Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

T1 failover connection

Posted on 2006-04-20
27
Medium Priority
?
762 Views
Last Modified: 2010-05-18
I have a T1 running right now.  We want to have a cable connection coming in as well to bond to the T1.  As far as I know there shouldn't be any issues with outbound traffic.  My concern is how do I handle inbound traffic if the T1 goes down?  I'd need something to tell inbound traffic like email to use my second connection.  Anyone have any experience with this or any ideas on how I can get this to work?
0
Comment
Question by:NESupply
  • 11
  • 9
  • 6
  • +1
27 Comments
 
LVL 2

Assisted Solution

by:OAC Technology
OAC Technology earned 800 total points
ID: 16503114
We use a Netgear Prosafe firewall with dual wan ports with a similar setup (DSL with failover to T1). Our Netgear firewall will update a DNS server.

If your concern is incoming mail, setup an additional MX record that has a higher cost, this way, when your mailserver can't be contacted on your DSL line, email will come in on the T1 line.
0
 
LVL 4

Expert Comment

by:jeff_trent
ID: 16508120
Email is easy because as DataDudes mentioned, MX Preferences are a standard in DNS, and will do exactly what you need.  If you have any public services (web, ftp, etc...) that are on your T1, this is a much less obvious fix.  Can you give us some further details about your setup and your needs in the event of a failure?
0
 

Author Comment

by:NESupply
ID: 16509484
We host a website here.  We do VPN, ftp, terminal services and telnet into the main office.

If the connection fails we need to still be able to receive mail and do terminal services back into the main site.
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 
LVL 2

Expert Comment

by:OAC Technology
ID: 16509548
maybe the solution is to setup a couple A Records with whoever is hosting your DNS. Setup remote1.yourdomain.com to point to your DSL line and remote2.yourdomain.com. This way users can switch over to the T1 if the DSL fails.

There may be an easier way?
0
 

Author Comment

by:NESupply
ID: 16509572
Can Dynamic DNS be used in this situation?
0
 
LVL 2

Expert Comment

by:OAC Technology
ID: 16509642
oh, sorry, i must have blanked. (see my first comment)

the netgear firewall we use will update a dynamic ip service in the event a line goes down. so that would be the ideal solution.
0
 

Author Comment

by:NESupply
ID: 16509665
What did you pay for your firewall and what model is it?
0
 
LVL 2

Expert Comment

by:OAC Technology
ID: 16509769
It is the Prosafe VPN Firewall FVX538. It is at pricewatch right now for $346.99.

http://castle.pricewatch.com/s/search.asp?s=FVX538

0
 
LVL 2

Expert Comment

by:OAC Technology
ID: 16509782
i take that back, it's $336 after $10 rebate :-)

0
 
LVL 4

Expert Comment

by:jeff_trent
ID: 16514106
Just be advised that DNS updates are not immediate.  Depending on the TTL setting for your zone, some remote DNS servers may cache your lookups for up to 72 hours.  This means if someone sends you an email, their SMTP server has to do a lookup on your MX record through its DNS.  It may cache that for up to 3 days.  If you go down during this time, they may not check back to see if your MX record has changed.  This could cause an outage for you being able to receive email from this party.

The only true "solution" is to get an AS Number (Autonomous System), and have multiple feeds running BGP or some other gateway protocol.  This would provide true redundancy, but is not a route very many people can go.  For your needs, the router DataDudes has given you info on should suffice for the most part.  Just don't expect to be 100% covered during down time.
0
 
LVL 2

Expert Comment

by:OAC Technology
ID: 16516251
Actuallyl the dynamic dns servers update within a couple minutes of a link failing. We've never had to wait for it to transfer over.
0
 
LVL 4

Expert Comment

by:jeff_trent
ID: 16517541
DataDudes:  Yes, I understand that the DNS servers themselves update almost instantly, but due to server-side dns cacheing (not your DNS, but someone elses), you can see significant delays in updates.  It all depends on the TTL (time to live) setting specified in your domain's zone file.

If someone has queried your DNS server recently and the TTL hasn't expired yet, they will not lookup again until it does.  If your DNS record is updated during this time, those changes will not be reflected when this person tries to email you or get to your website or whatnot.  Once their TTL expires, they'll do a new lookup, and will find the changes and all will be fine.

If NESupply needs a more in depth explanation, there is lots of information available on how DNS works.  This is not the place to delve any deeper into it...I only meant to point out some pitfalls to watch out for.  There CAN be a few emails that don't get through immediately or at all.

Wiht that said, I think NESupply only needs internet browsing and email during any downtime on his T1.  As you mentioned previously, setting another MX record in his zone file with a higher cost (numerically higher, but lower order of preference) should solve this for his needs.  This won't do anything for his web services (again, people may still get to it after the dynamic ip update, or they may not), but will get them the access they need to terminal services and email.
0
 

Author Comment

by:NESupply
ID: 16534302
Hmmm...something to consider to be sure.  Yeah, I have a bunch of services that I need to be able to keep live after my T1 fails.  I will look into getting a second MX record.
0
 
LVL 4

Accepted Solution

by:
jeff_trent earned 1200 total points
ID: 16534447
If it's absolutely essential that you keep your services up and running in the event of a failure, BGP is the best way to go.  You'll need to apply for an AS number with ARIN and order another T1 (or other type of connection with static IP) from another distinct provider.  It's a lengthy process, but if uptime is a must, it's the best way.
0
 

Author Comment

by:NESupply
ID: 16534481
BGP = Border Gateway Protocol?

