Tyler Leonard
asked on
Testing Secondary ISP
Hello everyone,
Looking for some possible suggestions and best practices in regards to backup internet. We currently have a primary internet provider and then a secondary provider that takes over should the primary go down. My question is, what is the best possible way to test that the backup internet is working? Without our primary going down, we don't have a good system in place to know that the secondary is working. How frequently should we test the backup internet? What should the procedure look like?
I appreciate all of your guidance and suggestions!
Looking for some possible suggestions and best practices in regards to backup internet. We currently have a primary internet provider and then a secondary provider that takes over should the primary go down. My question is, what is the best possible way to test that the backup internet is working? Without our primary going down, we don't have a good system in place to know that the secondary is working. How frequently should we test the backup internet? What should the procedure look like?
I appreciate all of your guidance and suggestions!
Soulja
Are the two provider connect to one device or more than on device. One way to test is to create a policy route that matches the source of one address, which could be your laptop. Then set the next hop out the secondary ISP.
My Approach
As I run 1000s of sites...
1) At machine level run Ubuntu Bionic (for latest Kernel) + SNAP LXD.
2) Create Bionic LXD containers for single sites or collections of sites.
3) Then clone live containers to backup machine.
4) Run either realtime data replication (database + files) or more commonly, nightly or hourly backups taken off live container + restored into backup container.
Everyone on a project then has the backup container IP.
When live sites die, then anyone with the backup container IP can change DNS to backup container.
In the case of multi-master, realtime replication, any time a live instance dies, the live instance IP is simply removed from round robin DNS.
*Testing*
Very simple in my case.
Periodically, just change the IP from the live IP to backup IP, then reverse the backup procedure, so sites just swap between live/spare status.
As I run 1000s of sites...
1) At machine level run Ubuntu Bionic (for latest Kernel) + SNAP LXD.
2) Create Bionic LXD containers for single sites or collections of sites.
3) Then clone live containers to backup machine.
4) Run either realtime data replication (database + files) or more commonly, nightly or hourly backups taken off live container + restored into backup container.
Everyone on a project then has the backup container IP.
When live sites die, then anyone with the backup container IP can change DNS to backup container.
In the case of multi-master, realtime replication, any time a live instance dies, the live instance IP is simply removed from round robin DNS.
*Testing*
Very simple in my case.
Periodically, just change the IP from the live IP to backup IP, then reverse the backup procedure, so sites just swap between live/spare status.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I just yank out the primary cable (i.e. carefully disconnect) .... Quick, easy, demonstrative.
This also can give you an idea of the switchover time and any applications that can't stand the interruption.
This also can give you an idea of the switchover time and any applications that can't stand the interruption.
ASKER
Hi Kevin,
This is actually what I was thinking, assuming it could be done with our Palo Alto 3020. We have Solarwinds products and can monitor an IP address or something along the way that isn't normally accessed by others (8.8.4.4 is a good example). I just need to figure out if it's easy to map that. I'm also a fan of data, so obviously I like that it's recorded and it can alert us if it's down instead of testing it once a week by statically assigning a laptop an IP address, plugging directly into it, and then checking.
This is actually what I was thinking, assuming it could be done with our Palo Alto 3020. We have Solarwinds products and can monitor an IP address or something along the way that isn't normally accessed by others (8.8.4.4 is a good example). I just need to figure out if it's easy to map that. I'm also a fan of data, so obviously I like that it's recorded and it can alert us if it's down instead of testing it once a week by statically assigning a laptop an IP address, plugging directly into it, and then checking.
It obviously depends on your budget, but you might consider going to the next level and "load-balance" both connections. We have a secondary cable connection as a backup to our fiber, but we make use of both at all times. We pay for both, why let one sit idle? We have an appliance that takes care of it for us. The cost is about equivalent to three months of our annual ISP costs. If you are interested, I can get you the info on the company. Since both are always getting used, there is no need for an idle line test.
I have the choice to do failover or load balancing and I have selected failover.
One reason is that some streams of data aren't amenable to changing ISP feeds in midstream.
So, you go to "binding" some protocols (or whatever) to eliminate the possibility.
This could end up being "one ISP for one set of things and one ISP for another" with no failover - OK so that's an extreme example but I hope it makes the point. Perhaps there is equipment that manages that for you.....
One reason is that some streams of data aren't amenable to changing ISP feeds in midstream.
So, you go to "binding" some protocols (or whatever) to eliminate the possibility.
This could end up being "one ISP for one set of things and one ISP for another" with no failover - OK so that's an extreme example but I hope it makes the point. Perhaps there is equipment that manages that for you.....
You are correct, Fred; as one would expect from a "verified expert" (seriously in need of thumbs up emoji's right now). Some servers are finicky about changing connections during a session, especially secure connections and SIP connections. This appliance is able to handle those issues. Purists would likely want to set up their own router(s), but not everyone will want to do that. I would just say who the company is, but I'm not familiar with the Experts Exchange policy when it comes to naming products.
I believe we are free to make recommendations for specific things. Do it all the time.
ASKER
Thank you all for your insight and assistance!
Hey Tyler. I was able to take a significant amount of time off over Christmas and neglected to get back to you with the equipment model that I use. It is an Ecessa Powerlink.