Second ISP Circuit

NRL71
NRL71 used Ask the Experts™
on
We currently have one main ISP circuit coming into our data center.  It goes to a Catalyst 2950 which is the Internet switch and then to an ASA 5540 and a 6509 that does all layer 3 routing.  A second ISP circuit has been installed for backup purposes and I am trying to decide how best to set it up.  I have an additional ASA 5540 plus extra switches and routers that are not in use and can be used if needed.  I want the internal network to stay the same, just with the ability to flip outbound traffic out the different gateway if needed and also would be setting up additional A records using the new ISP public IPs mapped to our internal servers such as the e-mail server and web server so that if the main circuit goes down, incoming traffic still transparently comes through via the second circuit.

Has anyone done, or is doing this sort of scenario?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
As an idea,

Use a bonder to join the 2 links together, this gives you more bandwidth all the time, and provides fail over in that if one dies the other is still up and running.  
There is a free solution at     http://www.upstreaminter.net/bondedcd.shtml
Have a look and see if it meets your needs?

Regards
Top Expert 2004
Commented:
The following  comments assume that your 2nd curcuit utilizes a 2nd ISP. If that's not correct please let me know.

Moving outbound traffic out the 2nd gateway is pretty easy. You can do this with floating static routes, HSRP, SAA object tracking, etc.

But your bigger problem is changing DNS records for the inbound traffic you apparently have. Changing DNS records takes not only manual effort, but hours of propagation time. Do you have your own IP address space, or are you using private RFC 1918 addressing, or are you using public address space provided by the first ISP? The only really effective way to manage inbound traffic is to have your own address space that you can advertise to both ISPs via BGP. This is only required for the public-access servers you have but it provides consistent addressing regardless of ISP.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial