Internet redundancy

How to setup a redundant internet connection in small business data room or data center by hooking two service provider. What are the devices involved to switch over from primary to secondary automatically at the middle of the night. I am planning to create redundancy for at least data connection
pchettriIT DirectorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bbaoIT ConsultantCommented:
per my experience the best way for small business on redundant Internet connection is to use SonicWALL devices.

any SonicWALL device with two WAN interfaces can support that. the switchover can be configured for failover or load balance in order to keep a persistent Internet connection.

see the details below.
Talk about overkill. We have 2 SonicWalls NSA 2600 in fail over connected to a fiber, cable and wireless internet...All active. On top of that 2 dell switches with LAG ports in case one goes down connected to the SWs. Might say we have redundant redundancy??? We are 24 hours but.
If you don't need any firewall features and only failover then I will suggest truffle from mushroomnetworks. Here is the link

There are others too like Fatpipe and meraki , peplink, cradlepoint and some more.
What good about truffle is its not only failing over to wan 2 when wan1 goes down at any point its bonding your download speed from all your Wired Wan connection.

Where Meraki and cradle point they do round robin for wan traffic , truffle uses their hashing algorithm to get the bonded speed. I have seen Peplink doing similar download bonding.

It can also be placed as a pass-through device between your Router and ISP modem and your user wont no any difference.  

Price wise Peplink is cheaper and make sure you do your research . Not all peplink device can be put in as passthrough.

Hope that helps.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Fred MarshallPrincipalCommented:
Perhaps you can explain the "middle of the night" requirement a bit more?

When I've thought about it, other than any needs for binding (some traffic to a particular ISP / port such as a protocol), it seems to make sense to do load balancing.  Otherwise you have to be concerned with switching between WANs which may or may not work as you'd like.  And, otherwise, it's a bit of a waste of available bandwidth to have one WAN port shut off.  But, yes, you may well need to bind protocols such as https or ... whatever.  In that case, failover may be a better choice.  The trade is:
- will binding in load balancing work well for us better?
- will having but one ISP at a time work for us better?
pchettriIT DirectorAuthor Commented:
There was cox connection issue and services were out for an hour. No power failure on UPS alert. All due to cox connection issue. I am planning to setup century link as backup but need to find a way to connect to second modem from watchguard firewall for switch-over in case of failure on primary servces
From your watchguard Firewall device the connection will go to your WAN Failover/Bonding device and from your WAN failover/bonding device to 2 of your ISP modems. if you put your Wan failover/Bonding unit in passthrough your Firewall will not know any difference.

Bonding is only for download and you can not failover a HTTPS session. As in any case HTTPS connections are consistent between your WAN1 or WAN2. If during your HTTPS session your wan1 dies I am sure your HTTPS session will break. At least I have seen it on Truffle and Peplink. But your regular HTTP traffic will continue. Once the failover is done you will be back to normal which is pretty quick.

Hope that helps.
Strictly speaking if you want internet redundancy done properly, you either need to register for an Autonomous System number ( in North America) or ensure that both providers will allow you to use a private AS number and send you a default route. Default routes use very little memory (as opposed to receiving every specific internet route from multiple providers) and don't require high end network devices, but you do need to check that the router or switch you buy is capable of speaking the BGP routing protocol. By using BGP instead of static routes you get the benefit of automatic failover and load balancing between providers.

The specific router you buy should be based on the above, user interface (CLI vs GUI), plus whatever monitoring features you're interested in. This is important since if one provider goes down and your router routes around this, nobody is likely to notice without an alert.
bbaoIT ConsultantCommented:

is your site hosting any services facing the Internet such as web sever or VPN service? if not, I am wondering if you really need BGP enabled on the internet facing routers or firewalls.
pchettriIT DirectorAuthor Commented:
I do have web server and VPN
In order to what the author need BGP is a big kill. not to mention cost and knowledge for device and configuration is likely to be out of picture.
I am not saying BGP is not an appropriate approach. it is not a best case scenario for someone who is at this point looking for redundant internet.

a single cisco router with 2 Wan connection with route map and IP SLA tracking would do it. again that could be a lot for someone who is not knowledgeable in those areas. that why a Wan device with multiple Wan capabilities with  failover/bonding is a best suited solution.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Also just want to add that I do run multiple webservers long with multiple site to site vpn tunnel and site client vpn services. My wan failover device is set as pass-through. Although my Site to Site VPN is set to use my wan1 and I am running ddns for wan1 and wan2 if my wan1 goes down for more than a day I can have the site to site vpn working on wan2 by just letting my partners know to connect using the wan2 IP. Client to site keeps working as it is configured with DDNS name and not using IP address.

Hope that helps.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.