T1 failover connection

I have a T1 running right now.  We want to have a cable connection coming in as well to bond to the T1.  As far as I know there shouldn't be any issues with outbound traffic.  My concern is how do I handle inbound traffic if the T1 goes down?  I'd need something to tell inbound traffic like email to use my second connection.  Anyone have any experience with this or any ideas on how I can get this to work?
NESupplyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

OAC TechnologyProfessional NerdsCommented:
We use a Netgear Prosafe firewall with dual wan ports with a similar setup (DSL with failover to T1). Our Netgear firewall will update a DNS server.

If your concern is incoming mail, setup an additional MX record that has a higher cost, this way, when your mailserver can't be contacted on your DSL line, email will come in on the T1 line.
0
jeff_trentCommented:
Email is easy because as DataDudes mentioned, MX Preferences are a standard in DNS, and will do exactly what you need.  If you have any public services (web, ftp, etc...) that are on your T1, this is a much less obvious fix.  Can you give us some further details about your setup and your needs in the event of a failure?
0
NESupplyAuthor Commented:
We host a website here.  We do VPN, ftp, terminal services and telnet into the main office.

If the connection fails we need to still be able to receive mail and do terminal services back into the main site.
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

OAC TechnologyProfessional NerdsCommented:
maybe the solution is to setup a couple A Records with whoever is hosting your DNS. Setup remote1.yourdomain.com to point to your DSL line and remote2.yourdomain.com. This way users can switch over to the T1 if the DSL fails.

There may be an easier way?
0
NESupplyAuthor Commented:
Can Dynamic DNS be used in this situation?
0
OAC TechnologyProfessional NerdsCommented:
oh, sorry, i must have blanked. (see my first comment)

the netgear firewall we use will update a dynamic ip service in the event a line goes down. so that would be the ideal solution.
0
NESupplyAuthor Commented:
What did you pay for your firewall and what model is it?
0
OAC TechnologyProfessional NerdsCommented:
It is the Prosafe VPN Firewall FVX538. It is at pricewatch right now for $346.99.

http://castle.pricewatch.com/s/search.asp?s=FVX538

0
OAC TechnologyProfessional NerdsCommented:
i take that back, it's $336 after $10 rebate :-)

0
jeff_trentCommented:
Just be advised that DNS updates are not immediate.  Depending on the TTL setting for your zone, some remote DNS servers may cache your lookups for up to 72 hours.  This means if someone sends you an email, their SMTP server has to do a lookup on your MX record through its DNS.  It may cache that for up to 3 days.  If you go down during this time, they may not check back to see if your MX record has changed.  This could cause an outage for you being able to receive email from this party.

The only true "solution" is to get an AS Number (Autonomous System), and have multiple feeds running BGP or some other gateway protocol.  This would provide true redundancy, but is not a route very many people can go.  For your needs, the router DataDudes has given you info on should suffice for the most part.  Just don't expect to be 100% covered during down time.
0
OAC TechnologyProfessional NerdsCommented:
Actuallyl the dynamic dns servers update within a couple minutes of a link failing. We've never had to wait for it to transfer over.
0
jeff_trentCommented:
DataDudes:  Yes, I understand that the DNS servers themselves update almost instantly, but due to server-side dns cacheing (not your DNS, but someone elses), you can see significant delays in updates.  It all depends on the TTL (time to live) setting specified in your domain's zone file.

If someone has queried your DNS server recently and the TTL hasn't expired yet, they will not lookup again until it does.  If your DNS record is updated during this time, those changes will not be reflected when this person tries to email you or get to your website or whatnot.  Once their TTL expires, they'll do a new lookup, and will find the changes and all will be fine.

If NESupply needs a more in depth explanation, there is lots of information available on how DNS works.  This is not the place to delve any deeper into it...I only meant to point out some pitfalls to watch out for.  There CAN be a few emails that don't get through immediately or at all.

Wiht that said, I think NESupply only needs internet browsing and email during any downtime on his T1.  As you mentioned previously, setting another MX record in his zone file with a higher cost (numerically higher, but lower order of preference) should solve this for his needs.  This won't do anything for his web services (again, people may still get to it after the dynamic ip update, or they may not), but will get them the access they need to terminal services and email.
0
NESupplyAuthor Commented:
Hmmm...something to consider to be sure.  Yeah, I have a bunch of services that I need to be able to keep live after my T1 fails.  I will look into getting a second MX record.
0
jeff_trentCommented:
If it's absolutely essential that you keep your services up and running in the event of a failure, BGP is the best way to go.  You'll need to apply for an AS number with ARIN and order another T1 (or other type of connection with static IP) from another distinct provider.  It's a lengthy process, but if uptime is a must, it's the best way.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NESupplyAuthor Commented:
BGP = Border Gateway Protocol?

