?
Solved

Setting up DNS routing on a Windows SBS 2003

Posted on 2006-05-22
13
Medium Priority
?
304 Views
Last Modified: 2013-11-16
Okay folks, nice big point topic as I think the answer will be quite complex.

The scenario is, we have three seperate ADSL lines into the building, 2x2Mbs and a new 8Mbs line coming in the next week or so. Currently we have about 40 PCs hooked up to the first 2Mbs line, and the email server hooked up to the 2nd (don't ask). If the main line goes down, it basically means that all the 40 PCs drop. Each user logs in via Windows 2003 SBS.

Each of the ADSL lines have a Belkin Router with DHCP enabled, and a Watchguard Firewall box attached.

What I WANT to acheive is to have the PCs spread over the three lines, with certain boxes going through certain lines (eg Reprographics goes through the 8mbs line) BUT to have a fall back in case one of the lines fails, all it's "users" temporarily switch to another line. Ideally I'd like to be able to control this centrally from the Server. Most of the PCs have fairly static IP addresses (in that they rarely change once assigned), but I'd rather not have FIXED IP addresses as there are number of laptops around the offices that sometimes go on home and/or other office networks. Hope that's none too vague for people.
0
Comment
Question by:Jeremy Bromley
  • 5
  • 5
  • 2
  • +1
13 Comments
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16735604
As you say to achieve this is complex, if possible.
Why not replace the Bekins with a dual WAN port router such as the Linksys RV042. This will allow automatic load balancing and automatic fail over in the event one or the other ISP's goes down. Then just leave your Mail Server on the 3rd line. Make sure the 8mb line is connected to the primary connection of the Linksys so that if ever a single user, they will be sure to get that line. This way you won't need a 3rd Watchguard either.
0
 
LVL 10

Expert Comment

by:victornegri
ID: 16735767
The first part is easy: set up different scopes on your DHCP server for the three different groups of users/computers (i.e. one that goes from 192.168.1.2-50 another from 51-150 and the last from 151-254). Do Mac address reservations on your DHCP server. Have each of the scopes point to a different gateway.

The 2nd part is more difficult. You can try this... in your DHCP scopes, set up multiple 003 Router entries for each scope. Arrange the entries so that the primary is on top and the failovers are below in whatever order you want. The only problem with this is the computer will only failover if the gateway is unpingable (i.e the router is dead -- not the connection the router is hosting). The other alternative I can think of is to purchase a router that has the feature built in... like a Sonicwall TZ170.

You can also set up a batch file to do the testing:

ping -n 1 <something pingable only by router1>
if errorlevel 1 route add 0.0.0.0 mask 0.0.0.0 192.168.1.2

ping -n 1 <something pingable only by router1>                    <-- so that it fails back when the line comes back up
if errorlevel 0 route add 0.0.0.0 mask 0.0.0.0 192.168.1.1
0
 
LVL 14

Expert Comment

by:Joseph Hornsey
ID: 16736898
Allow me to modify something in victornegri's explanation:

Don't set up multiple router entries for each scope.  Just point each scope to its own router.  Once you've done that, if a line drops, just go the scope in question and change it's router option to point to a different router.  Then, have your clients reboot (or do an IPCONFIG /RELEASE and then an IPCONFIG /RENEW at a command prompt... I find it easier to say "Okay, go ahead and reboot your computer and then the internet will be back up."  Once the line comes back up, you can change it back.

<-=+=->
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Author Comment

by:Jeremy Bromley
ID: 16740944
Question time then - SplinterCell - whilst this sounds "easy" I'm not always in the office, so it needs to be an automatic system realistically. This system sounds far from auto.

Rob, liking the sound of this one. How quickly does the switch-over take, and is it reasonably seamless. Also, had a look at the pricing of this unit and it looks a good price. Also looking at the Netgear equivelant (FVS124G), anybody got any experience of this one?
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 1600 total points
ID: 16741931
>>How quickly does the switch-over take, and is it reasonably seamless."
I am told it appears only as a slow link, basically very fast. However, I would think, if you had a user already connected to a site through port one, and the link was lost , they would probably have to do a refresh, to re-establish the same connection. To anyone else, or for a connection to a new site, it would be automatic. The Linksys has a built-in connection testing sequence, and there is likely a magical # of seconds of lost connectivity it waits for, before switching.

My clients have about 15 of the RV042's, though they are not using the dual WAN port feature, I have been extremely impressed with the features, especially considering the price. I also have a few with other Netgear models, and although I like the features on those as well, each has had firmware issues.

If you are really "keen". The Linksys source code is available to anyone. As a result several 3rd party vendors have released their own firmware versions with additional features for some of the Linksys units.
0
 
LVL 14

Assisted Solution

by:Joseph Hornsey
Joseph Hornsey earned 400 total points
ID: 16743824
No... my idea is not "auto"... actually, I really like RobWill's idea of the Linksys box.

<-=+=->
0
 
LVL 1

Author Comment

by:Jeremy Bromley
ID: 16788710
Okay, this is looking good. I'm going to try to source an RV042, although I might have one problem in that the two lines are in completely different parts of the building. Trying to work out wiring, does it need connecting directly to the modems, or will it still go through main network?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16789061
What do you mean by "through the main network" ? You can make use of an existing CAT5 cable that is part of your network but I wouldn't connect it to the LAN side of your network (through your LAN switches), that would by-pass all firewalls and put every system at risk. However, the modem and router do not have to be side by side.
0
 
LVL 1

Author Comment

by:Jeremy Bromley
ID: 16806149
That's kind of what I mean, I'm going to have to run a seperate cable from the modem to the router box, as the building is a C17th Century hunting lodge with foot thick walls :(
0
 
LVL 1

Author Comment

by:Jeremy Bromley
ID: 16806177
One problem I have come across on various mailing lists regarding the dual WAN routers is that of how and when they switch between ports. One of our departments does all of it's work on a secure (off-site) web-site for ecommerce. I suspect that the site will check the IP address of the "calling" computer throughout the process. Many people have complained regarding Dual-WAN routers that they switch their load-balancing "per packet" which would obviously cause problems. Does anybody know if there is any way to change any of these routers to "per session" switching?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16806425
The load balancing routers I have used maintain a connection through one port. So if I were to logon to site abc.com it will be maintained on port 1, when I or someone else, logs onto site def.com it may go through port 2. If the connection is lost on port 1, your connection is lost and you would have to hit refresh to have it reconnect through port 2. A "conversation" is maintained over 1 port but multiple connections are distributed over the 2 WAN ports. However, if a new connection is started when port 1 is down, it is automatically forced through the only open port.
0
 
LVL 1

Author Comment

by:Jeremy Bromley
ID: 16850250
Okay, I think this will work - I'll dole out some points to Rob (majority) and Splinter (assistance) - cheers guys. I'll perhaps post up some results in the next few weeks.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16851221
Thanks jbromley,
--Rob
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question