I need help deciding on a redundant WAN design for internally hosted web application

Posted on 2010-01-08
Last Modified: 2013-12-14
We have a web application we developed, which we sell access to.  We have eliminated all single points of failure from the firewall back to the application (firewall clusters, redundant switching, vmware cluster, sql cluster, load balanced web servers, etc).  However, we only have a single 15mb fiber WAN link to our ISP.  We are generally pretty small time, but have made some creative designs that got us this far.

However, I'd like to make the WAN link redundant for incoming traffic.

Our firewalls (SonicWall 2400's) support WAN redundancy, and will load balance outbound traffic.  

How do I provide inbound redundancy for the web servers?

I can get a metro wireless (4G, 6mb down / 1mb up) connection for under $100/mo.  I would want it only as a FAILOVER for incoming traffic.  I don't want to load balance, unless I can direct MOST of the traffic to the fiber link.

I've read some about BGP, but it looks like it will be too "big" for me (requires at least a /24 IP range, and potentially some expensive hardware, etc).  Can you do BGP cheaply/simply? Also, it seems BGP doesn't let you control which incoming route users will take, and I prefer they all go through the fiber link unless it's down.

Are there any DNS tricks, or anything else, I can set up that provide fail over?  Even if it's not immediate, can we at least get something that will automatically switch over within a few minutes?

Aside from the ISP cost, I want to do something that's well south of $1,000.


Question by:sunstoned
    LVL 13

    Accepted Solution

    These are some possibilities. Some of those you already mentioned, I add my comment to help you understand it better:

    A) BGP
    You need at least a class C (/24) addressing space, fill in all the forms to apply for and register your subnet, a router (or 2 for redundancy) that have enough memory to handle the BGP routing space (512M or more), 2 or more ISP willing to help you advertise BGP. Aside from the router, everything else doesn't cost that much money. In today technology, router w/ 512M of RAM is not that expensive any more.
    If you can afford it, BGP is the best solution. It also allow you to control which route to take in your case.

    B) DNS
    You can also use DNS to direct user traffic when the primary link is down. This is probably the cheapest way to achieve this. However many organization (e.g. AOL etc.) cache DNS. Even your DNS change, there is no guarantee that your intended user will get the most updated DNS resolution. Typically most site will not update DNS record less than 4 hrs.

    C) use of colo or other reliable internet connection
    If you happen to have a colo or some location that already have redundant internet connection, there are ways you can take advantage of that to relay the traffic. e.g. In your case, you can use a bank of reverse proxy in colo that can query your internal server(s). Since you can configure your reverse proxy to take multiple route and talk to multiple servers, this move the failure point out to the colo. In a more general sense, I am able to setup router(s) in colo to relay through multiple tunnels to my in house servers.

    D) application specific
    Some applications it doesn't matter which server answer the query, as long as some server does. Some other applications will automatically retry if primary server cannot be reach.

    E) Use 3rd party service
    Some 3rd party provide services (e.g. Akamai) that have servers all over the world to serve clients' applications. Typically they use a combination of B & C above.

    You can combine the methods above to provide multiple level of fail safe protection.
    LVL 3

    Author Closing Comment

    Thanks for the comments.  I'd like to know more about B, and how to configure that.  Seems like that might be the best way to go for now, as an easy/cheap solution.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now