Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 271
  • Last Modified:

Multihomed webserver on multiple public networks. Possible?

I have a situation where my company (we are a small web design/hosting company) is too small to justify our own IP blocks and ASN's. We have multiple (two currently) ISP connections from different vendors, thus two different address spaces. My ultimate goal with all this is to assure uptime on my customer sites so that they are still running if the connection to either vendor is down for some reason. Here's the configuration (fake IP addresses used for clarity).

Vendor 1: 1.1.1.0
Cisco 2501 router at 1.1.1.1

Vendor 2: 2.2.2.0
Microsoft ISA server at 2.2.2.1

Both subnets are physically on the same wire.

Because neither ISP can guarantee 100% reliability, but we have customers who want their sites running 100% of the time, I thought I would put two IP addresses, one from each network, on my webserver like so:

IP: 1.1.1.6
IP: 2.2.2.6
Gateway: 1.1.1.1
Gateway: 2.2.2.1

I have tried this with multiple IP's and gateways on a single card, and on a separate card for each subnet. In both cases, DNS for www.mydomain.com has two entries, 1.1.1.6 and 2.2.2.6.

What happens in practice is that only one gateway is active, and only the address in that gateway's subnet appears to reply to any incoming request. For some reason I do not fully understand yet, if a request comes in from Vendor 2's network and the reply tries to go out thru Vendor 1's gateway, it gets dropped somewhere. Traffic flow looks like this (assume Vendor 1 is the "active" default gateway at the moment):

incoming request 1 -> 1.1.1.1 -> 1.1.1.6 (processed by server) reply 1 -> 1.1.1.1 -> routed to original requester.
incoming request 2 -> 2.2.2.1 -> 2.2.2.6 (processed by server) reply 2 -> 1.1.1.1 -> disappears on the way back.

What I want to accomplish, but don't have the slightest idea about how, is to tell Windows to send reply traffic back the same way it came in. So, if the request came to 1.1.1.6 the reply traffic should go to 1.1.1.1; if it came to 2.2.2.6 the reply should go to 2.2.2.1. Seems like a simple enough thing to want, why can't I figure it out? Or is there a better/easier solution I haven't thought of?
0
myrrh
Asked:
myrrh
1 Solution
 
myrrhAuthor Commented:
I don't know why I failed to mention this in the original question, the servers are Windows 2000 and 2003.
0
 
lrmooreCommented:
You're right in that a Windows system can have one and only one default gateway, and you've seen the results of asymetric routing - request comes in from one ISP, goes out the other.
Neither Windows, nor the router for that matter, can determine which route a packet comes in on, and route it back the same way. All either one knows is the source/destination IP address and has a route to get there.
One of your alternatives is a box like the FatPipes extreme:
http://www.fatpipeinc.com/xtreme/index.htm
Or a less expensive Janus:
http://www.amplifynet.com/products/janusdx.html
Or Nexland:
http://www.digit-life.com/articles2/nexland-pro800-turbo/
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now