BGP...

[secure.boy]

i want to make this
what do you think?
core router will be ibm x3250 xeon dc, 8gb ram, 2x80sata hdd and 2xIntelDualNic (2+2+2) total 6 nic running ubuntu + quagga

 

[Fint]

no iBGP between your border routers??? and do you have two physically-separate links between each border router and each ISP? sounds like this is a pretty darn important network.. why are you going cheap and using a peecee as a router?

 

[Ockie]

no iBGP between your border routers??? and do you have two physically-separate links between each border router and each ISP? sounds like this is a pretty darn important network.. why are you going cheap and using a peecee as a router?

Quagga is incredibly powerful open sourced alternative.

 

[berky]

I assume your secondary router is purely for failover purposes and you won't be trying to load-balance the connections at all? You really should have a direct connection between your routers and run IBGP between them. Otherwise you will probably run into routing issues.

Also, what are your firewalls? putting the switches in between may be unnecessary depending on what firewalls you are using and their functionality.

edit: also, is having 3 ISP(?) connections really necessary? if it's just for failure reasons, it's probably overkill.

 

[Ockie]

edit: also, is having 3 ISP(?) connections really necessary? if it's just for failure reasons, it's probably overkill.

Leep in mind, he doesn't indicate if it's an ISP or another network like his that he's peering to

 

[torular]

In your configuration you can remove the switches unless you are using them for the routers to talk to each other for iBGP.

 

[archivalbackup]

Have you looked at Vayatta?

Are you going to be running HSRP between the Core Routers or some sort of IGP ?

 

[secure.boy]

this is not a ISP
we have our AS and /19 address,
so i;m going with ubuntu or debain and quagga
firewalls are cisco, checkpoint...

 

[Ockie]

this is not a ISP
we have our AS and /19 address,
so i;m going with ubuntu or debain and quagga
firewalls are cisco, checkpoint...

You should also consider looking at the Juniper J-Series offerings.

 

[Xipher]

While I haven't seen clarification on if the 2 boarder routers are in a fail over configuration, how do you actually intend to handle the fail over if that is the intention? Do you plan on using something along the lines of CARP or just manually fail over?

 

[berky]

this is not a ISP
we have our AS and /19 address,
so i;m going with ubuntu or debain and quagga
firewalls are cisco, checkpoint...

so you either have one of each vendor for your firewall or you don't know yet?

either way, you have to determine if you are going to run active/active or active/standby. you'll also have to determine how your firewalls do HA and if they can run an IGP (ospf, rip, etc). if they can do ospf, you will most likely not need the switches, and you could plug them directly into the router (assuming you connect the routers to each other). However, if you use cisco firewalls, the way they do HA, you'll have to keep the switches since each ASA would have to be in the same subnet (the IP floats between each during failover). Anyway, point is that you have to know the capabilities of your firewalls also.

For the routers, instead of running a cable from each router to each switch, use that extra port to run a cable between the routers, and just have each router go to it's local switch. essentially, it would look like this:

AS-x        AS-y      AS-z
 |  \       /  |     /   |
 |    \   /    |  /     /
 |     /\     / |      /
 |   /    /\     |    /
 |  /  /      \   |  /
 |/ /            \|/
R1--------------- R2
 |                |
 |                |
 |                |
SW1--------------SW2
 |                |
 |                |
 |                |
FW1--------------FW2
 |                |
 |                |
 |                |
SW3--------------SW4
 |              /
 |           /
 |       /
 |   /
Host

again, it depends on your firewall abilities to know if you actually need sw1 and 2, and the ability of your switch to know if you could combine 1/3 and 2/4.

 

[Xipher]

The problem with dropping the crossing between the routers, switches, and firewalls is if R1 and SW2 die, you're dead. Now the chances of this all happening may be small but still better to do it so at no matter which one of a pair dies the other side can handle.

 

[Valnar]

Honestly, if you are in charge of connecting your ASN to three others, and have that big of a network, I have to question your need for [H] input.

 

[niccoli]

If you have a /19, your own ASN and are connecting to three upstreams why would you go with a cheap solution at the edge? I'm all for open source but if it's that important go with something field proven such as a Cisco or Juniper box instead. We use Cisco 7206VXR's at our edge, looking at the new ASR line as well as juniper to slowly phase in as the 7206's need replaced.

