General discussion
-
CreatorTopic
-
December 15, 2004 at 11:29 am #2292268
dual ISP / fault tolerance
Lockedby afram · about 19 years, 4 months ago
Here is the problem:
We have two ISPs – one provides a T1 and the other is a backup DSL. We have a sonicwall firewall that takes two different ISPs and provides outbound fault tolerance. If the T1 goes down, we can browse the web over DSL. However, customers and remote offices can’t see our website or send us email. Does anyone know of a device that will provide both outbound AND inbound fault tolerance for 2 different ISPs?
This conversation is currently closed to new comments. -
CreatorTopic
All Comments
-
AuthorReplies
-
-
December 15, 2004 at 12:24 pm #3304210
This is a routing issue, outside of your shop
by cactus pete · about 19 years, 4 months ago
In reply to dual ISP / fault tolerance
Your IP addresses don’t route through your DSL, so no one would be able to find you from elsewhere in the internet. You need to either outsource the email or add an MX record for the alternate service’s IP address. For web sites, you might consider outsourcing that to a hosting service.
If you want to do this yourself, make sure you get an IP range through the DSL service as large as the one from yout T-1 provider…
-
December 15, 2004 at 12:51 pm #3304200
re: routing issue
by afram · about 19 years, 4 months ago
In reply to This is a routing issue, outside of your shop
We have a mailbag service that will hold incoming emails and attempts to deliver every 15 minutes until our mail server is reachable again. We do have business DSL with a range of static IPs – there are only 2 servers that really need to be accessed from the Internet and we can’t outsource them because they are tied into our ERP.
Radware makes an appliance called a Linkproof device that is supposed to take two ISPs with different IP schemes and merge them together. It sits between the two routers and the firewall and has a built in DNS server that allows inbound traffic to work even if the primary connection dies. We had lots of problems getting it to work and we are looking for something else. A while back, there was a company that made a similar device but they were bought by Symantec who then disconued the product.
-
December 16, 2004 at 9:05 am #3302402
OK, but…
by cactus pete · about 19 years, 4 months ago
In reply to re: routing issue
You need to list the IP address with the registrar who holds your domain for you on the name server. That’s where you handle the rest of the world seeing your domain.
You will need a service outside your connections that directs to either IP address as necessary. This is not something you can do in-house.
-
-
-
December 15, 2004 at 2:41 pm #3297913
Reply To: dual ISP / fault tolerance
by support#netropole.com · about 19 years, 4 months ago
In reply to dual ISP / fault tolerance
i dont believe you will find a device that will do what you want it to do. the problem lies in the DNS. i know that some isp’s use a system that can automatically forward mail to another host if the main host cant be reached. i do see a few options. one being a dirct connection to remote offices. then with that you can get a router with backup dialup that can dialup your servers if the T1 goes down. that will give you the ability to communicate with your remote offices even if your internet is down.
the other option is another domain name pointing to your backup dsl. then train the remote users to change the name of the mail server if the T1 goes down.hope i was some help
-
December 15, 2004 at 4:20 pm #3297873
a solution
by apotheon · about 19 years, 4 months ago
In reply to Reply To: dual ISP / fault tolerance
Find a proxy service. You’d have to point your domain name at their servers, and they would then act as a proxy so that requests were passed on to your servers. If it’s a functional enough proxy service, they will have the ability to set up their system so that it will choose between your different IP addresses based on which is working at a given moment.
Unfortunately, a proxy service would be somewhat expensive. On the plus side, it creates a huge boost to your network’s security. In fact, that’s the point of most proxy service use: additional security. Microsoft uses a proxy service for its websites (a proxy service, incidentally, that uses Linux and BSD systems to provide the security that MS needs).
-
-
December 16, 2004 at 6:05 am #3297699
re: tolerance
by afram · about 19 years, 4 months ago
In reply to dual ISP / fault tolerance
Foundry Networks makes a device called ServerIron Link Balancer that promises dual ISP inbound/outbound fault tolerance. Looks like some heavy duty (expensive) switches.
Also contacted my T1 Provider. They said they could give us a secondary, idle T1. If the primary failed the backup would kick in automatically and perform inbound and outbound fault tolerance. But, we’d be paying for an idle T1.
-
December 16, 2004 at 9:54 am #3302380
Dynamic DNS
by zaferus · about 19 years, 4 months ago
In reply to dual ISP / fault tolerance
If you use Dynamic DNS – many of them have load balancing (of a sort), failover and monitoring – and all for $50 US a year or less!
