?
Solved

Multi-Homing Server Options

Posted on 2005-03-27
12
Medium Priority
?
354 Views
Last Modified: 2012-06-27
Hi,
I am looking to set up my servers on 2 separate networks for redundancy. I need to know what my options are as far as setting up the IPs. I heard about BGPDNS but can't find out where/if it is and what to do with it. Any ideas/commercial products that do this..?
0
Comment
Question by:moruda
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 10

Expert Comment

by:neteducation
ID: 13640822
if you have two providers for redundancy then you will eigther have two different IP-Ranges assigned by your providers or you have an IP-Range that really belongs to yourself.

In the later case you would need to have a BGP-Capacble router,... but from the type of question I suppose we are in the first case.

BGPDNS is a DNS-Server that will give you an entry depending on your routing table... the idea is that depending on where the client is comin from it gives a different IP.... however  this means that you would have to have routes for all networks which basically means we are in BGP again.

As for the most common situation: 2 Providers with seperate IP Ranges....

The best solution I found so far works like this:

- You configure your server with 2 IP-Addresses (one in each range)
- In your primary DNS-Server (that has an IP-Address in the first range) you put an A-Record for your server with an IP within the first range
- In your secondary DNS-Server (that has an IP-Address in the second range) you put an A-Record for your server with an IP within the second range (that is you also configure your domain as primary with different data... this means double work but also redundancy)
- In your DNS-Server you put the timeout to some really low value such as 5 minutes
- In case one of the lines fail, this DNS-Server is not answering anymore, which means the clients go - latest 5 minutes after it failed - to the other dns-server that gives the other range.

This will not give you 100% failover but at least a quite good one
0
 
LVL 10

Accepted Solution

by:
neteducation earned 1500 total points
ID: 13640827
As for the comercial product: Stonegate has something that works similar. Actually it plays dns-server and gives out both ip's to all clients, for as long as oth lines are up. It also surveils the lines and if one failes, it automaticall reconfigures its dns-server so that it only gives out the leftover ip
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13640963
Personal opinion - if you want to setup servers attached to two different networks for redundancy -
DON'T use dual nics in the same server.
DO use a load-balancer/content switch
http://www.cisco.com/en/US/products/hw/contnetw/ps792/index.html
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 27

Expert Comment

by:pseudocyber
ID: 13644731
Are you looking to set them up to two different networks INTERNALLY or are you looking to have them reachable through two different ISP's?

I agree with Lrmoore - use a load balancing switch or appliance.  We use Web Server Directors from Radware.

For ISP redundancy, get your Own IP range and then advertise it with BGP through two or more Internet Providers.  Then it's reachable through both ISP's to you.  Then you have other factors to think about such as redundant firewalls/NAT devices.  Then internally, I would recommend one (or more servers) with two or more network cards attached to two or more switches.

Something like this

ISP1                       ISP2
 |                              |
Router                  Router
 | VRRP   \      / VRRP |     (OR BGLP)
Switch ========  Switch
 |                              |
   VRRP FOR FIREWALLS
 |                              |
FIREWALL1        FIREWALL2
 | VRRP FOR FIREWALLS
 |                              |
SWITCH1===== SWITCH2
 \                            /
  \                         /
   \                      /
    \                    /
     SERVER OR FARM
0
 

Author Comment

by:moruda
ID: 13778429
I dont have an AS to advertise and I don't use enough IP space to get my own from ARIN. I need to do this without BGP. I was looking into F5 and radware.. Any suggestions. I have about 5 megs stabilized traffic throughput average. I am adding more hosts so i will be expanding the traffic, but I need something less expensive. These devices are about $12,000 each. Anything small out there to do what I need?
0
 
LVL 10

Expert Comment

by:neteducation
ID: 13779242
- What you want is redundancy as well as lodbalancing
- You can't do BGP

So we're back in the szenario I mentioned above:

The best solution I found so far works like this:

- You configure your server with 2 IP-Addresses (one in each range)
- In your primary DNS-Server (that has an IP-Address in the first range) you put an A-Record for your server with an IP within the first range
- In your secondary DNS-Server (that has an IP-Address in the second range) you put an A-Record for your server with an IP within the second range (that is you also configure your domain as primary with different data... this means double work but also redundancy)
- In your DNS-Server you put the timeout to some really low value such as 5 minutes
- In case one of the lines fail, this DNS-Server is not answering anymore, which means the clients go - latest 5 minutes after it failed - to the other dns-server that gives the other range.

This will not give you 100% failover but at least a quite good one
0
 

Author Comment

by:moruda
ID: 13779479
Sounds nice, but I'm doing nat, and the firewall won't bind 2 IPs to one internal IP. What can I do?
0
 
LVL 10

Expert Comment

by:neteducation
ID: 13779574
it's not the firewall that should bind 2 ip's to one internal. you configure your internal servers with two IP's.... so from the firewall's point of view it's like there were two amchines.
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 13780474
We had Radware Linkproofs.  I would look at F5.
0
 

Author Comment

by:moruda
ID: 13782283
Neteducation -- so your saying I shouldn't use NAT?
PseudoCyber -- I spoke to f5- the smallest item they sell is $12,000 street price, i could get some older ones on ebay if I knew what to look for. They told me that radware was ok for under 4mb, but I use a drop more than 4 so I need the F5
0
 
LVL 10

Expert Comment

by:neteducation
ID: 13782343
well you can do it with NAT... ten you simply put two internal ip-addresses onto your servers, one resolving to official provider 1 the other resolving to official proider 2... but you can also do without.... whatever you like better
0
 
LVL 7

Expert Comment

by:RobSilver
ID: 28989725
This is an old post.  However, for the sake of users viewing this, Microsoft TMG 2010 supports this functionality.

Here's how I implemented it:

http://robsilver.org/isatmg/isp-redundancy-made-easy/

Hope this helps,
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
If you try to migrate from Elastix to Issabel, you will face a lot of issues. These problems are inevitable but fortunately, you can fix them. In the guide below, I will explain how I performed the migration while keeping all data and successfully t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question