Avatar of pchettri
 asked on

Internet redundancy

How to setup a redundant internet connection in small business data room or data center by hooking two service provider. What are the devices involved to switch over from primary to secondary automatically at the middle of the night. I am planning to create redundancy for at least data connection

Avatar of undefined
Last Comment

8/22/2022 - Mon

per my experience the best way for small business on redundant Internet connection is to use SonicWALL devices.

any SonicWALL device with two WAN interfaces can support that. the switchover can be configured for failover or load balance in order to keep a persistent Internet connection.

see the details below.


Talk about overkill. We have 2 SonicWalls NSA 2600 in fail over connected to a fiber, cable and wireless internet...All active. On top of that 2 dell switches with LAG ports in case one goes down connected to the SWs. Might say we have redundant redundancy??? We are 24 hours but.

If you don't need any firewall features and only failover then I will suggest truffle from mushroomnetworks. Here is the link

There are others too like Fatpipe and meraki , peplink, cradlepoint and some more.
What good about truffle is its not only failing over to wan 2 when wan1 goes down at any point its bonding your download speed from all your Wired Wan connection.

Where Meraki and cradle point they do round robin for wan traffic , truffle uses their hashing algorithm to get the bonded speed. I have seen Peplink doing similar download bonding.

It can also be placed as a pass-through device between your Router and ISP modem and your user wont no any difference.  

Price wise Peplink is cheaper and make sure you do your research . Not all peplink device can be put in as passthrough.

Hope that helps.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck

Perhaps you can explain the "middle of the night" requirement a bit more?

When I've thought about it, other than any needs for binding (some traffic to a particular ISP / port such as a protocol), it seems to make sense to do load balancing.  Otherwise you have to be concerned with switching between WANs which may or may not work as you'd like.  And, otherwise, it's a bit of a waste of available bandwidth to have one WAN port shut off.  But, yes, you may well need to bind protocols such as https or ... whatever.  In that case, failover may be a better choice.  The trade is:
- will binding in load balancing work well for us better?
- will having but one ISP at a time work for us better?

There was cox connection issue and services were out for an hour. No power failure on UPS alert. All due to cox connection issue. I am planning to setup century link as backup but need to find a way to connect to second modem from watchguard firewall for switch-over in case of failure on primary servces

From your watchguard Firewall device the connection will go to your WAN Failover/Bonding device and from your WAN failover/bonding device to 2 of your ISP modems. if you put your Wan failover/Bonding unit in passthrough your Firewall will not know any difference.

Bonding is only for download and you can not failover a HTTPS session. As in any case HTTPS connections are consistent between your WAN1 or WAN2. If during your HTTPS session your wan1 dies I am sure your HTTPS session will break. At least I have seen it on Truffle and Peplink. But your regular HTTP traffic will continue. Once the failover is done you will be back to normal which is pretty quick.

Hope that helps.
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.

Strictly speaking if you want internet redundancy done properly, you either need to register for an Autonomous System number (https://www.arin.net/resources/request/asn.html in North America) or ensure that both providers will allow you to use a private AS number and send you a default route. Default routes use very little memory (as opposed to receiving every specific internet route from multiple providers) and don't require high end network devices, but you do need to check that the router or switch you buy is capable of speaking the BGP routing protocol. By using BGP instead of static routes you get the benefit of automatic failover and load balancing between providers.

The specific router you buy should be based on the above, user interface (CLI vs GUI), plus whatever monitoring features you're interested in. This is important since if one provider goes down and your router routes around this, nobody is likely to notice without an alert.


is your site hosting any services facing the Internet such as web sever or VPN service? if not, I am wondering if you really need BGP enabled on the internet facing routers or firewalls.

I do have web server and VPN
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

Also just want to add that I do run multiple webservers long with multiple site to site vpn tunnel and site client vpn services. My wan failover device is set as pass-through. Although my Site to Site VPN is set to use my wan1 and I am running ddns for wan1 and wan2 if my wan1 goes down for more than a day I can have the site to site vpn working on wan2 by just letting my partners know to connect using the wan2 IP. Client to site keeps working as it is configured with DDNS name and not using IP address.

Hope that helps.