4

Looking for a way to setup 2 ISPs in failover mode, for both incoming & outgoing traffic, for our small (<100 devices) network.

The leading contender for now seems to be the Peplink Balance 310. However, a reseller I spoke with said it's great for 100% outgoing connectivity, but didn't seem to be confident in its abilities to handle incoming traffic. This is important as we host our own web site, Exchange e-mail, and virtual desktops (RDP).

Do any Peplink owners use this for failover of incoming traffic?

Are there other devices I should be considering? We're currently using a Cisco 1800 series router & ASA 5500 series firewall, with Comcast & T-1 lines (the goal being to replace the T with DSL/FiOS {whenever that becomes availble}).

Price range: ~$1000 - $2500 USD.

Thanks.

Sean O
  • 277
  • 3
  • 5
  • 16
  • Got a recommendation on Twitter for Elfiq products (http://elfiq.com), looking at the LB-550E now. – Sean O Sep 10 '09 at 13:06

9 Answers9

4

We use an old desktop PC with PFSesne and some dual-head NICs and some regular ADSL routers in Bridged mode, with Virtual IPs for connectivity to our ISP-supplied IPs. And it supports failover of the device as well, for even more redundancy.

Hardware costs were almost 0, but the time taken to configure and set up the device can be high - but that said, it's likely to be that way with whatever load balancer/failover device you get.

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
2

Vyatta - cheap, fast and simple in configuration if you use Cisco before...

Slav
  • 290
  • 1
  • 7
2

I've been looking into solutions for this as well. We are in a similar situation and currently have a T1 and Comcast Business as our two links.

We currently use a Fortigate which supports multiple WAN links. The fail over as far as routing traffic out works great.

Dealing with the problem from the outside I believe is best done with BGP (Border Gateway Protocol) which is the dynamic routing protocol that the internet routers use. Basically this lets your router inform the internet how to route traffic to your subnet. From what I've gathered, hopefully someone will correct me here if I'm wrong, but your router and both your ISPs will have to support BGP. You then have to peer your router with your ISPs routers, called neighbors. Most business class ISP, including Comcast Business, support this but charge an extra monthly fee for this option.

3dinfluence
  • 12,409
  • 2
  • 27
  • 41
  • thumbs up for thing called BGP. if isp's cooperate own public AS number or PI subnet are not needed [ but things are easier and more portable if one have both ] – pQd Sep 09 '09 at 18:44
  • BGP will provide you what's called "multihomed" networking, meaning that your IP addresses will remain reachable via either (or more) connections, but it does not really provide load-balancing -- the ability to control traffic choices via BGP is rather limited. You can probably get by with using some sort of DNS fail-over or load-balancing. To do BGP you need: An ASN ($500/year from ARIN), a /24 block of IP addresses, both providers to provide you with BGP feeds, a router that will do BGP, and experience with BGP. It can be tricky. If you are an ISP, you probably want BGP, otherwise not. – Sean Reifschneider Sep 10 '09 at 04:07
  • Good info on BGP guys, thanks. The Peplink reseller mentioned BGP as well but said it was fairly difficult and expensive, which jives with what Sean said. – Sean O Sep 10 '09 at 13:00
2

Did your reseller make specific claims to support the concerns over Peplink's ability to handle Inbound Traffic? Peplink has a built-in authoritative DNS which takes care of the job of distributing incoming user requests. I don't see there is any issue with this approach.

keithchau
  • 33
  • 1
  • 7
  • Yes, I thought it was odd that he said that, especially as I was reading about the device's DNS features while on the phone :) But he mentioned that DNS "wasn't the best way" to handle incoming web/email/RDP redundancy, which I thought was an honest assessment coming from someone trying to sell the product. – Sean O Sep 10 '09 at 13:04
  • I believe "DNS" is the industry-wide approach towards inbound load balancing and failover. Your clarification seems to suggest that the reseller is actually not comfortable with the "DNS approach", rather than pointing to any specific product? I wonder if there is any other suggestion s/he made toward better inbound LB approaches. Thanks. – keithchau Sep 11 '09 at 02:00
1

We use an Ecessa Powerlink 60 for a 3 x ISP multi-wan for outbound traffic load balacing and 60Mbps of inbound link redundancy. It simply works and have had 0 down time since then. SNMP monitoring/traps keep us advised of link status. Presales will assist with building your configuration and support is US based and very knowledgeable. No call backs; just give them your serial and verify your account and you are talking with a network engineer.

The built-in authoritative DNS maintains host records with typical TTLs < 30s, for a relatively quick fail over scenario for inbound traffic when the records are changed due to a link failure. Easy and simple to setup. In my experience BGP convergence time typically exceeds 100s, and as previously mentioned, is a complex solution typically utilized by service providers.

The other solution we looked at seriously was Peplink. Old Sonicwall appliances, and new Fortigate, Astaro or the excellent free PfSense all fall down when considering inbound link resilience; only the Fortigate had Authoritative DNS designed with host record changes dependant on link status.

If you need a firewall too, Ecessa has a Shieldlink model with firewall basic functionality. It's nothing to write home about (PfSense is more feature rich and free); it adds $500 to the ~1800 cost of the PL-60.

Mike Pennington
  • 8,266
  • 9
  • 41
  • 86
Cyber7
  • 11
  • 1
1

I've used a Fatpipe WARP box in the past with its built in dynamic DNS settings, to ensure incoming stuff stays alive as well.

http://www.fatpipeinc.com/warp/index.html

DanBig
  • 11,393
  • 1
  • 28
  • 53
  • Looks great, but ~$15k is fairly steep. Looking for something around, oh, 10x cheaper :) (will edit orig post) – Sean O Sep 09 '09 at 17:39
1

I am using Peplink Balance 310 in my company. It handles inbound traffic flawlessly. I use it to route inbound web, email and SIP calls (to an Asterisk server). With its built-in DNS server, I can load balance and fail-over inbound web traffic over three Internet connections. With a short TTL with every DNS record, the failover time is pretty fast.

Considering its robustness and ease of use, I recommend Peplink.

Michael Chan
  • 188
  • 1
  • 9
0

Check out the Elfiq product if you have the chance. Simpler and more power. Smarter inbound balancing too - you can do QoS on inbound traffic.

0

We are using SonicWall TZ 170 for over 3 years at least, which supports dual connections for failover. It's cheap and pretty easy to set up. It only cost me $700CA, even back then.

Yes, it can be 100% failover for outgoing traffic. The end users won't even notice the switch between two lines. But it's a bit tricky for incoming. Here is what I did in my office.

For email, set 2 MX records for both IP address with different preference as 10 for main line and 20 for backup. This works extremely well. No email gets bounced back, as long as there is one line working.

For remote access, I provide two URLs to the end user and ask them try one at a time.

For web, we don't host website ourselves. but binding two IP addresses to WWW DNS doesn't seem to be good to me, it's more like for load-balance. I would recommend just hosting it elswhere, unless you have some specific application that runs on it.

Hope it helps.

kentchen
  • 754
  • 5
  • 9