2

I will explain the problem first ...

I have an in-house webserver/web-app that is publicly accessible. Our Internet connection (Bonded ADSL MAX Premium) is therefore a single-point-of-failure (which has been highlighted by some recent connectivity issues).

As a low-cost backup I was thinking of adding a second Internet connection (Standard ADSL) with a static IP of it's own.

Now I was wondering if anybody has tried or would comment on the following idea ...

If I got an externally hosted server and run a proxy server like HAProxy, I could have this proxy requests to our main IP (down our main connection). Then have it failover to the second connection if the main one went down.

Guy C
  • 505
  • 1
  • 4
  • 9

5 Answers5

2

What you're proposing is certainly doable, the place I work at (web hosting company) has done that for a client, works pretty well. Best to use a caching reverse proxy like Varnish or Squid (in reverse proxy mode) so you can take advantage of the better bandwidth and latency of the datacentre-connected machine.

womble
  • 95,029
  • 29
  • 173
  • 228
1

Why have an external server proxy your http requests? Why not just use dns to switch the host name to the ip address of the other connection?

If you need a single, static ip address, is there any way you could get your isp to route the ip address to the other connection in the event that the first goes down?

Jeremy Huiskamp
  • 332
  • 3
  • 7
  • 1
    Unless it isn't obvious you would want to set a sufficiently small TTL for this to be useful. – Zoredache May 04 '09 at 07:58
  • But isn't the problem with doping this by DNS (even with small TTLs) is that there would be a potential long period of downtime, while the new DNS propogate? Don't many DNS servers ignore short TTLs? – Guy C May 04 '09 at 08:10
  • Good points, hadn't thought that through :( – Jeremy Huiskamp May 04 '09 at 14:26
0

That sounds reasonable, though for the cost of a second connection, I'd also compare the cost of remote-hosting the app somewhere else.

pjz
  • 10,497
  • 1
  • 31
  • 40
  • Not really, the first connection is an expensive bonded ADSL, which is proving less reliable than expected. Adding a backup ADSL line would increase the total cost only by a small proportion. Unfortunately the app can't be remote hosted at the moment. It depends on a large database that currently has to be in-house. If we moved the web server externally then we'd have the same issue with the connection to the in-house database. – Guy C Apr 30 '09 at 15:46
  • ...which is why details like that matter and should be included in the question :) – pjz Apr 30 '09 at 15:54
  • As pjz suggested, the above information should be edited into your original question. – GregD May 03 '09 at 14:22
0

You don't mention what kind of perimeter you have. My experience with firewalls is that you can have your main line entering your firewall, set up some kind of heartbeat on your ISPs perimeter router (which most will allow if you ask), and when that heartbeat fails, you have a backup DSL line or something inexpensive that it will failover to.

GregD
  • 8,713
  • 1
  • 23
  • 35
  • I am using pfSense as a firewall. Excuse my lack of knowledge about this. So what happens with the external traffic destined for my IP, after a failure of my main line is detected? – Guy C May 03 '09 at 18:53
0

It used to be that we'd use an ISDN backup but these days you might also look at something like the Draytek 2800VG (Vigor 2800 ADSL2+ Router Firewall, VPN Device with Printer Port & Optional 802.11-SuperG Wireless LAN). The usb port in the back can be used with a USB 3G dongle to automatically connect as a failover.

That way if the clumsy crew with the backhoe digs up the phone lines you'll still have net.

Gareth
  • 8,413
  • 13
  • 43
  • 44
  • Funny enough we are planning to do this with a 3G USB dongle, but only as a fallover for in-house Internet access (web surfing, etc). Since I don't think you can get a static IP with 3G, so don't think it helps for our servers. – Guy C May 04 '09 at 08:46