Solved

Multihomed webserver on multiple public networks. Possible?

Posted on 2003-11-08
3
264 Views
Last Modified: 2010-03-18
I have a situation where my company (we are a small web design/hosting company) is too small to justify our own IP blocks and ASN's. We have multiple (two currently) ISP connections from different vendors, thus two different address spaces. My ultimate goal with all this is to assure uptime on my customer sites so that they are still running if the connection to either vendor is down for some reason. Here's the configuration (fake IP addresses used for clarity).

Vendor 1: 1.1.1.0
Cisco 2501 router at 1.1.1.1

Vendor 2: 2.2.2.0
Microsoft ISA server at 2.2.2.1

Both subnets are physically on the same wire.

Because neither ISP can guarantee 100% reliability, but we have customers who want their sites running 100% of the time, I thought I would put two IP addresses, one from each network, on my webserver like so:

IP: 1.1.1.6
IP: 2.2.2.6
Gateway: 1.1.1.1
Gateway: 2.2.2.1

I have tried this with multiple IP's and gateways on a single card, and on a separate card for each subnet. In both cases, DNS for www.mydomain.com has two entries, 1.1.1.6 and 2.2.2.6.

What happens in practice is that only one gateway is active, and only the address in that gateway's subnet appears to reply to any incoming request. For some reason I do not fully understand yet, if a request comes in from Vendor 2's network and the reply tries to go out thru Vendor 1's gateway, it gets dropped somewhere. Traffic flow looks like this (assume Vendor 1 is the "active" default gateway at the moment):

incoming request 1 -> 1.1.1.1 -> 1.1.1.6 (processed by server) reply 1 -> 1.1.1.1 -> routed to original requester.
incoming request 2 -> 2.2.2.1 -> 2.2.2.6 (processed by server) reply 2 -> 1.1.1.1 -> disappears on the way back.

What I want to accomplish, but don't have the slightest idea about how, is to tell Windows to send reply traffic back the same way it came in. So, if the request came to 1.1.1.6 the reply traffic should go to 1.1.1.1; if it came to 2.2.2.6 the reply should go to 2.2.2.1. Seems like a simple enough thing to want, why can't I figure it out? Or is there a better/easier solution I haven't thought of?
0
Comment
Question by:myrrh
3 Comments
 
LVL 1

Author Comment

by:myrrh
ID: 9708345
I don't know why I failed to mention this in the original question, the servers are Windows 2000 and 2003.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 9708447
You're right in that a Windows system can have one and only one default gateway, and you've seen the results of asymetric routing - request comes in from one ISP, goes out the other.
Neither Windows, nor the router for that matter, can determine which route a packet comes in on, and route it back the same way. All either one knows is the source/destination IP address and has a route to get there.
One of your alternatives is a box like the FatPipes extreme:
http://www.fatpipeinc.com/xtreme/index.htm
Or a less expensive Janus:
http://www.amplifynet.com/products/janusdx.html
Or Nexland:
http://www.digit-life.com/articles2/nexland-pro800-turbo/
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question