Router Suggestions

Hi,
We have a small network with 5 servers hosted in a datacenter. We have a single network connection from our upstream provider going into a Sonicwall Pro 300. This connects to our Netgear FSM726 Switch --> to the servers. We also have a Cisco 2950 sitting on a shelf, since it locked up once (was loaded with verson 12.1 software) and needed to be reset. Either way, we are looking to get an additional provider for redundancy. We are NOT planning to do BGP or anything as it seems way too complex and we have only a few IPs so we cannot justify a /23.

The network is NATed and I would like to have 1 IP from each provider map to a single IP for the internal website/email server. ie -- 10.0.0.1 maps to 123.1.1.1 and to 234.1.1.1. I have no idea if this is possible. Also, I have no idea where I would place the sonicwall in this situation. As of now the Sonicwall is doing NAT--I would assume that if there are multiple providers I would need to do NAT somewhere else (router).

We push an average of 5 megs, but the sites need to be highly available -- hence the redundancy. What kind of equipment should we get. I would rather a simple device -- I even saw a Netgear load balanced dual wan router that has 90mb capabilities wan to lan -- more than enough for us. There is also a Xincom product as well. I am not so sure about these devices reliability -- and obviously it would be worse to have a bad device than to have an hour or 2 of downtime once in a while. I would imagine a Cisco device would be the best.

Please suggest the best (and most cost-effective) solution to execute this plan. We do not want to spend thousands of dollars.

Thanks
morudaAsked:
Who is Participating?
 
pjtemplinCommented:
VoIP is "completely" balanced.  Most end-user access (DSL, T1, dial, etc.) is inbound-heavy.

Since most of your traffic is outbound, you stand to gain performance by letting BGP receive full routing tables from each provider, and making an intelligent selection on which pipe to send a given packet.  I'm a Cisco guy, so I'd recommend at least a 7507; this is the "smallest" router Cisco has/had that provides "distributed forwarding" - one CPU handles the routing/forwarding table, another CPU(s) handles the actual packet forwarding.  I've misconfigured my 7507s in a way that causes the "routing" CPU to handle some of the forwarding, and it caused great pain for VoIP users; using a router that only has one CPU WILL cause latency once per minute around the clock if you're taking full tables.

I can set you up with an aftermarket reseller if you'd like.  You want the chassis, two power supplies, one or two RSP4s, three VIP2-50s (minimum) or VIP4-50s (much, much better; I'd really rather you didn't get the VIP2-50s), and three PA-FE-TX cards.  Make sure the RSP4s and VIPs have the maximum memory possible, or you'll be in big trouble.  Keep in mind that the 7500 series is likely approaching end-of-life, but it's a very good platform and not as finicky to learn and operate as the GSR/12000 series (also distributed forwarding, much higher capacity).
0
 
pjtemplinCommented:
You have servers and you want redundancy?  Do BGP.  At least in North America, you only need a /24, and you can justify it by multihoming with BGP.

A Cisco Catalyst 3550 EMI could do the job, as could anything in the 2800 series or some 1800 models.
0
 
morudaAuthor Commented:
I am only hosting about 10 sites....but they are very heavily advertised and cost a pretty penny to my clients in downtime...
I would have to show each site using 25 ips to justify a /24--no?
Also, I would need to get the /24 from my upstream provider--and they won't SWIP it to me---what if I ever want to leave them?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
pjtemplinCommented:
http://www.arin.net/policy/nrpm.html#four236

You only need one address to justify a /24, if you are going to multihome.  You can only get one /24 this way.

If the provider has assigned the /24, the provider will SWIP it to you - they need to show that the /24 is assigned somewhere to help them justify their next big block.  However, that doesn't mean it's yours - you'll need to remain with them.  In that case, keep one T1 to them, keep it nailed up, but modify your BGP announcements to not use the T1.  That'll give you the ability to keep the assignment, but not incur any performance degradation from that provider, and buy time until you can grow large enough to justify a /22.
0
 
morudaAuthor Commented:
What if I never justify a /22? Aren't other people stuck with this same situation as me?
0
 
pjtemplinCommented:
Yes, they are.  Not much you can do about it.

Figure out which direction you need more bandwidth, and add a separate business to utilize the under-used direction, preferably in a manner that causes IP justification.  Use that to grow.
0
 
morudaAuthor Commented:
Sounds like an idea--I am serving websites -- mostly out -- about 5x more out than in. Who uses "inbound" traffic? VOIP providers? Backup servers?
0
 
morudaAuthor Commented:
also--would you suggest going with a router or the switch you mentioned? Could you suggest specific models of routers also?
0
 
morudaAuthor Commented:
Sounds like its way out of my league... I thought I needed something simple --- what will distributed forwarding do that the other routers/switch you mentioned above not do? I really only need it for backup (just in case). If I have a zero commit that's all I would use it for...
0
 
pjtemplinCommented:
Welcome to the challenges of high availability.

Distributed forwarding means a separation of control functions and traffic forwarding functions.  A non-distributed router will have to split one CPU between both functions, causing a tradeoff if control functions need CPU time.  With full BGP, control functions WILL need CPU time every minute, causing a jump in latency to 300-400ms for 1-3 seconds while the tasks complete.

A switch router (i.e. the 3550, 3560, 3750 models, and there are others) will happily do distributed forwarding, but cannot handle a full table (big models like the 6500s will, but that's above your needs).  However, it may lack some "true router" features that may or may not be important to you.  The 3550 may be a solid starting unit until you're ready for big iron.

For what it's worth, if you're looking for redundancy, I'd strongly consider an active/active setup, rather than active/backup.  With active/active, you know that both feeds are working all the time, and in the event of a failure only ~50% of your traffic has to reconverge to the other link (i.e. half of your traffic is simply unaffected).  With active/backup, a change in your backup provider's network could render your backup solution out-of-service without you knowing it, and obviously ~100% of your traffic has to change paths to become functional.  Having mostly outbound traffic means setting up active/backup isn't as hard as if you had mostly inbound, but there are always some challenges to active/backup setups.
0
 
morudaAuthor Commented:
Ok.  I guess I will look into it and try to make some sense of this... Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.