 

[secure.boy]

If you have a /19, your own ASN and are connecting to three upstreams why would you go with a cheap solution at the edge? I'm all for open source but if it's that important go with something field proven such as a Cisco or Juniper box instead. We use Cisco 7206VXR's at our edge, looking at the new ASR line as well as juniper to slowly phase in as the 7206's need replaced.

that is not a cheap solution
i need only fe or ge interfaces

 

[berky]

The problem with dropping the crossing between the routers, switches, and firewalls is if R1 and SW2 die, you're dead. Now the chances of this all happening may be small but still better to do it so at no matter which one of a pair dies the other side can handle.

True, but I've found that trying to engineer a solution for more than a single failure at any one time typically becomes a kludged solution. Not that it can't be done, but remember you have to manage it and know how everything will work if something does fail. I guess it all depends on how important the data is and how much you're willing to spend.

 

[Xipher]

that is not a cheap solution
i need only fe or ge interfaces

Keep in mind that even servers are not the greatest design to function as routers. While you may have the interfaces to handle the traffic the various pathways inside the machine can become your bottleneck and will introduce some additional latency compared to purpose built hardware and software.

 

[just2cool]

ASICs > general purpose CPU

I cringe every time when I'm using a feature on my routers that punts packets out to the CPU... but sometimes it's not avoidable.

 

[Ockie]

that is not a cheap solution
i need only fe or ge interfaces

How is that not cheap? The J2320 from Juniper is about $1,999 brand new, provides you with 600Mbit performance, comes with a warranty and optional 4 or 2 hour replacement programs. 4 ge interfaces with the option to expand using the pic modules.

Yes, the 7200 in general is pretty expensive, but there are many other options out there, including it's compeditor, the J2320 as I mentioned earlier.

 

[secure.boy]

How is that not cheap? The J2320 from Juniper is about $1,999 brand new, provides you with 600Mbit performance, comes with a warranty and optional 4 or 2 hour replacement programs. 4 ge interfaces with the option to expand using the pic modules.

Yes, the 7200 in general is pretty expensive, but there are many other options out there, including it's compeditor, the J2320 as I mentioned earlier.

i saw in one data sheet the J2320 has 256/512mb ram that looks funny for me

 

[Ockie]

i saw in one data sheet the J2320 has 256/512mb ram that looks funny for me

I'm not sure how that looks funny? The J2320 is recommended over quagga and is competitive to the 7200 cisco series units.

I actually have several J2320's and they are nothing to sneeze at in terms of performance. (I also have a 7200VXR to compare to) With an active/active configuration on high availability, you are talking about 1,200Mbit/sec performance with firewall protection... thats pretty good numbers for the costs associated with it.

 

[just2cool]

Yeah, what's funny?! Haha..

Ockie -- I'm curious.. were you comparing that against a 7200 NPE-G1 or G2? Those numbers on the Juniper seem pretty good.

At any rate, you're only peering with 3 ASes, so you should get by using that server if you're set on it.. provided that they aren't advertising the full BGP table. Just don't underestimate the power of specialized hardware, even if the specs don't look astonishing. Think of software rendering a game vs having a dedicated GPU...

 

[xphil3]

well , I got in here a bit late... where to start.....

no iBGP between your border routers??? and do you have two physically-separate links between each border router and each ISP?

I assume your secondary router is purely for failover purposes and you won't be trying to load-balance the connections at all? You really should have a direct connection between your routers and run IBGP between them. Otherwise you will probably run into routing issues.

iBGP is definitely not a need for this layout, technically you can 100% get away with this and any IGP and not have to use an EGP, then again you lose the one benefit of BGP and thats path manipulation. Also, we cant assume that hes using it for failover because we don't know what hes doing with his eBGP attributes nor how is end hosts at the edge communicate with the rest of the outside world.

In your configuration you can remove the switches unless you are using them for the routers to talk to each other for iBGP.

Negative, the switch is being used for any kind of RP connectivity for the CE routers as well as the failover for the ASA's(since theres no direct connection). If we removed the outside switches we would need to directly connect both routers and both ASA's.

However, if you use cisco firewalls, the way they do HA, you'll have to keep the switches

Cross-over cable . This is how we suggest that you configure the ASA if at all possible. If you must traverse the switch, carve out a L2 VLAN for the failover.

True, but I've found that trying to engineer a solution for more than a single failure at any one time typically becomes a kludged solution. Not that it can't be done, but remember you have to manage it and know how everything will work if something does fail. I guess it all depends on how important the data is and how much you're willing to spend.

