We help IT Professionals succeed at work.

Recommendation for internet connection failover for website with SSL

mnkings
mnkings asked
on
I'm curious what people usually do when they have an SSL cert on their website, hosted at the office and they have a backup internet connection. How do people failover to the backup IP address on the backup internet connection (backup internet connection is a completely seperate provider etc.). So I have ssl.site.com resolve in DNS to x.x.x.x, which is an IP on my firewall. I also have a backup internet connection on another port on the firewall with a completely different public IP. How do I get ssl.site.com to resolve to the new address. I assume I would either have to run 2 of my own DNS servers or pay for a service like this? Any help is appreciated!
Comment
Watch Question

Commented:
You can choose a DNS host that you consider to be highly reliable and have them host your DNS.  

Set your DNS records to have a relatively short TTL (Time-To-Live).  With a short TTL, if you need to change to the backup connection, any change you make will be propagated through the internet quickly.

If your main line goes down, log on to your DNS host's control interface/panel/whatever-they-call-it, and change the record to point to the backup IP (make any necessary adjustments on your own network gear as well, of course)
Top Expert 2008
Commented:
There is no real failsafe solution in that scenario.

even using short ttl dns records (either hosted yourself or someone else) or some kind of ddns scheme won't give you the kind of turn-around you need if it is a mission critical application.

If you need high availability, then you need to go down the path of multi-homing your network and advertising your own address space using BGP.  That, of course, can get comoplicated and expensive, which is why many mission critical apps are hosted with some datacentre partner with vpn links to the business premises.

if you can put up with a half hour outage when the primary internet link goes offline, while you wait for dns changes to take place, then I guess that a dns scheme may be OK.

Cheers!

Author

Commented:
Thanks for your answers. I'm guessing short TTL's are the way I'm going to go. I am still curious, what do large companies do. I've checked with many DNS providers (networksolutions etc.) about multiple IP addresses and they don't support it, but how does google show:
Non-authoritative answer:
Name:    google.com
Addresses:  74.125.95.103
          74.125.95.104
          74.125.95.147
          74.125.95.99
          74.125.95.106
          74.125.95.105

Commented:
There are some DNS IP failover services that can automate the switching of DNS records part.  (But, that means you will be using *their* name servers)  Not instant, but on the order of minutes.  Depends on your requirements whether this is a fit for your company.

Top Expert 2008

Commented:
Those 'large companies' may well have multiple web servers with multiple IP addresses, but they are definitely not done like that for failover purposes!

Every one of those IP addresses will almost certainly be on a multi-homed network so that if one of the internet connections fails, then the other will take up the slack - no change of IP address necessary.

The different IP addresses are usually done for load balancing purposes - with their dns resolving the hostname in round-robin fashion as requests come in.

Cheers!

Author

Commented:
Thanks for the answers!