General discussion

Locked

dual ISP / fault tolerance

By afram ·
Here is the problem:

We have two ISPs - one provides a T1 and the other is a backup DSL. We have a sonicwall firewall that takes two different ISPs and provides outbound fault tolerance. If the T1 goes down, we can browse the web over DSL. However, customers and remote offices can't see our website or send us email. Does anyone know of a device that will provide both outbound AND inbound fault tolerance for 2 different ISPs?

This conversation is currently closed to new comments.

13 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

This is a routing issue, outside of your shop

by Cactus Pete In reply to dual ISP / fault toleranc ...

Your IP addresses don't route through your DSL, so no one would be able to find you from elsewhere in the internet. You need to either outsource the email or add an MX record for the alternate service's IP address. For web sites, you might consider outsourcing that to a hosting service.

If you want to do this yourself, make sure you get an IP range through the DSL service as large as the one from yout T-1 provider...

Collapse -

re: routing issue

by afram In reply to This is a routing issue, ...

We have a mailbag service that will hold incoming emails and attempts to deliver every 15 minutes until our mail server is reachable again. We do have business DSL with a range of static IPs - there are only 2 servers that really need to be accessed from the Internet and we can't outsource them because they are tied into our ERP.

Radware makes an appliance called a Linkproof device that is supposed to take two ISPs with different IP schemes and merge them together. It sits between the two routers and the firewall and has a built in DNS server that allows inbound traffic to work even if the primary connection dies. We had lots of problems getting it to work and we are looking for something else. A while back, there was a company that made a similar device but they were bought by Symantec who then disconued the product.

Collapse -

OK, but...

by Cactus Pete In reply to re: routing issue

You need to list the IP address with the registrar who holds your domain for you on the name server. That's where you handle the rest of the world seeing your domain.

You will need a service outside your connections that directs to either IP address as necessary. This is not something you can do in-house.

Collapse -

i dont believe you will find a device that will do what you want it to do. the problem lies in the DNS. i know that some isp's use a system that can automatically forward mail to another host if the main host cant be reached. i do see a few options. one being a dirct connection to remote offices. then with that you can get a router with backup dialup that can dialup your servers if the T1 goes down. that will give you the ability to communicate with your remote offices even if your internet is down.
the other option is another domain name pointing to your backup dsl. then train the remote users to change the name of the mail server if the T1 goes down.

hope i was some help

Collapse -

a solution

by apotheon In reply to

Find a proxy service. You'd have to point your domain name at their servers, and they would then act as a proxy so that requests were passed on to your servers. If it's a functional enough proxy service, they will have the ability to set up their system so that it will choose between your different IP addresses based on which is working at a given moment.

Unfortunately, a proxy service would be somewhat expensive. On the plus side, it creates a huge boost to your network's security. In fact, that's the point of most proxy service use: additional security. Microsoft uses a proxy service for its websites (a proxy service, incidentally, that uses Linux and BSD systems to provide the security that MS needs).

Collapse -

re: tolerance

by afram In reply to dual ISP / fault toleranc ...

Foundry Networks makes a device called ServerIron Link Balancer that promises dual ISP inbound/outbound fault tolerance. Looks like some heavy duty (expensive) switches.

Also contacted my T1 Provider. They said they could give us a secondary, idle T1. If the primary failed the backup would kick in automatically and perform inbound and outbound fault tolerance. But, we'd be paying for an idle T1.

Collapse -

Dynamic DNS

by zaferus In reply to dual ISP / fault toleranc ...

If you use Dynamic DNS - many of them have load balancing (of a sort), failover and monitoring - and all for $50 US a year or less!

Lets say you have www.mydomain.com - you can just associate this with your two IP's, one primary one secondary.

Set your DNS expiry to be say 15 seconds, and some DDNS services (although not ours) allow you to have it switch between what is your primary incoming IP every few seconds to give you a rudmentary load balancing as well. To get a true load balancer will cost you thousands and are another piece of equipment to support, this is a great and cheap alternative.

As another perk, SonicWALL's can establish VPN's by domain name, so if you have multiple IP's at your branches you can create excellent failover and by using domain names like vpn1.mydomain.com; vpn2, etc. and have failover VPN links between all your key branches.

As well DDNS sites can monitor if one of these IP's is down and then will direct traffic only through the one that is up until the downed one is restored. As well it can be configured to send you E-mails when the one is down so you know. If you also set your VPN's at branches to these domain names and have them monitored you can know right away if any of them lose their connection. So even if you only have one IP there it's still advantageous to have it monitored with DDNS.

DDNS is great, since we started using it we've had about 10 minutes (total) unscheduled downtime for inbound and outbound connections - even though we've had about 6 hours of failures at one or the other ISPs; and when one goes down we know about it within minutes.

There are tons of DDNS services out there - I recommend you shop around. We use DNS made easy as it was the most cost effective for what we were looking for.

Good luck!

-Zaf

Collapse -

moot point?

by afram In reply to Dynamic DNS

We have a Paetec provider but they report that the outage is due to a Verizon problem - a DS3 went down and the entire neighborhood is out. Will DDNS still be effective?

Collapse -

Re: Moot Point?

by zaferus In reply to moot point?

If it's a common component to Internet for both link you'll be down; DDNS can't magically make a link occur that's not possible.

But if you can keep your two providers as dissimilar as possible (perhaps T1 and Cable) - we use Cable and DSL - it will at least limit the points of failure you can experience. No redundant system is perfect while being cost effective; but our experience with Dynamic DNS has been very positive since we've been using it.

Hope this helps.

-Zaf

Collapse -

offsite or BGP

by netadm In reply to dual ISP / fault toleranc ...

Your problem is that your addresses are only available on the T1, when it goes down the world does not know how to get to you. No device on your site will fix this without some additional work.

We have two T1s, own some addresses and use BGP on our router to handle if one T1 is down. The router knows the address range and advertises it out both T1s. If one T1 goes down that router is no longer advertising that route and the traffic converges to the other T1.

It is more work and there is a bit of start of cost getting a block of IPs, a ASN, and two ISPs that will work with you to do it.

Probably easier would be to put your web server and a mail secondary on a co-location site. The mail could be stored and forwarded on the secondary or it could know both addresses of the primary mail server to try.

Back to IT Employment Forum
13 total posts (Page 1 of 2)   01 | 02   Next

Related Forums