Meh, this is a lazyness statement. Good engineering will always, no matter what bring the single point of failure as close to the inner edge as possible. Your prior statement would literally have the single point of failure at the CE routers, that is totally unacceptable by any standards.


fewwww.... now on to my recommendations. I think your layout is great. That said, I think that you need to consider the technologies that you plan to implement to make it fully redundant. This means configuring VRRP on your edge routers for inside redundancy, configuring failover on your ASA's(assuming that you're in route mode), routing down to the access layer so your hosts will reference a virtual ip/mac address.

As you can see, we only covered IP failover... you also must consider other things like asymmetric routing issues since you're peering with more than one AS. You have to do things like path prepending, MED manipulation, etc. If you decide to go with iBGP between your edge devices remember to manipulate local pref. to ensure that you're traffic never traverses the "secondary" router unless your bgp neighborship goes down and the routes are re-drawn.

I always like to suggest to my customers to implement upstream interface tracking using IPSLA. If you're only getting a quad zero from your peers then you can manipulate default routes with this and do many other things. This also poses the question, are you going to be a transit AS? If not, peering with 3 people and not doing any kind of balancing between AS's makes no sense what so ever.

Lastly, I want to comment on your equipment choice. I understand that you have your heart set on that equipment but it will NEVER give you performance close to what you would see with a Cisco or Juniper product. Each IOS for either of those two vendors was built to route packets as quickly as possible. Someone said that ASICS are better than computer hardware earlier in this thread... well they were kind of right, on Cisco routers there aren't ASICS but there are dedicated routing processors and CEF tables, which alone are the reason why packet switching is so fast today. No matter how beefy you're server is, you still have some piece of software that is process switching everything off to the CPU, which may not have cycles available. Just some food for thought.

well, Ill get off my soap box now.

HTH

 

[Ockie]

Yeah, what's funny?! Haha..

Ockie -- I'm curious.. were you comparing that against a 7200 NPE-G1 or G2? Those numbers on the Juniper seem pretty good.

At any rate, you're only peering with 3 ASes, so you should get by using that server if you're set on it.. provided that they aren't advertising the full BGP table. Just don't underestimate the power of specialized hardware, even if the specs don't look astonishing. Think of software rendering a game vs having a dedicated GPU...

G1, we didn't bother upgrading due to the costs involved and we pay quite an absurd amount of money on the service contracts on the 7200 unit itself.

 

[berky]

well , I got in here a bit late... where to start.....



iBGP is definitely not a need for this layout, technically you can 100% get away with this and any IGP and not have to use an EGP, then again you lose the one benefit of BGP and thats path manipulation. Also, we cant assume that hes using it for failover because we don't know what hes doing with his eBGP attributes nor how is end hosts at the edge communicate with the rest of the outside world.

no routing protocol is ever "necessary", but it's pretty darn stupid not to use them. Also, it's pretty much standard practice not to run IGP between different AS's that you don't manage. Regardless of what he's using the secondary router for, if he's running BGP with the 3 AS's, he's going to want to run iBGP between the routers.

Negative, the switch is being used for any kind of RP connectivity for the CE routers as well as the failover for the ASA's(since theres no direct connection). If we removed the outside switches we would need to directly connect both routers and both ASA's.


Cross-over cable . This is how we suggest that you configure the ASA if at all possible. If you must traverse the switch, carve out a L2 VLAN for the failover.

You missed my point. You can't directly connect the ASA to the router IF you are using it in an HA configuration. This is due to the fact that the IP you would place on the primary ASA will move to the second one in the case of a failure (there's only a single line in the entire config that doesn't get copied to the standby ASA). Essentially you would be trying to have an interface on R1, R2, FW1, and FW2 be in the same network (again, because the ASA copies the config) without any switching between them.

Meh, this is a lazyness statement. Good engineering will always, no matter what bring the single point of failure as close to the inner edge as possible. Your prior statement would literally have the single point of failure at the CE routers, that is totally unacceptable by any standards.

again, i think you missed my point. Nowhere in the crappy ascii diagram I provided above is there a single point of failure other than the host itself. I was saying that we dont' ever try to account for more than 1 failure.

 

[xphil3]

no routing protocol is ever "necessary", but it's pretty darn stupid not to use them. Also, it's pretty much standard practice not to run IGP between different AS's that you don't manage. Regardless of what he's using the secondary router for, if he's running BGP with the 3 AS's, he's going to want to run iBGP between the routers.

