static routes our prefix, and allow PBR to outbound packets to B ISP.
Now, We have to add Path.internet Community, with Symmetric community path.
Is that this attainable? or, do we have to make yet one more router for path.internet ?
We’re presently utilizing Fortigate as our Core community router.
We’ve got spare Fortigate and Mikrotik RouterOS x86 base.
We’re pondering beneath:
-
R1 maintain A ISP and B ISP, add new R2 maintain Path.internet solely and join each to at least one Core Swap
-
The session from Native Area will routed through R1, and session from Different Area will routed through R2.
-
Swap will study MAC and make session desk, so packets will discover matched path for it
Is that this proper? or Is that this construction technically unattainable?
