Complex linux network

Posted on 2008-11-16
Last Modified: 2012-05-05
Well don't know if this is complex or not, but here goes

I have a number of Linux servers sitting behind a PIX in a datacenter.  They're all on a private address range.  THis is all working fine.  The pix connects to the ISP's router.   All well and good.

However, as the datacentre is 4 hours drive away, I'm paranoid that should the PIX fail, i'm in trouble.  

What I want to do to mitigate any outages, is to connect the second NIC on each server to the ISP's switch.  

Question:  Can I set the second NIC to a public IP address given by the ISP and route traffic to the application on the server and still maintain the private subnet on the first?

In otherwords, if the PIX fails, is it possible to still have connectivity with the server and can they co-exist?  Can I isolate routing, so that traffic on eth0 goes via the pix and eth1 (ip tables) routes via the direct connection?

Question by:middletn
    LVL 15

    Accepted Solution

    Depending on your routing skills, you might have to get your network team involved.  By using a link state routing protocol such as OSPF, it's possible to have a route metric that specifies a path to the alternate network on 2nd NIC card., so traffic goes thru the primary NIC first. This can be done by having this alternate route in the routing tables, but with a much higher metric/cost than the primary route.

    Obviously, the easiest way is to have a second pix for failover.
    LVL 6

    Assisted Solution

    I would not recommend having the linux server connect straight to the isp router for security reasons.
    if you afraid of pix fail, you can put another pix as a backup with connection to the other pix and set them as for failover.

    if you afraid isp connection fails, your solution is to have second wan backup on your pix.
    LVL 15

    Expert Comment

    I would concur with ricks v, tell the network manager if 100% availability is important to your network, to get a backup internet wan link and a 2nd PIX for failover. An ounce of prevention is worth a pound of cure. PIX (or ASA firewalls) are fairly inexpensive to begin with, and if cost is a factor in your budget, then a backup highspeed DSL with a failover pix will not hurt any IT budget

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Suggested Solutions

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now