No where in my statement did I say that he did not need to run a routing protocol. I said that he did not need to run INTERIOR bgp, that he could use any other IGP if he would like. Secondly, if hes wants to peer with public AS's hes going to be forced to use BGP, I thought I made that obvious when I said we didn't know what kind of attribute manipulation he was going to be doing. Lastly, he does NOT, let me say that again.. he does NOT need to run iBGP between his routers. Running iBGP in this case will not gain you ANYTHING(unless you want to do some kind of pathing manipulation). With VRRP properly configured and AS path prepending configured on the secondary router traffic will NEVER see the secondardy router. Fin.

again, i think you missed my point. Nowhere in the crappy ascii diagram I provided above is there a single point of failure other than the host itself. I was saying that we dont' ever try to account for more than 1 failure.

No, im not missing your point but I do see a very poorly engineered(if you can call it that) solution. Just pointing that out, if I went to a customer with that and they had half a brain I would be laughed at.

 

[just2cool]

Pretty good post, I have a few comments.

iBGP is definitely not a need for this layout, technically you can 100% get away with this and any IGP and not have to use an EGP, then again you lose the one benefit of BGP and thats path manipulation.

Since his topology is fully-meshed with the ASes, I agree.

Meh, this is a lazyness statement. Good engineering will always, no matter what bring the single point of failure as close to the inner edge as possible. Your prior statement would literally have the single point of failure at the CE routers, that is totally unacceptable by any standards.

Couldn't agree more. If you've got the money, keep single failures at the access level.

Someone said that ASICS are better than computer hardware earlier in this thread... well they were kind of right, on Cisco routers there aren't ASICS but there are dedicated routing processors and CEF tables, which alone are the reason why packet switching is so fast today. No matter how beefy you're server is, you still have some piece of software that is process switching everything off to the CPU, which may not have cycles available.

CEF is an IOS hack to get around the overhead of context switching, not a hardware feature. The FIB for it is allocated from main memory. As for as the ASICs go... well, even a route processor is technically an ASIC as it is application specific. Line cards also have their own ASICs -- why bother the main processor if two hosts are on the same card (e.g. dCEF)? Even on the newer Nexus 7010 platform, there's an ASIC that muxes 4 10Gb interfaces, and then an ASIC that muxes those ASICs. To say that ASICs don't exist in routers is like saying they don't have capacitors... there are plenty of them. I just hope you weren't a comp eng or EE major!

 

[xphil3]

CEF is an IOS hack to get around the overhead of context switching, not a hardware feature. The FIB for it is allocated from main memory. As for as the ASICs go... well, even a route processor is technically an ASIC as it is application specific. Line cards also have their own ASICs -- why bother the main processor if two hosts are on the same card (e.g. dCEF)? Even on the newer Nexus 7010 platform, there's an ASIC that muxes 4 10Gb interfaces, and then an ASIC that muxes those ASICs. To say that ASICs don't exist in routers is like saying they don't have capacitors... there are plenty of them. I just hope you weren't a comp eng or EE major!

You're absolutely right about CEF, both the FIB and adjacency table is software driven, didn't think I said it was hardware. I was just stating that by utilizing CEF packet switching would tremendously faster( due to not having to constantly do RIB lookups, rewrites per packet, etc). As for the ASICs, I think that we were arguing semantics here, technically routers do have ASICs by pure definition, but they are not called ASICs by anyone at Cisco(not even the developers), they are considered routing processors. You're also right about each card having its on dCEF table(if we're talking switch cards) and it not having to go out to the main RP because it already have a synch'd version of the FIB from the main RP then utilizing one of the ASICs from the port group. If we are speaking Cisco hardware, ASIC's relate to switching engines while routing processors refer to packet switching engines for the routing platform.

And no, I was not an EE or comp eng major(network engineering actually) but I do use the correct terminology

 

[just2cool]

You're absolutely right about CEF, both the FIB and adjacency table is software driven, didn't think I said it was hardware. I was just stating that by utilizing CEF packet switching would tremendously faster( due to not having to constantly do RIB lookups, rewrites per packet, etc). If we are speaking Cisco hardware, ASIC's relate to switching engines while routing processors refer to packet switching engines for the routing platform.

Ah, ok... yeah, I tend to break things down further than they really need to be. I guess I'm still in college mode where I want to know how all components build on each other.

And no, I was not an EE or comp eng major(network engineering actually) but I do use the Cisco terminology

Fixed this for you . Man, this is what scares me about taking the CCIE someday. Finding the "right" way to phrase or do things.