What is an AS number?  I'm not too familiar with things outside of my router.  We are looking at a cable connection for the second line.
0
 
LVL 4

Expert Comment

by:jeff_trent
ID: 16534546
AS number = Autonomous System number

It is a unique identifier provided by ARIN that allows you to implement some sort of gateway control protocol (most commonly BGP).  You'll need a pretty hefty router to handle the added routing load imposed on it by BGP.  You'll essentially be sharing routing tables with both your peering providers and virtually every router on the internet.  It's processor intensive, as I'm sure you can imagine.

Here's some background on BGP:  

http://www.sprintlink.net/faq/bgp.html

http://logicalpackets.com/Network-Learning/bgp.asp

And here are some useful tools:

http://www.netconfigs.com/
0
 

Author Comment

by:NESupply
ID: 16552410
I checked it out.  Looks kind of complicated to implement.  Have any recommendations of routers that can support the BGP activity?
0
 
LVL 4

Expert Comment

by:jeff_trent
ID: 16552481
Yeah, unfortunately it's VERY complicated.  If uptime is important enough, you'll probably have to hire a consultant to help you with the planning and implementation.  It won't be cheap, but the benefit will be five 9's of uptime.  I'm hesitant to recommend a particular router for you, because I don't know anything about your network or your business model.  If you go this route and hire a consultant, he can recommend a router that will do the job.

Good luck...
0
 
LVL 4

Expert Comment

by:jeff_trent
ID: 16552535
If you don't want to go that far (or can't justify the expense), I'd suggest going back to the top and looking at what DataDudes had to say.  It will get you by fairly well, though external users won't have access to some services while you're down.

It's basically a question of just how important uptime really is for your business.
0
 
LVL 4

Expert Comment

by:jeff_trent
ID: 16552566
One other thing to consider for BGP that I might not have made clear, is that you have to have multi-homed connections.  That is, you must have at least two connections from at least two distinct providers.  Having two T1s from your local RBOC (Bellsouth, SBC, Verizon, etc...) does you no good.
0
 

Author Comment

by:NESupply
ID: 16552725
We have ATX for the T1 and are planning to pull cable from Comcast.
0
 

Author Comment

by:NESupply
ID: 16552752
They told me not to worry about costs so much.  The main concern is that we have the uptime and understanding of what we implemented so it can be managed.  There is alot of info out there on BGP and I still don't understand it all.
0
 
LVL 4

Expert Comment

by:jeff_trent
ID: 16552905
Sounds like BGP is the way to go then, as money isn't the primary cost.

It's probably not realistic to expect to be able to "pick up" BGP implementation information on the internet, at least not enough to be able to do it yourself within a reasonable time frame.  If you'll provide your location, I might be able to suggest a particular consultant in your area to call on.  In any event, I think you'll definitely want to hire some good help for this.  Good planning will lead to a relatively seamless transition, while improper planning can cause catastrophic downtime.
0
 

Author Comment

by:NESupply
ID: 16552926
There's that word...catastrophic.  Never good.  We are located in Baltimore, MD
0
 
LVL 4

Expert Comment

by:jeff_trent
ID: 16552931
Also, be sure that you have a Static Address from Comcast.  You'll probably want to request some new IPs from ARIN once you get your AS# also, that way you're not tied to either ATX or Comcast if one of them goes down...your new IPs will route down either connection.
0
 
LVL 18

Expert Comment

by:carl_legere
ID: 16553622
if all your dns is hosted by dyndns.com, and you set them up with TTL=1, then they will not be cached by any servers.  At most mailservers who frequently need to lookup your domain will change the real propogation delay to 30min.

I have not done it, but combining dyndns, a dyndns client running on your server and a dual wan port router, you can achieve your in and out rerouting easily.

After failover by the dual wan port router, the client software on the server will detect that the outside interface IP has changed, and will 'update' dyndns.com with all your new values.  When the normal link is backup the process is handled in a similar way.
0
 
LVL 4

Expert Comment

by:jeff_trent
ID: 16553659
I was finally able to find a reputable company in the Baltimore area who should be able to help you with this issue...at least someone to talk to in depth about the costs and considerations.  If everything looks good at that point, you could certainly move forward with the planning and implementation phases.

The company is NetCraftsmen, located in Arnold, MD.  The contact there is Renee Wagner (rwagner@netcraftsmen.net).  I told her "a friend" of mine was looking for some consulting help on the implementation of BGP.  Give her a call and see what they can do for you (and if they can meet your pricepoint to accomplish this goal).  They're a Cisco shop, and came highly recommended.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Integration Management Part 2
Suggested Courses
Course of the Month15 days, 17 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question