3

We have here 2 Internet connections coming in. And the intention is to have all services available on our server which should be available externally, to be available through both connections.

Also, one connection should be used as few as possible, except for certain protocols.

How can I achieve this dual connection method?

cpf
  • 287
  • 4
  • 11

3 Answers3

2

If they are from the same provider:
If these connections act as a WAN, ideally you want to use some sort of routing protocol in my opinion (i.e.) BGP. You might also be able to use HSRP (or the similar options) if this is more like LAN of the provider offers it. Basically, talk to them about the options. HSRP for routers on the WAN side is not ideal, there are some problems that can still cause routing holes unless you put an extra needless layer of switches between your routers and your providers.

Different Providers:
IP SLA or some sort of Small site Multihoming is a good middle option (Nice lab for this with Cisco here). Bigger option is to run BGP peering with both providers (not trivial). A less ideal option but perhaps good enough to use DNS trickery.

With whatever you chose, make sure you draw a picture (even better, build a lab) and start taking a single thing down at a time, a device, a connection, a service, etc... Then ask yourself, what happens in this scenario? If you don't put in this sort of effort, then I bet whatever you have done might be more likely to cause you to go down that the likelyhood of loosing a connection. Also, at the point you might be better of with a manual failover process.

Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
  • +1, Test, test, test. Having a non-functional "redundancy" system is worse, because you expect it to work in the event of a failure, and it doesn't. – Chris S May 28 '10 at 13:23
  • Chris S: Or even worse, it *causes* a failure :-) – Kyle Brandt May 28 '10 at 13:24
  • The problem is internal routing: The server doesn't know from which connection the packets are originating, so it sends all responses to his default gateway, which may or may not be the correct router. That's why currently everything works externally from one router, but not the other. – cpf May 28 '10 at 14:49
  • HSRP fixes that. It creates a virtual IP that is shared between the routers (only one holds it a time). That virtual IP can be the machines default gateway. – Kyle Brandt May 28 '10 at 15:23
1

There're many possibilities:

Linux: http://linux-ip.net/html/adv-multi-internet.html

pfsense: http://doc.pfsense.org/index.php/Multi_WAN_/_Load_Balancing

openbsd: http://www.openbsd.org/faq/pf/pools.html

Of course then you could make some queues to decide where to direct some specific traffic, based on port, destination and so on.

PiL
  • 1,591
  • 8
  • 6
  • I have already seen the link about pfsense. Problem is that we're using a windows 2008 server, and prefer not to use any VM or specific hardware. Routing over port was an idea of mine, which would work, if routing over a port is possible (Haven't found any indication to indicate it's even possible on windows) Ideally something should be able to "follow" a connection session, and make sure the response packets get routed to the correct router for outgoing traffic. – cpf May 28 '10 at 13:33
  • All of those links are for building a gateway/router that can enable multi-wan connections to be used simultaneously. – PiL May 28 '10 at 13:37
  • +1 for pfSense - it really rocks in multi-homed scenarios. These kits make for great boxes too: http://www.netgate.com/index.php?cPath=60_84 – Goyuix May 28 '10 at 14:01
1

Also, there are appliances that solve this type of issue that manage the WAN connections and DNS...

Examples...

Peplink

Fatpipe

These "all-in-one" solutions are good for very little setup and management. We have used one of the above with 3 WAN connections using a round robin DNS and was very pleased with the results. We had them in front of ASA's and with NAT and it worked without issue.

Also, you can setup up various incoming and outgoing rules to manage what services or ports go over which WAN connection to over-ride any automatic load balancing by the appliances.

MED
  • 11
  • 1