 

[Fint]

As for the ASICs, I think that we were arguing semantics here, technically routers do have ASICs by pure definition, but they are not called ASICs by anyone at Cisco(not even the developers), they are considered routing processors.

Hrm... are you sure about this?

BW-3750-CoreSWA#show platform port-asic version

Port-Asic Version Info:
========================
ASIC-0: Version:8 DeviceType:0x2C1
ASIC-1: Version:9 DeviceType:0x2F4
ASIC-2: Version:9 DeviceType:0x2F4
ASIC-3: Version:9 DeviceType:0x2F4
ASIC-4: Version:9 DeviceType:0x2F4
ASIC-5: Version:9 DeviceType:0x2F4
ASIC-6: Version:9 DeviceType:0x2F4
ASIC-7: Version:9 DeviceType:0x2F4
ASIC-8: Version:9 DeviceType:0x2F4
ASIC-9: Version:9 DeviceType:0x2F4
ASIC-10: Version:9 DeviceType:0x2F4
ASIC-11: Version:9 DeviceType:0x2F4
ASIC-12: Version:9 DeviceType:0x2F4
BW-3750-CoreSWA#sh ver | inc IOS
Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2)
BW-3750-CoreSWA#

 

[Fint]

oh, and as an aside, its nice to see some more Enterprise-grade discussions on here.. not just "my linksys router is slow when committing theft via BitTorrent!"

 

[QHalo]

Hrm... are you sure about this?

BW-3750-CoreSWA#show platform port-asic version
 
Port-Asic Version Info:
========================
ASIC-0: Version:8 DeviceType:0x2C1
ASIC-1: Version:9 DeviceType:0x2F4
ASIC-2: Version:9 DeviceType:0x2F4
ASIC-3: Version:9 DeviceType:0x2F4
ASIC-4: Version:9 DeviceType:0x2F4
ASIC-5: Version:9 DeviceType:0x2F4
ASIC-6: Version:9 DeviceType:0x2F4
ASIC-7: Version:9 DeviceType:0x2F4
ASIC-8: Version:9 DeviceType:0x2F4
ASIC-9: Version:9 DeviceType:0x2F4
ASIC-10: Version:9 DeviceType:0x2F4
ASIC-11: Version:9 DeviceType:0x2F4
ASIC-12: Version:9 DeviceType:0x2F4
BW-3750-CoreSWA#sh ver | inc IOS
Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2)
BW-3750-CoreSWA#

Wouldn't what he said about switching engines using ASIC's and considering you're running this command on what is still considered a switch mean he was right? I know it's a capable of running layer 3 but just for clarification it's still a switch.

If we are speaking Cisco hardware, ASIC's relate to switching engines while routing processors refer to packet switching engines for the routing platform.

 

[berky]

No where in my statement did I say that he did not need to run a routing protocol. I said that he did not need to run INTERIOR bgp, that he could use any other IGP if he would like. Secondly, if hes wants to peer with public AS's hes going to be forced to use BGP, I thought I made that obvious when I said we didn't know what kind of attribute manipulation he was going to be doing. Lastly, he does NOT, let me say that again.. he does NOT need to run iBGP between his routers. Running iBGP in this case will not gain you ANYTHING(unless you want to do some kind of pathing manipulation). With VRRP properly configured and AS path prepending configured on the secondary router traffic will NEVER see the secondardy router. Fin.

Sure he can run an IGP, but if he's not running iBGP, he'd have to redistribute routes from BGP into OSPF/RIP/whatever. But then again, that's more a matter of (like you said) what he wants to do with the routes he receives. All I'm saying is that in most cases, you are better off just setting up the iBGP from the get-go (more of a best practices type of thing).

No, im not missing your point but I do see a very poorly engineered(if you can call it that) solution. Just pointing that out, if I went to a customer with that and they had half a brain I would be laughed at.

Please, by all means, explain to me why a customer would laugh at the solution? Seriously, I want to know what you are talking about. My *assumption* (and i know that we've all done a lot of assuming in this thread), is that you are making assumptions on how things would be configured. I can guarantee you that the solution I have shown does work, and works well if configured properly. However, we're all here to learn and I would love for you to show me a better one and point out exactly what you think is wrong with it.

 

[xphil3]

Sure he can run an IGP, but if he's not running iBGP, he'd have to redistribute routes from BGP into OSPF/RIP/whatever. But then again, that's more a matter of (like you said) what he wants to do with the routes he receives. All I'm saying is that in most cases, you are better off just setting up the iBGP from the get-go (more of a best practices type of thing).

