We host one web server on our office internet connection (cheap!). The DNS servers are external and not provided by the ISP.
When the connection goes down we would like to have a backup solution. The basic idea is to get a second internet connection with a different ISP (separate last-mile), and a different IP number.
How would one go about minimizing the downtime for the users of our web site? How far would we get by setting the DNS TTL to perhaps a couple of minutes, and then be ready to switch over to the backup IP number when problems occur (automatically or manually)?
-
You need say what your equipment is. And there are multiple parts to this, do want just your ISP or your routers as well. Also, even if you have different ISPs the 'last mile' might be the same. There is also how you are access the servers, for instance, if it were by IP, the other ISP would give you a different IP. So you need to have failover at the DNS level as well.
If you want to fail over to another connection on the same router, with Cisco you would just set an adminsitrative distance on a second default route that is a higher number that the AD on the primary default route.
Really, you need to give more details of what you are trying to achieve with what equipment. The answers to this question might get you started.
From Kyle Brandt -
A nice option would be if you use an PI IP Range for example a /26 and split that one into two /27 pieces.
Let each /27 half route from one ISP and mirror the other half to each ISP too with a higher metric.
So in case one of the ISP goes down, the other ISP will still route the whole PI IP Range.
The only unlikely thing is, that you have two gateway and just one default route on your router/firewall devices behind. That means you have to configure backup route or ask your ISP's about possibilities to run HSRP..
Another way would be to use your own bgp devices
Alnitak : A PI space any smaller than a /24 won't work on the internet - most global IP networks will ignore route advertisements that small.From sam -
There are several problems to overcome for this to work:
IP ranges - typically you'll get different IP addresses from each ISP. When you fall over you need inbound connections to arrive at the second set of IPs. For greatest resilience obtain a /24 "provider independent" IP block (or larger) and arrange for your (expensive) router to speak BGP4 with your ISPs.
DNS entries - unless you have your own range of IPs (see #1 above) you need to have your DNS entries change on the fly. However many (broken) clients will ignore any TTLs that you publish and will continue trying to access the old IP range. The consensus view amongst DNS experts is that DNS is not the right way to achieve redundancy.
Outbound traffic - your servers need to know which internet connection to send the return packets out of. This is potentially easier if you have both connections coming into a single router / firewall, but that then becomes a single point of failure too.
From Alnitak -
If you are a small to medium sized business, check out this product. http://www.ecessa.com/pages/products/products%5Fpowerlink%5Fpl50.php
Arne Evertsson : Please tell me about that product and similar products right here. -
If you already have the multiple providers, you just need a failover method. Most easily you'll want to do as described, and use DNS changes to go to the active IP address.
I've had good success with PepLink, particularly the 20W, which is relatively inexpensive.
The BGP route as noted in another answer is more complicated (and expensive) and requires your upstream providers allow BGP advertisements, which many last mile providers do not do.
From ctennis -
Peplink Balance 210 or above has a built-in DNS server. It allows you to load balance AND fail-over inbound traffic automatically. TTL value is up to you. My preferred value is 360 seconds.
To feel how it works, try to add a domain and create an A record in their demo site.
From Michael Chan
0 comments:
Post a Comment