Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Multihomed webserver on multiple public networks. Possible?

Posted on 2003-11-08
3
265 Views
Last Modified: 2010-03-18
I have a situation where my company (we are a small web design/hosting company) is too small to justify our own IP blocks and ASN's. We have multiple (two currently) ISP connections from different vendors, thus two different address spaces. My ultimate goal with all this is to assure uptime on my customer sites so that they are still running if the connection to either vendor is down for some reason. Here's the configuration (fake IP addresses used for clarity).

Vendor 1: 1.1.1.0
Cisco 2501 router at 1.1.1.1

Vendor 2: 2.2.2.0
Microsoft ISA server at 2.2.2.1

Both subnets are physically on the same wire.

Because neither ISP can guarantee 100% reliability, but we have customers who want their sites running 100% of the time, I thought I would put two IP addresses, one from each network, on my webserver like so:

IP: 1.1.1.6
IP: 2.2.2.6
Gateway: 1.1.1.1
Gateway: 2.2.2.1

I have tried this with multiple IP's and gateways on a single card, and on a separate card for each subnet. In both cases, DNS for www.mydomain.com has two entries, 1.1.1.6 and 2.2.2.6.

What happens in practice is that only one gateway is active, and only the address in that gateway's subnet appears to reply to any incoming request. For some reason I do not fully understand yet, if a request comes in from Vendor 2's network and the reply tries to go out thru Vendor 1's gateway, it gets dropped somewhere. Traffic flow looks like this (assume Vendor 1 is the "active" default gateway at the moment):

incoming request 1 -> 1.1.1.1 -> 1.1.1.6 (processed by server) reply 1 -> 1.1.1.1 -> routed to original requester.
incoming request 2 -> 2.2.2.1 -> 2.2.2.6 (processed by server) reply 2 -> 1.1.1.1 -> disappears on the way back.

What I want to accomplish, but don't have the slightest idea about how, is to tell Windows to send reply traffic back the same way it came in. So, if the request came to 1.1.1.6 the reply traffic should go to 1.1.1.1; if it came to 2.2.2.6 the reply should go to 2.2.2.1. Seems like a simple enough thing to want, why can't I figure it out? Or is there a better/easier solution I haven't thought of?
0
Comment
Question by:myrrh
3 Comments
 
LVL 1

Author Comment

by:myrrh
ID: 9708345
I don't know why I failed to mention this in the original question, the servers are Windows 2000 and 2003.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 9708447
You're right in that a Windows system can have one and only one default gateway, and you've seen the results of asymetric routing - request comes in from one ISP, goes out the other.
Neither Windows, nor the router for that matter, can determine which route a packet comes in on, and route it back the same way. All either one knows is the source/destination IP address and has a route to get there.
One of your alternatives is a box like the FatPipes extreme:
http://www.fatpipeinc.com/xtreme/index.htm
Or a less expensive Janus:
http://www.amplifynet.com/products/janusdx.html
Or Nexland:
http://www.digit-life.com/articles2/nexland-pro800-turbo/
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question