?
Solved

Multi-Homing Server Options

Posted on 2005-03-27
12
Medium Priority
?
340 Views
Last Modified: 2012-06-27
Hi,
I am looking to set up my servers on 2 separate networks for redundancy. I need to know what my options are as far as setting up the IPs. I heard about BGPDNS but can't find out where/if it is and what to do with it. Any ideas/commercial products that do this..?
0
Comment
Question by:moruda
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 10

Expert Comment

by:neteducation
ID: 13640822
if you have two providers for redundancy then you will eigther have two different IP-Ranges assigned by your providers or you have an IP-Range that really belongs to yourself.

In the later case you would need to have a BGP-Capacble router,... but from the type of question I suppose we are in the first case.

BGPDNS is a DNS-Server that will give you an entry depending on your routing table... the idea is that depending on where the client is comin from it gives a different IP.... however  this means that you would have to have routes for all networks which basically means we are in BGP again.

As for the most common situation: 2 Providers with seperate IP Ranges....

The best solution I found so far works like this:

- You configure your server with 2 IP-Addresses (one in each range)
- In your primary DNS-Server (that has an IP-Address in the first range) you put an A-Record for your server with an IP within the first range
- In your secondary DNS-Server (that has an IP-Address in the second range) you put an A-Record for your server with an IP within the second range (that is you also configure your domain as primary with different data... this means double work but also redundancy)
- In your DNS-Server you put the timeout to some really low value such as 5 minutes
- In case one of the lines fail, this DNS-Server is not answering anymore, which means the clients go - latest 5 minutes after it failed - to the other dns-server that gives the other range.

This will not give you 100% failover but at least a quite good one
0
 
LVL 10

Accepted Solution

by:
neteducation earned 1500 total points
ID: 13640827
As for the comercial product: Stonegate has something that works similar. Actually it plays dns-server and gives out both ip's to all clients, for as long as oth lines are up. It also surveils the lines and if one failes, it automaticall reconfigures its dns-server so that it only gives out the leftover ip
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13640963
Personal opinion - if you want to setup servers attached to two different networks for redundancy -
DON'T use dual nics in the same server.
DO use a load-balancer/content switch
http://www.cisco.com/en/US/products/hw/contnetw/ps792/index.html
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 27

Expert Comment

by:pseudocyber
ID: 13644731
Are you looking to set them up to two different networks INTERNALLY or are you looking to have them reachable through two different ISP's?

I agree with Lrmoore - use a load balancing switch or appliance.  We use Web Server Directors from Radware.

For ISP redundancy, get your Own IP range and then advertise it with BGP through two or more Internet Providers.  Then it's reachable through both ISP's to you.  Then you have other factors to think about such as redundant firewalls/NAT devices.  Then internally, I would recommend one (or more servers) with two or more network cards attached to two or more switches.

Something like this

ISP1                       ISP2
 |                              |
Router                  Router
 | VRRP   \      / VRRP |     (OR BGLP)
Switch ========  Switch
 |                              |
   VRRP FOR FIREWALLS
 |                              |
FIREWALL1        FIREWALL2
 | VRRP FOR FIREWALLS
 |                              |
SWITCH1===== SWITCH2
 \                            /
  \                         /
   \                      /
    \                    /
     SERVER OR FARM
0
 

Author Comment

by:moruda
ID: 13778429
I dont have an AS to advertise and I don't use enough IP space to get my own from ARIN. I need to do this without BGP. I was looking into F5 and radware.. Any suggestions. I have about 5 megs stabilized traffic throughput average. I am adding more hosts so i will be expanding the traffic, but I need something less expensive. These devices are about $12,000 each. Anything small out there to do what I need?
0
 
LVL 10

Expert Comment

by:neteducation
ID: 13779242
- What you want is redundancy as well as lodbalancing
- You can't do BGP

So we're back in the szenario I mentioned above:

The best solution I found so far works like this:

- You configure your server with 2 IP-Addresses (one in each range)
- In your primary DNS-Server (that has an IP-Address in the first range) you put an A-Record for your server with an IP within the first range
- In your secondary DNS-Server (that has an IP-Address in the second range) you put an A-Record for your server with an IP within the second range (that is you also configure your domain as primary with different data... this means double work but also redundancy)
- In your DNS-Server you put the timeout to some really low value such as 5 minutes
- In case one of the lines fail, this DNS-Server is not answering anymore, which means the clients go - latest 5 minutes after it failed - to the other dns-server that gives the other range.

This will not give you 100% failover but at least a quite good one
0
 

Author Comment

by:moruda
ID: 13779479
Sounds nice, but I'm doing nat, and the firewall won't bind 2 IPs to one internal IP. What can I do?
0
 
LVL 10

Expert Comment

by:neteducation
ID: 13779574
it's not the firewall that should bind 2 ip's to one internal. you configure your internal servers with two IP's.... so from the firewall's point of view it's like there were two amchines.
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 13780474
We had Radware Linkproofs.  I would look at F5.
0
 

Author Comment

by:moruda
ID: 13782283
Neteducation -- so your saying I shouldn't use NAT?
PseudoCyber -- I spoke to f5- the smallest item they sell is $12,000 street price, i could get some older ones on ebay if I knew what to look for. They told me that radware was ok for under 4mb, but I use a drop more than 4 so I need the F5
0
 
LVL 10

Expert Comment

by:neteducation
ID: 13782343
well you can do it with NAT... ten you simply put two internal ip-addresses onto your servers, one resolving to official provider 1 the other resolving to official proider 2... but you can also do without.... whatever you like better
0
 
LVL 7

Expert Comment

by:RobSilver
ID: 28989725
This is an old post.  However, for the sake of users viewing this, Microsoft TMG 2010 supports this functionality.

Here's how I implemented it:

http://robsilver.org/isatmg/isp-redundancy-made-easy/

Hope this helps,
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question