T1 failover connection

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Email is easy because as DataDudes mentioned, MX Preferences are a standard in DNS, and will do exactly what you need. If you have any public services (web, ftp, etc...) that are on your T1, this is a much less obvious fix. Can you give us some further details about your setup and your needs in the event of a failure?

ASKER

We host a website here. We do VPN, ftp, terminal services and telnet into the main office.

If the connection fails we need to still be able to receive mail and do terminal services back into the main site.

maybe the solution is to setup a couple A Records with whoever is hosting your DNS. Setup remote1.yourdomain.com to point to your DSL line and remote2.yourdomain.com. This way users can switch over to the T1 if the DSL fails.

There may be an easier way?

ASKER

Can Dynamic DNS be used in this situation?

oh, sorry, i must have blanked. (see my first comment)

the netgear firewall we use will update a dynamic ip service in the event a line goes down. so that would be the ideal solution.

ASKER

What did you pay for your firewall and what model is it?

It is the Prosafe VPN Firewall FVX538. It is at pricewatch right now for $346.99.

http://castle.pricewatch.com/s/search.asp?s=FVX538

i take that back, it's $336 after $10 rebate :-)

Just be advised that DNS updates are not immediate. Depending on the TTL setting for your zone, some remote DNS servers may cache your lookups for up to 72 hours. This means if someone sends you an email, their SMTP server has to do a lookup on your MX record through its DNS. It may cache that for up to 3 days. If you go down during this time, they may not check back to see if your MX record has changed. This could cause an outage for you being able to receive email from this party.

The only true "solution" is to get an AS Number (Autonomous System), and have multiple feeds running BGP or some other gateway protocol. This would provide true redundancy, but is not a route very many people can go. For your needs, the router DataDudes has given you info on should suffice for the most part. Just don't expect to be 100% covered during down time.

Actuallyl the dynamic dns servers update within a couple minutes of a link failing. We've never had to wait for it to transfer over.

DataDudes: Yes, I understand that the DNS servers themselves update almost instantly, but due to server-side dns cacheing (not your DNS, but someone elses), you can see significant delays in updates. It all depends on the TTL (time to live) setting specified in your domain's zone file.

If someone has queried your DNS server recently and the TTL hasn't expired yet, they will not lookup again until it does. If your DNS record is updated during this time, those changes will not be reflected when this person tries to email you or get to your website or whatnot. Once their TTL expires, they'll do a new lookup, and will find the changes and all will be fine.

If NESupply needs a more in depth explanation, there is lots of information available on how DNS works. This is not the place to delve any deeper into it...I only meant to point out some pitfalls to watch out for. There CAN be a few emails that don't get through immediately or at all.

Wiht that said, I think NESupply only needs internet browsing and email during any downtime on his T1. As you mentioned previously, setting another MX record in his zone file with a higher cost (numerically higher, but lower order of preference) should solve this for his needs. This won't do anything for his web services (again, people may still get to it after the dynamic ip update, or they may not), but will get them the access they need to terminal services and email.

ASKER

Hmmm...something to consider to be sure. Yeah, I have a bunch of services that I need to be able to keep live after my T1 fails. I will look into getting a second MX record.

ASKER CERTIFIED SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER

BGP = Border Gateway Protocol?

What is an AS number? I'm not too familiar with things outside of my router. We are looking at a cable connection for the second line.

AS number = Autonomous System number

It is a unique identifier provided by ARIN that allows you to implement some sort of gateway control protocol (most commonly BGP). You'll need a pretty hefty router to handle the added routing load imposed on it by BGP. You'll essentially be sharing routing tables with both your peering providers and virtually every router on the internet. It's processor intensive, as I'm sure you can imagine.

Here's some background on BGP:

http://www.sprintlink.net/faq/bgp.html

http://logicalpackets.com/Network-Learning/bgp.asp

And here are some useful tools:

http://www.netconfigs.com/

ASKER

I checked it out. Looks kind of complicated to implement. Have any recommendations of routers that can support the BGP activity?

Yeah, unfortunately it's VERY complicated. If uptime is important enough, you'll probably have to hire a consultant to help you with the planning and implementation. It won't be cheap, but the benefit will be five 9's of uptime. I'm hesitant to recommend a particular router for you, because I don't know anything about your network or your business model. If you go this route and hire a consultant, he can recommend a router that will do the job.

Good luck...

If you don't want to go that far (or can't justify the expense), I'd suggest going back to the top and looking at what DataDudes had to say. It will get you by fairly well, though external users won't have access to some services while you're down.

It's basically a question of just how important uptime really is for your business.

One other thing to consider for BGP that I might not have made clear, is that you have to have multi-homed connections. That is, you must have at least two connections from at least two distinct providers. Having two T1s from your local RBOC (Bellsouth, SBC, Verizon, etc...) does you no good.

ASKER

We have ATX for the T1 and are planning to pull cable from Comcast.

ASKER

They told me not to worry about costs so much. The main concern is that we have the uptime and understanding of what we implemented so it can be managed. There is alot of info out there on BGP and I still don't understand it all.

Sounds like BGP is the way to go then, as money isn't the primary cost.

It's probably not realistic to expect to be able to "pick up" BGP implementation information on the internet, at least not enough to be able to do it yourself within a reasonable time frame. If you'll provide your location, I might be able to suggest a particular consultant in your area to call on. In any event, I think you'll definitely want to hire some good help for this. Good planning will lead to a relatively seamless transition, while improper planning can cause catastrophic downtime.

ASKER

There's that word...catastrophic. Never good. We are located in Baltimore, MD

Also, be sure that you have a Static Address from Comcast. You'll probably want to request some new IPs from ARIN once you get your AS# also, that way you're not tied to either ATX or Comcast if one of them goes down...your new IPs will route down either connection.

carl_legere

if all your dns is hosted by dyndns.com, and you set them up with TTL=1, then they will not be cached by any servers. At most mailservers who frequently need to lookup your domain will change the real propogation delay to 30min.

I have not done it, but combining dyndns, a dyndns client running on your server and a dual wan port router, you can achieve your in and out rerouting easily.

After failover by the dual wan port router, the client software on the server will detect that the outside interface IP has changed, and will 'update' dyndns.com with all your new values. When the normal link is backup the process is handled in a similar way.