Providing Network Redundancy: How to Switch from Default ISP to a Backup ISP Without Downtime
Here's the situation. This small company I work with wants to have redundant Internet access. They run a lot of services from their office - a website, a POP + SMTP server, and use a VPN to access network resources from home. They have 2 independent internet connections from 2 ISPs (one is the local cable service provider and the other is DSL). If their default connection goes down, they switch to backup.
Unfortunately, they are set up right now, they have to change their DNS records every time this happens, which means that each switch results in a better one with a few hours of downtime. They want to be completely redundant and be able to switch between networks without downtime. How can I do that?
Can I set up a server in a remote datacenter, point DNS on it, and redirect network traffic to the correct IP address?
If it was just a web app I would set up a base server and use 301 redirects or something. I don't care if they have to switch manually every time because they have a dedicated IT professional or two people who can do it. But they also need POP, SMTP and VPN redirection.
So, it almost looks like load balancing, but it really is. Are there existing solutions that provide this functionality? How could you provide ISP redundancy?
source to share
The last time I did this I had my ASN and spoke BGP to both ISPs announcing my own / 24 (which you can get from your ISP, or maybe ARIN). You could go down this route, but it was a small setup. And the occasional cable / DSL ISP probably won't install this with you. This makes eliminating all points of failure and completely switching transparent.
You can also omit the TTL in DNS records to 5 minutes or so. This will not be an instant switch, but 5 minutes can be fast enough.
Otherwise, you can certainly use a remote server in colo, but then of course this becomes the only point of failure. You have a couple of choices about how to redirect traffic:
- GRE / etc .. tunnel: you run two tunnels from the colo field, one for each connection in your office. Tunnels all relevant traffic in both directions and you terminate multiple IP addresses from a spike in your office. Then you can start a routing protocol (even something simple like RIP) to make it automatically fail or even use both ISPs at the same time for extra bandwidth. It is fairly easy to implement in Linux boxes or Cisco routers. I guess juniper can, but I've never used them. Fault tolerance is transparent (for example, does not interrupt VPN connections). Beware of MTU issues. Unless your office connections do the opposite (or might make an exception for you), you don't need to tunnel outbound traffic back to the ear.
- NAT. It may or may not work with whatever protocols you use, but you can configure 1: 1 static NAT in color to redirect traffic. Easy to do for common TCP protocols and possibly your VPN. doable on almost anything. Fault tolerance is not transparent; existing connections will be disconnected. You can also use both connections for additional bandwidth for each connection. The traffic must be tunneled back to the colo.
- The obvious third answer is: move the services to the ear. Has the advantage of protecting against power outages.
source to share
I think DynDns Custom DNS Service can help in your situation - your domain name's IP address can be updated dynamically (many routers have built-in support).
Updated: To reduce downtime, you can create a simple script that links the primary ISP from time to time, and in case of failure, updates the DynDNS to the secondary (and back).
source to share
It's a little late, but the answer is round robin DNS. Configure your web server (www.example.com) with two ip addresses, 1.1.1.1 and 2.2.2.2. When people try to visit www.example.com, the browser automatically tries at random and switches to the other if the first one doesn't respond, then caches the result until the browser closes or the connection ends again. No downtime required, and only an instant message on the first connection if it picks the wrong ip address first.
In fact, you can even have a web server running on both IP addresses at the same time; this is called "super-simple load balancing".
source to share