Solved

ISP Redundancy without BGP

Posted on 2004-08-08
6
1,048 Views
Last Modified: 2013-11-30
How can I have internet connection to 2 different ISPs without ISP? I heard there are appliances that let you do that.
0
Comment
Question by:athakur_us
6 Comments
 
LVL 8

Expert Comment

by:MarkDozier
ID: 11749877
You need to clearify what you are asking. You can not connect to any iSP if you do not an account with the ISP?
0
 
LVL 5

Expert Comment

by:dgroscost
ID: 11749886
You mean two ISP connections without BGP?

Try this -> http://www.fatpipeinc.com/xtreme/index.htm

0
 
LVL 6

Expert Comment

by:Ferrosti
ID: 11751339
This solution can only be done if the ISPs allow to update their DNS servers.
In case one has a DMZ and several services in it all these services will have to be reachable through all ISPs. This can only be achieved if the servers are listed in the ISPs DNS.

More information about the usage and the goals to be achieved would be nice.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 27

Expert Comment

by:pseudocyber
ID: 11751596
There's a great article about doing it with Cisco routers at:
http://www.cisco.com/en/US/about/ac123/ac114/ac173/Q2-04/department_techtips.html

Snippet of the article ---------------------------------------------------------

Common Scenarios and Configurations
By Shyan Wignarajah and Asad Faruqui

One problem with static routing and policy routing has been the inability for the router to determine the state of the next hop. Routing protocols typically use "hello" mechanisms to determine if a neighbor is alive. However, policy and static routing offer no means to test whether the next hop is reachable. As a result, statically routed or policy routed packets risk being "black holed"—that unfortunate state of being forwarded to a dead neighbor.

The preferred path is via the primary Internet service provider (ISP). The cable- connected ISP provides flat rate service and higher bandwidth than the ISDN-connected ISP (which could bill on a per minute basis). However, if the primary ISP connection should fail, then the secondary ISP would be used.

So how does the CPE router determine when to use the primary ISP and when to use the secondary ISP? The Ethernet interface on the CPE router will remain up as long as it's plugged into the modem. However, there could be a problem with the cable cloud or some other part of the primary ISP's network. In order to detect these problems, the CPE router can't simply rely on the state of its own interface.

You could enable a dynamic routing protocol; however, this isn't always a viable solution, as the ISP may not be willing to run a routing protocol with you. Conversely, some customers may not want to run a routing protocol with their ISP.

-----------------------------------------------------------

0
 
LVL 4

Accepted Solution

by:
syn_ack_fin earned 250 total points
ID: 11751913
One appliance that can do what you want is Radware's Linkproof. Here is a link:
http://www.radware.com/content/products/lp/default.asp

It accomplishes load balancing inbound and outbound this by using a combination of Dynamic DNS and what they call Smart-NAT. I have installed a number of these, and they go in pretty painlessly. If you already have one ISP up and running, here's how it would work:
1) The Radware appliance gets installed on the first line between your firewall and the Internet router in a bridge mode. This makes it transparent to those devices and prevents you from having to re-IP the segment.
2) The second line gets assigned to the Linkproof and uses NAT outbound. You create a static map for each of your public servers and a dynamic nat for your client range.
3) You set path checking on each line so that it can tell if the line is up. This is where it differs from a standard router. Without path checking, a router can only tell if the next hop is up, not if the route to the destination is up.
4)  For incoming, you assign a DNS IP address to the Linkproof on each ISP's line. You then configure the servers you want load balanced with an NS record in your authoritative DNS to point to the Linkproof for those names.

What happens then is this, when a client asks to go to www.yourcompany.com, it asks your authoritative DNS for the IP. It tells the client to look at the Linkproof for this, the Linkproof responds with the IP of the line that is up and least congested of your two ISP's.

The beauty of this solution is that you do not have to involve your ISP's at all. Anyone who has had to deal with two different ISP's and getting them to deal with each other can appreciate this.

Good Luck.
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 11751938
We just got off of Linkproofs - they were very problematic for us ... but ...
1.) They were old and obsolete and were End of Life
2.) They were over utilized - we were pushing 10Mb+ through them with 3 different ISP's and entries in the connections table in the 100K's.

We went with BGP

The Linkproof's will do the job, but they are pretty expensive.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now