What is an AS number?  I'm not too familiar with things outside of my router.  We are looking at a cable connection for the second line.
0
jeff_trentCommented:
AS number = Autonomous System number

It is a unique identifier provided by ARIN that allows you to implement some sort of gateway control protocol (most commonly BGP).  You'll need a pretty hefty router to handle the added routing load imposed on it by BGP.  You'll essentially be sharing routing tables with both your peering providers and virtually every router on the internet.  It's processor intensive, as I'm sure you can imagine.

Here's some background on BGP:  

http://www.sprintlink.net/faq/bgp.html

http://logicalpackets.com/Network-Learning/bgp.asp

And here are some useful tools:

http://www.netconfigs.com/
0
NESupplyAuthor Commented:
I checked it out.  Looks kind of complicated to implement.  Have any recommendations of routers that can support the BGP activity?
0
jeff_trentCommented:
Yeah, unfortunately it's VERY complicated.  If uptime is important enough, you'll probably have to hire a consultant to help you with the planning and implementation.  It won't be cheap, but the benefit will be five 9's of uptime.  I'm hesitant to recommend a particular router for you, because I don't know anything about your network or your business model.  If you go this route and hire a consultant, he can recommend a router that will do the job.

Good luck...
0
jeff_trentCommented:
If you don't want to go that far (or can't justify the expense), I'd suggest going back to the top and looking at what DataDudes had to say.  It will get you by fairly well, though external users won't have access to some services while you're down.

It's basically a question of just how important uptime really is for your business.
0
jeff_trentCommented:
One other thing to consider for BGP that I might not have made clear, is that you have to have multi-homed connections.  That is, you must have at least two connections from at least two distinct providers.  Having two T1s from your local RBOC (Bellsouth, SBC, Verizon, etc...) does you no good.
0
NESupplyAuthor Commented:
We have ATX for the T1 and are planning to pull cable from Comcast.
0
NESupplyAuthor Commented:
They told me not to worry about costs so much.  The main concern is that we have the uptime and understanding of what we implemented so it can be managed.  There is alot of info out there on BGP and I still don't understand it all.
0
jeff_trentCommented:
Sounds like BGP is the way to go then, as money isn't the primary cost.

It's probably not realistic to expect to be able to "pick up" BGP implementation information on the internet, at least not enough to be able to do it yourself within a reasonable time frame.  If you'll provide your location, I might be able to suggest a particular consultant in your area to call on.  In any event, I think you'll definitely want to hire some good help for this.  Good planning will lead to a relatively seamless transition, while improper planning can cause catastrophic downtime.
0
NESupplyAuthor Commented:
There's that word...catastrophic.  Never good.  We are located in Baltimore, MD
0
jeff_trentCommented:
Also, be sure that you have a Static Address from Comcast.  You'll probably want to request some new IPs from ARIN once you get your AS# also, that way you're not tied to either ATX or Comcast if one of them goes down...your new IPs will route down either connection.
0
carl_legereCommented:
if all your dns is hosted by dyndns.com, and you set them up with TTL=1, then they will not be cached by any servers.  At most mailservers who frequently need to lookup your domain will change the real propogation delay to 30min.

I have not done it, but combining dyndns, a dyndns client running on your server and a dual wan port router, you can achieve your in and out rerouting easily.

After failover by the dual wan port router, the client software on the server will detect that the outside interface IP has changed, and will 'update' dyndns.com with all your new values.  When the normal link is backup the process is handled in a similar way.
0
jeff_trentCommented:
I was finally able to find a reputable company in the Baltimore area who should be able to help you with this issue...at least someone to talk to in depth about the costs and considerations.  If everything looks good at that point, you could certainly move forward with the planning and implementation phases.

The company is NetCraftsmen, located in Arnold, MD.  The contact there is Renee Wagner (rwagner@netcraftsmen.net).  I told her "a friend" of mine was looking for some consulting help on the implementation of BGP.  Give her a call and see what they can do for you (and if they can meet your pricepoint to accomplish this goal).  They're a Cisco shop, and came highly recommended.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Broadband

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.