pkromer
asked on
same dedicated ip addresses, two different isp's
We currently have 5 dedicated ip's with an isp (dsl) and we are looking for a backup isp (which will be cable) with 5 dedicated ip's. The problem is that I'm assuming we wont be able to get the same ip addresses, and I don't want to have to reprogram all the things that use those ip addresses in the event that we need to switch.
This will be a backup for times when the dsl goes down,. and we need a quick easy way to switch while the dsl gets repaired. I have no idea what we need to do... I was thinking some sort of router which will translate. Ideas?
This will be a backup for times when the dsl goes down,. and we need a quick easy way to switch while the dsl gets repaired. I have no idea what we need to do... I was thinking some sort of router which will translate. Ideas?
Do you perform inbound port/address mapping? That's the only thing you can't fail over. You can have DNS do a kind of round robin resolution, but you'll still have failures. Out bound fail over is relatively simple.
ASKER
We have our modem set up with one of the dedicated ip's.
We have our IP phone system set up with another.
We have our SSL VPN box set up with another.
What's out bound fail over?
Round robin?
We have our IP phone system set up with another.
We have our SSL VPN box set up with another.
What's out bound fail over?
Round robin?
The problem with in bound failover, is that something is connecting to your IP addresses or resolving it from a DNS name. If the IP address changes (i.e. when a failover occurs) how will it now find you? Round robin is putting all your IP addresses in your records so that they all resolve, A then B and then back to A each time a client tries to resolve the name. The problem is when a fail over occurs, 50% of the attempts are going to fail now. The good side is half are still getting through, not a perfect fail over.
The other option is to use something similar to dynamic DNS. Whereas you run a client inside your network and it reports back its own IP address to a DNS server on the internet, when it's IP address changes (i.e. a fail over), it updates the DNS server. This is great so long as down stream DNS servers don't cache their first resolution. So that they'll still be resolving to the old address.
Outbound will work fine. Your clients inside your network will go out whatever gateway they're told to use and the routers will decide which outbound path to use. They will be none the wiser. If the inbound address mappings you have are not fixed on the other end or external clients don't have to resolve them, then you should be fine.
Here's a couple of providers of Dynamic DNS services:
http://www.no-ip.com/
http://www.dyndns.com/
http://freedns.afraid.org/
http://www.dynip.com/
http://www.tzo.com/
The other option is to use something similar to dynamic DNS. Whereas you run a client inside your network and it reports back its own IP address to a DNS server on the internet, when it's IP address changes (i.e. a fail over), it updates the DNS server. This is great so long as down stream DNS servers don't cache their first resolution. So that they'll still be resolving to the old address.
Outbound will work fine. Your clients inside your network will go out whatever gateway they're told to use and the routers will decide which outbound path to use. They will be none the wiser. If the inbound address mappings you have are not fixed on the other end or external clients don't have to resolve them, then you should be fine.
Here's a couple of providers of Dynamic DNS services:
http://www.no-ip.com/
http://www.dyndns.com/
http://freedns.afraid.org/
http://www.dynip.com/
http://www.tzo.com/
ASKER
So what would the inside client be? sorry for the newbie-ness. I'm confused. So would I need a router to switch between the two outbound modems?
The inside clients would be your IP Phones, workstations, anything that accesses the network/internet. If you want something fully redundant you'd most likely have two routers, that come back into two core switches, but if you're a smaller shop and/or your budget doesn't allow, you can probably get away with one router that has dual WAN ports. I use this one:
http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVX538.aspx
But most any router that have dual WAN ports and at least one ethernet port for internal, would work:
http://www.networkworld.com/reviews/2004/0913rev.html
http://www.dslreports.com/forum/remark,10452186
Since Cisco routers can accept modules you can custom tailor them to whatever needs you have.
http://www.cisco.com/application/pdf/en/us/guest/products/ps5855/c1031/cdccont_0900aecd8019dc1f.pdf
http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVX538.aspx
But most any router that have dual WAN ports and at least one ethernet port for internal, would work:
http://www.networkworld.com/reviews/2004/0913rev.html
http://www.dslreports.com/forum/remark,10452186
Since Cisco routers can accept modules you can custom tailor them to whatever needs you have.
http://www.cisco.com/application/pdf/en/us/guest/products/ps5855/c1031/cdccont_0900aecd8019dc1f.pdf
ASKER
That netgear looks good, but it only has 10/100. Is there anything in that range with 10/100/1000? Or do you think that would even be a problem since it is only handling our internet connection and not our LAN?
I don't think it'll be your bottle neck unless you're planning on getting a WAN connection that exceeds 100Mbps. Something along the lines of an OC-1, T-4 or better. I think you're safe.
ASKER
One last thing... the round robin appraoch seems good, but you say it will fail 50% of the time. I only say it sounds good because it sounds easiest to set up and least likely to cause us grief due to possible outside circumstances. I dont really like the idea of going with any outside source like a website service for the dns. Is that your recommendation, though? Stay away from the round robin approach and get an outside dns service?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.