Solved

Website and RDP Fault tolerance using multiple ISP's

Posted on 2015-02-24
9
131 Views
Last Modified: 2015-02-26
We have two ISP's coming in to our network. We have a few internal websites and a couple RDP servers that users access from the outside.

We have been having some issue with one of the ISP's and it happens to be the one that we have most of the external DNS names for the websites and RDP servers pointed to.

My question is, what are others doing for fault tolerance for external services? do they have multiple entries in DNs using an external provider or something else?
0
Comment
Question by:msidnam
  • 5
  • 4
9 Comments
 
LVL 61

Expert Comment

by:gheist
ID: 40631227
I think you misuse term "Fault tolerance".
Short wikipedia read will tell you. Do you have $XY00000 budget already assigned for fault tolerance?
0
 
LVL 2

Author Comment

by:msidnam
ID: 40631262
Ok, load balancing then. Either way we need a way where we can easily have a domain name, lets say login.company.com that points to 123.45.6.7 be re routed to 123.45.6.8 if the ISP that has 123.45.6.7 goes down.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40631285
If you put same webserver on 2 providers and set DNS to resolve to both IPs then one goes down and all browsers fail over to good side.
It will take more consideration to build database cluster and session synchronisation, keeping in mind lengthy isolation between locations.

For RDP? In 30s it will reconnect to same IP, 30s later to next IP. If you rig a windows server with 2 IPs within minute of one failure your users will be back at their sessions.
0
 
LVL 2

Author Comment

by:msidnam
ID: 40631310
Here is the situation. We have an MPLS line that connects all of our offices internally. We also have internet through our MPLS lines. We also have a Data Center that gives us an internet line where we have a physical firewall. Most of our RDP and webmail logins go through the MPLS internet. We have had issues in the past where our internet from our MPLS provider goes down (the inter office MPLs lines are still up and running).

When that happens we want to have the ability to somehow redirect the traffic from the MPLS internet to the data center internet. If we give our DNS provider two different public IP's it wont work because the Data Center internet is on a different subnet and I would need to change the gateway for those servers. I can do that in a downed situation but not if its going to one public IP one second and then the second public IP the next second.

Internally, i just tell my routers to send all traffic to the firewall in our DC and that will fix internal internet but not external users or clients trying to access servers.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 61

Accepted Solution

by:
gheist earned 500 total points
ID: 40631335
What you describe is a job for BGP and ASNs... You can have DNS load balancing/failover without huge network overhaul
0
 
LVL 2

Author Comment

by:msidnam
ID: 40631465
ASN sounds like something I've heard before but I am not sure what it is.

As for BGP, i would guess that we would have a DNS entry for a site (login.mycompany.com) with two public IP's and then let the routers handle where it goes?
0
 
LVL 61

Expert Comment

by:gheist
ID: 40631643
It is lower level infrastructure that all your providers know paths to your  AS network.
At no extra expense you an build infrastructure for servers behind DNS "load balancing"
0
 
LVL 2

Author Closing Comment

by:msidnam
ID: 40633931
I found this as well per your suggestion of BGP and ASN

http://www.techrepublic.com/article/how-to-use-bgp-to-achieve-internet-redundancy/
0
 
LVL 61

Expert Comment

by:gheist
ID: 40634282
As you see that is not free...
Say until setting next years budget do your best to not rise it.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now