Lloyd,
The problem as I've always understood it is that the only really generalized
way to do this for inbound connections is to play with DNS, or use true
multihoming which requires a pretty hefty gateway that can handle BGP
routing protocol and two or more links that understand BGP, not to mention a
range of Internet routable addresses (at least a /24 block).
The DNS approach plays games with the validity period of a DNS reply -
someone does a DNS lookup to resolve a FQDN back to an IP address, but it is
only valid for minutes instead of hours like the usual defaults. When the
DNS server is queried, it hands out an address which takes into account load
on the various links as well as whether they are up or not. Since the
answers are only valid for a short period of time, the answer can be changed
quickly to take into account link failures or load.
The last time I did this was with the Radware LinkProof gear - admittedly an
eon ago as far as this kind of gear goes - but the entry level gear was
several thousand dollars and went up from there. Prices may well have
changed.
The way large organizations do it is with BGP - you have links from two or
more upstream providers who use the BGP routing protocol to receive a
routing table from each provider, and by which you advertise your address
range back out to the Internet as a whole. BGP will accommodate link
failures as well as the topology of interconnects with upper tier providers.
You would always be connecting to the same IP address, but how you get there
will change depending on the state of the Internet between points A and B.
What Dave and Chuck are describing is what can be done with lower cost
services where the ISP is assigning a small block or even a single address
out of their own larger address block. There are some compromises with
this, but is pretty much the only choice that I know of for more cost
sensitive applications.
Where the need is for originating outbound connections, pfsense and OS's
like OpenBSD and FreeBSD (which pfsense uses) support multiple links.
Hardware solutions also exist - dual (or more) WAN routers from Xincom,
Netgear, Cisco Small Business (formerly Linksys Business Series) among
others but I don't think I know enough about them to make a particular
suggestion. Xincom does have a product which suggests it has the Inbound
DNS load balancing - like the LinkProof. - but for less than $1000.
Regards,
Doug.
----- Original Message -----
From: "Chuck Mariotti" <[email protected]>
To: "Aloysius Thevarajah Lloyd" <[email protected]>;
<[email protected]>
Sent: Friday, March 27, 2009 4:48 PM
Subject: RE: [on-asterisk] Dual Wan and Load Balancing
I have setup a pfSense box with three NICs... LAN, WAN, WAN2...
pfSense can monitor each WAN and loadbalance across them. If one fails, it
can use the other... when the failed comes out of failed state, it can load
balance them again. I have this setup with a T1 (Static) and Rogers Internet
Unplugged (DHCP)... I have only had it working for a week, so I don't have
any reports on issues...
As Doug said, if it's strictly outbound that is needed to be failover, this
is fairly easy. However, if you need inbound I think it's fairly tough to
remap external IPs to different ISPs.
Regards,
Chuck
-----Original Message-----
From: Aloysius Thevarajah Lloyd [mailto:[email protected]]
Sent: Friday, March 27, 2009 4:03 PM
To: [email protected]
Subject: [on-asterisk] Dual Wan and Load Balancing
Hi Everyone,
How to build a reliable Dual Wan & load balancing in the Following Scenarios
*Scenario-1*
ISP1 - DSL with Static IP
ISP2 - Broadband DHCP
*Scneraio-2*
ISP1 - DSL with Static IP
ISP2 - DSL with Static IP
*Scenario-3*
ISP1 - Broadband DHCP
ISP2 - Broadband DHCP
Does any one have any recommendation Hardware ( Not Expensive) or Software(
I prefer) ?
Thank you
Lloyd
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
