myrrh
asked on
Multihomed webserver on multiple public networks. Possible?
I have a situation where my company (we are a small web design/hosting company) is too small to justify our own IP blocks and ASN's. We have multiple (two currently) ISP connections from different vendors, thus two different address spaces. My ultimate goal with all this is to assure uptime on my customer sites so that they are still running if the connection to either vendor is down for some reason. Here's the configuration (fake IP addresses used for clarity).
Vendor 1: 1.1.1.0
Cisco 2501 router at 1.1.1.1
Vendor 2: 2.2.2.0
Microsoft ISA server at 2.2.2.1
Both subnets are physically on the same wire.
Because neither ISP can guarantee 100% reliability, but we have customers who want their sites running 100% of the time, I thought I would put two IP addresses, one from each network, on my webserver like so:
IP: 1.1.1.6
IP: 2.2.2.6
Gateway: 1.1.1.1
Gateway: 2.2.2.1
I have tried this with multiple IP's and gateways on a single card, and on a separate card for each subnet. In both cases, DNS for www.mydomain.com has two entries, 1.1.1.6 and 2.2.2.6.
What happens in practice is that only one gateway is active, and only the address in that gateway's subnet appears to reply to any incoming request. For some reason I do not fully understand yet, if a request comes in from Vendor 2's network and the reply tries to go out thru Vendor 1's gateway, it gets dropped somewhere. Traffic flow looks like this (assume Vendor 1 is the "active" default gateway at the moment):
incoming request 1 -> 1.1.1.1 -> 1.1.1.6 (processed by server) reply 1 -> 1.1.1.1 -> routed to original requester.
incoming request 2 -> 2.2.2.1 -> 2.2.2.6 (processed by server) reply 2 -> 1.1.1.1 -> disappears on the way back.
What I want to accomplish, but don't have the slightest idea about how, is to tell Windows to send reply traffic back the same way it came in. So, if the request came to 1.1.1.6 the reply traffic should go to 1.1.1.1; if it came to 2.2.2.6 the reply should go to 2.2.2.1. Seems like a simple enough thing to want, why can't I figure it out? Or is there a better/easier solution I haven't thought of?
Vendor 1: 1.1.1.0
Cisco 2501 router at 1.1.1.1
Vendor 2: 2.2.2.0
Microsoft ISA server at 2.2.2.1
Both subnets are physically on the same wire.
Because neither ISP can guarantee 100% reliability, but we have customers who want their sites running 100% of the time, I thought I would put two IP addresses, one from each network, on my webserver like so:
IP: 1.1.1.6
IP: 2.2.2.6
Gateway: 1.1.1.1
Gateway: 2.2.2.1
I have tried this with multiple IP's and gateways on a single card, and on a separate card for each subnet. In both cases, DNS for www.mydomain.com has two entries, 1.1.1.6 and 2.2.2.6.
What happens in practice is that only one gateway is active, and only the address in that gateway's subnet appears to reply to any incoming request. For some reason I do not fully understand yet, if a request comes in from Vendor 2's network and the reply tries to go out thru Vendor 1's gateway, it gets dropped somewhere. Traffic flow looks like this (assume Vendor 1 is the "active" default gateway at the moment):
incoming request 1 -> 1.1.1.1 -> 1.1.1.6 (processed by server) reply 1 -> 1.1.1.1 -> routed to original requester.
incoming request 2 -> 2.2.2.1 -> 2.2.2.6 (processed by server) reply 2 -> 1.1.1.1 -> disappears on the way back.
What I want to accomplish, but don't have the slightest idea about how, is to tell Windows to send reply traffic back the same way it came in. So, if the request came to 1.1.1.6 the reply traffic should go to 1.1.1.1; if it came to 2.2.2.6 the reply should go to 2.2.2.1. Seems like a simple enough thing to want, why can't I figure it out? Or is there a better/easier solution I haven't thought of?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER