• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 486
  • Last Modified:

Internet link load balancing

Hi

We are hosting few application servers on DMZ using Cisco PIX firewall. These applications are accessed by the users from Internet. We have one 2 Mbps Internet connection for this purpose. However, due to availability issue of ISP link, we are planning to add second ISP link from different provider. please suggest any economical product available to do inbound and outbound load balancing between two ISP links

-NMG

0
nessmssit
Asked:
nessmssit
  • 3
  • 2
  • 2
2 Solutions
 
Rob WilliamsCommented:
The Linksys RV042 works very well for this. It will allow you to have 2 independent WAN/Internet connections and automatically balance the network requests over the 2 connections. In the event of a failure it will automatically force all traffic to the working connection. They tend to run about $150-$200 US
http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1123638171618&pagename=Linksys%2FCommon%2FVisitorWrapper
Support for this product would also be through Cisco's Linksys division.
0
 
papimichelCommented:
i'm not sure i understood you..
those DMZ servers have valid IP addresses.. right ?
how are those addresses are routed to you ? do you use DSL/Frame relay connection ?
if you do, the suggestion above is not good for you, but anyway be more specific about the use of those servers.. there might be another way to give you better redundancy.

anyway, i don't think there's a way to have the kind of load-balancing that you mentioned..
0
 
Rob WilliamsCommented:
Good point papimichel, if users are to connect from the outside, names can only resolve to one IP.
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 
nessmssitAuthor Commented:
Hi Papimichel ,

The servers that we have hosted in DMZ has a private IP addressess which are natted to the Public IP ones given by the Internet Service Provider . The Natting is done on the Cisco-Pix Firewall .We have an internet leased line connection for the internet and the same is terminated on a Cisco ISP Edge router.


Regards
NMG


0
 
nessmssitAuthor Commented:
Hi Rob will,

I have a query regarding two independent ISP connections.

How will the failover happens when the users URL is resolved (by the DNS ) into an public IP of the Internet Link-01 and after that the internet link fails

With Regards
NMG
0
 
Rob WilliamsCommented:
>>"How will the failover happens "
It won't. That is why I mentioned papimichel, had a good point. It is an ideal solution for "inside" users but will not resolve the problem for those on the outside of the firewall. Sorry, I know of no solution that will work in this situation.
0
 
papimichelCommented:
in order to have that kind of redundancy you can do something else:
you can point your registered DNS to a dynnamic DNS address that'll map by default to one of the ISP's address. if that line fails, you'll be still online because the other ISP's line is on (that you'll have to configure on your router) thus, the dynamic DNS record'll change its map to the other ISP's ip address, and all users on the outside'll still be able to use your services with your original DNS name.

Yours,
Michel
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now