Solved

Multihomed webserver on multiple public networks. Possible?

Posted on 2003-11-08
3
260 Views
Last Modified: 2010-03-18
I have a situation where my company (we are a small web design/hosting company) is too small to justify our own IP blocks and ASN's. We have multiple (two currently) ISP connections from different vendors, thus two different address spaces. My ultimate goal with all this is to assure uptime on my customer sites so that they are still running if the connection to either vendor is down for some reason. Here's the configuration (fake IP addresses used for clarity).

Vendor 1: 1.1.1.0
Cisco 2501 router at 1.1.1.1

Vendor 2: 2.2.2.0
Microsoft ISA server at 2.2.2.1

Both subnets are physically on the same wire.

Because neither ISP can guarantee 100% reliability, but we have customers who want their sites running 100% of the time, I thought I would put two IP addresses, one from each network, on my webserver like so:

IP: 1.1.1.6
IP: 2.2.2.6
Gateway: 1.1.1.1
Gateway: 2.2.2.1

I have tried this with multiple IP's and gateways on a single card, and on a separate card for each subnet. In both cases, DNS for www.mydomain.com has two entries, 1.1.1.6 and 2.2.2.6.

What happens in practice is that only one gateway is active, and only the address in that gateway's subnet appears to reply to any incoming request. For some reason I do not fully understand yet, if a request comes in from Vendor 2's network and the reply tries to go out thru Vendor 1's gateway, it gets dropped somewhere. Traffic flow looks like this (assume Vendor 1 is the "active" default gateway at the moment):

incoming request 1 -> 1.1.1.1 -> 1.1.1.6 (processed by server) reply 1 -> 1.1.1.1 -> routed to original requester.
incoming request 2 -> 2.2.2.1 -> 2.2.2.6 (processed by server) reply 2 -> 1.1.1.1 -> disappears on the way back.

What I want to accomplish, but don't have the slightest idea about how, is to tell Windows to send reply traffic back the same way it came in. So, if the request came to 1.1.1.6 the reply traffic should go to 1.1.1.1; if it came to 2.2.2.6 the reply should go to 2.2.2.1. Seems like a simple enough thing to want, why can't I figure it out? Or is there a better/easier solution I haven't thought of?
0
Comment
Question by:myrrh
3 Comments
 
LVL 1

Author Comment

by:myrrh
ID: 9708345
I don't know why I failed to mention this in the original question, the servers are Windows 2000 and 2003.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 9708447
You're right in that a Windows system can have one and only one default gateway, and you've seen the results of asymetric routing - request comes in from one ISP, goes out the other.
Neither Windows, nor the router for that matter, can determine which route a packet comes in on, and route it back the same way. All either one knows is the source/destination IP address and has a route to get there.
One of your alternatives is a box like the FatPipes extreme:
http://www.fatpipeinc.com/xtreme/index.htm
Or a less expensive Janus:
http://www.amplifynet.com/products/janusdx.html
Or Nexland:
http://www.digit-life.com/articles2/nexland-pro800-turbo/
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now