Once again, there is no benefit from running either an IGP or EGP within his AS if he configures VRRP with AS-path prepending on his secondary device. The only benefit that he would gain from running iBGP is preventing asymmetric routing conditions if he was *not* running a virtual failover protocol.

Please, by all means, explain to me why a customer would laugh at the solution? Seriously, I want to know what you are talking about. My *assumption* (and i know that we've all done a lot of assuming in this thread), is that you are making assumptions on how things would be configured. I can guarantee you that the solution I have shown does work, and works well if configured properly. However, we're all here to learn and I would love for you to show me a better one and point out exactly what you think is wrong with it.

I think I should restate what I was saying, your solution does work. I never said that it didn't, just that it was poorly engineered. The reason I said that was because from my standpoint, and the customers that I deal(ISP's and enterprise level customers) with that solution is NOT fault tolerant. Yes, there is no *single* point of failure but if other failures do occur in your designed your hosed(which was stated earlier in this thread). Now, you recommended that solution to the OP, who clearly had enough interfaces on his CE routers to redundantly connect them to his "outside" switches, to remove those links. In that situation alone, the solution is poorly engineered.

You're a smart dude, not saying anything otherwise but for ISP/enterprise level customers your solution would be sent back to engineering.

With all this said, you're right... we're doing a whole lot of assuming and flaming(which is always good fun, its how I learn most of the time). I think threads like these are the more valuable threads on the forums. Think about it, You, me and a few others have basically engineered a solution for this guy, for FREE.... thank god I didn't have to sign an non-compete

 

[berky]

Once again, there is no benefit from running either an IGP or EGP within his AS if he configures VRRP with AS-path prepending on his secondary device. The only benefit that he would gain from running iBGP is preventing asymmetric routing conditions if he was *not* running a virtual failover protocol.


I think I should restate what I was saying, your solution does work. I never said that it didn't, just that it was poorly engineered. The reason I said that was because from my standpoint, and the customers that I deal(ISP's and enterprise level customers) with that solution is NOT fault tolerant. Yes, there is no *single* point of failure but if other failures do occur in your designed your hosed(which was stated earlier in this thread). Now, you recommended that solution to the OP, who clearly had enough interfaces on his CE routers to redundantly connect them to his "outside" switches, to remove those links. In that situation alone, the solution is poorly engineered.

You're a smart dude, not saying anything otherwise but for ISP/enterprise level customers your solution would be sent back to engineering.

With all this said, you're right... we're doing a whole lot of assuming and flaming(which is always good fun, its how I learn most of the time). I think threads like these are the more valuable threads on the forums. Think about it, You, me and a few others have basically engineered a solution for this guy, for FREE.... thank god I didn't have to sign an non-compete

ok, fair enough.

For the record, in the arena I deal with (gov't datacenters), they seem to be fine with only accounting for a single failure at any point in time. Perhaps things are different in the commercial world, and to be honest, I'd love to get out of the gov't work (way too many headaches). These are the things I've been taught since I started, and no one has told me otherwise, so I'll definitely keep this in mind.

 

[xphil3]

For the record, in the arena I deal with (gov't datacenters), they seem to be fine with only accounting for a single failure at any point in time. Perhaps things are different in the commercial world, and to be honest, I'd love to get out of the gov't work (way too many headaches). These are the things I've been taught since I started, and no one has told me otherwise, so I'll definitely keep this in mind.

Heh, I as well do the Govt work(bunch of different orgs). Things in the commercial world are a bit different but more so when it relates to the pace of how things get done. Government has and will also be slower. Sit tight with your govt job(especially if you're a contractor) as its the best and secure place to be in at the current moment

 

[berky]

Heh, I as well do the Govt work(bunch of different orgs). Things in the commercial world are a bit different but more so when it relates to the pace of how things get done. Government has and will also be slower. Sit tight with your govt job(especially if you're a contractor) as its the best and secure place to be in at the current moment

Yep, contractor. I'm definitely not going anywhere for a while (so long as we continue to win the contract).

 

[just2cool]

Perhaps things are different in the commercial world, and to be honest, I'd love to get out of the gov't work (way too many headaches).

Hahaha, dude, stay out of the financial firms. Trust me, it's been almost too crazy during these times. I guess I do learn a lot though since every millisecond is worth big bucks, or at least they used to be

 

[secure.boy]

...