Lets say you have http://www.mydomain.com – you can just associate this with your two IP’s, one primary one secondary.
Set your DNS expiry to be say 15 seconds, and some DDNS services (although not ours) allow you to have it switch between what is your primary incoming IP every few seconds to give you a rudmentary load balancing as well. To get a true load balancer will cost you thousands and are another piece of equipment to support, this is a great and cheap alternative.
As another perk, SonicWALL’s can establish VPN’s by domain name, so if you have multiple IP’s at your branches you can create excellent failover and by using domain names like vpn1.mydomain.com; vpn2, etc. and have failover VPN links between all your key branches.
As well DDNS sites can monitor if one of these IP’s is down and then will direct traffic only through the one that is up until the downed one is restored. As well it can be configured to send you E-mails when the one is down so you know. If you also set your VPN’s at branches to these domain names and have them monitored you can know right away if any of them lose their connection. So even if you only have one IP there it’s still advantageous to have it monitored with DDNS.
DDNS is great, since we started using it we’ve had about 10 minutes (total) unscheduled downtime for inbound and outbound connections – even though we’ve had about 6 hours of failures at one or the other ISPs; and when one goes down we know about it within minutes.
There are tons of DDNS services out there – I recommend you shop around. We use DNS made easy as it was the most cost effective for what we were looking for.
Good luck!
-Zaf
-
December 16, 2004 at 11:22 am #3302320
moot point?
by afram · about 19 years, 4 months ago
In reply to Dynamic DNS
We have a Paetec provider but they report that the outage is due to a Verizon problem – a DS3 went down and the entire neighborhood is out. Will DDNS still be effective?
-
December 16, 2004 at 1:34 pm #3302269
Re: Moot Point?
by zaferus · about 19 years, 4 months ago
In reply to moot point?
If it’s a common component to Internet for both link you’ll be down; DDNS can’t magically make a link occur that’s not possible.
But if you can keep your two providers as dissimilar as possible (perhaps T1 and Cable) – we use Cable and DSL – it will at least limit the points of failure you can experience. No redundant system is perfect while being cost effective; but our experience with Dynamic DNS has been very positive since we’ve been using it.
Hope this helps.
-Zaf
-
-
-
December 20, 2004 at 6:07 am #3300892
offsite or BGP
by netadm · about 19 years, 4 months ago
In reply to dual ISP / fault tolerance
Your problem is that your addresses are only available on the T1, when it goes down the world does not know how to get to you. No device on your site will fix this without some additional work.
We have two T1s, own some addresses and use BGP on our router to handle if one T1 is down. The router knows the address range and advertises it out both T1s. If one T1 goes down that router is no longer advertising that route and the traffic converges to the other T1.
It is more work and there is a bit of start of cost getting a block of IPs, a ASN, and two ISPs that will work with you to do it.
Probably easier would be to put your web server and a mail secondary on a co-location site. The mail could be stored and forwarded on the secondary or it could know both addresses of the primary mail server to try.
-
June 27, 2007 at 8:06 am #2596483
BGP – TowerStream Unique Path
by 7000000 · about 16 years, 9 months ago
In reply to dual ISP / fault tolerance
BGP is the most obvious solution but requires some configuration and two carriers who are capable of providing the IP space and configuration assistance. Look at http://www.towervantage.com for more information on an excellent secondary unique path – they provide a business class Partial T1, I know it currently goes for $256 per month with a Class C available and BGP no additional charge.
Obviously hosting your website and mail OFFSITE with a reliable provider (maybe a company like netsol.com for site space, and google apps for mail and other services) is the cheapest and easiest solution, especially for a smaller company. -
August 9, 2007 at 10:04 am #2617696
More than just a DNS
by clau · about 16 years, 8 months ago
In reply to dual ISP / fault tolerance
As some of the comments stated it is a routing issue to achieve what you try to accomplish. In fact, it is more than just a DNS routing. In general, you will also need configure (either hardware/software) to load balance/share the 2 connections and then DNS record to point to the two IP addresses.
-
March 23, 2008 at 9:07 pm #2547081
Dual DNS solution to redundant incoming problem
by maximtech · about 16 years ago
In reply to dual ISP / fault tolerance
Check out this article, solves the problem.
http://www.worleyconsulting.com/publications/2007/redundant.html
-
-
AuthorReplies
