I should also clarify, if they are from two different providers, there is no way known by me!, to do this. Apparently one can get something like portable ip addresses, read that thread I just sent. However, for most people, bgp is the way to do it. Although, I do know that some telecommunication companies do have multiple providers. I don't know how. However they are usually into oc-12 and oc-48 ranges of bandwidth. Cory On Wed, Aug 15, 2001 at 05:53:22PM -0700, Cory Petkovsek wrote: > First there is the problem of dns. > > If your dns entry only points to one ip, then to switch that can take up to > four days. Effect: no instant fail over. > > If you have two ips in your dns, then you have to consider the possibility > that some users will get one IP address, and some will get the other. This > means some will be coming in from one provider and some from the other. > > Your firewall has a default gateway. The firewall sends packets to a default > gateway when they are destined for an IP address not on a local network. > > Without special stuff, this simply will not work. > > That special stuff may include BGP. > > Here Chris, follow this thread and read some advice from some who have actually > seen more bgp stuff: > > http://www.moongroup.com/archives/mailhelp/2001-03/msg00021.html > > By the way, if a provider is going down once a month, you should look at other > providers. > > Good luck! > > Cory > > On Wed, Aug 15, 2001 at 04:54:10PM -0700, Christopher Maujean wrote: > > 2 different providers. > > > > Theres gotta be some way to do this. I have a couple hundred domains > > the requests will be coming in for. I'm trying to find a way to continue > > to serve pages/mail for these domains, even if provider 1 goes down for ~2 > > hrs (has happened about once a month since I've been here). > > > > > > > > On Wed, Aug 15, 2001 at 04:56:17PM -0700, Cory Petkovsek wrote: > > > On Wed, Aug 15, 2001 at 04:24:39PM -0700, Christopher Maujean wrote: > > > > > > > > I want to rebuild my network to look something like: > > > > > > > > { internet {T1} } +---{ backup (failover) internet {1Mg IDSL} } > > > > | | > > > > { thing.premierelink.com firewall/Primary DNS]---{ internal office net } > > > > | > > > > +---------+ DMZ? > > > > | | > > > > [ Web ] <+ > > > > [ Mail ] > > > > [ Secondary DNS ] > > > > [ Web2 ] > > > > [ Other servers ] > > > > > > > > I have all the hardware I need, > > > > What I am having trouble with is all of the networking stuff. > > > > I have 2 registered subnets for use as well: > > > > 216.36.9.0 on the IDSL > > > > 64.42.86.0 on the T1 > > > > > > > > > > > > I'd like the T1 to handle most requests. > > > > If the T1 is down, I'd like the IDSL to take over. > > > Have you talked with anyone about this? Like your provider? Are the two lines > > > from the same provider? If not, there is no known way to do this. If it's the > > > same provider, they need to support BGP - border gateway protocol. This allows > > > you to receive from one IP address and talk out the other, or vicaversa. This > > > would occur when your default gateway is set to one IP. Talky comes in on the > > > 2nd Ip address, but talky goes out the default gateway, hence the primary Ip > > > address. The result? No communication on the 2nd IP address without bgp. > > > > > > The requests go where, www.premierlink.com? You'll probably want > > > www.premerielink.com to resolve to both ip addresses. Ie > > > $ nslookup google.com > > > Name: google.com > > > Addresses: 216.239.35.100, 216.239.39.100, 216.239.33.100 > > > > > > > > > > > The firewall box is a 700Mhz Athlon with 256 Meg of ram. 10gb disk. > > > > > > > > I have 4 10/100 cards I can use, but I am way over my head on the routing, > > > > firewalling, nat, adn gateway. > > > > > > > > If I put debian on thing, what packages am I going to need, what kernel > > > > should I use, and what are the main config files I'll be playing with? > > > > > > > > Anyone? *eep* > > > Since you seem to not know about ipchains/iptables/others, I'd suggest > > > 2.4.x kernel, iptables > > > Look under the meeting minutes/iptables on euglug.org for a start there. > > > > > > Packages: > > > iptables > > > kernel-source-2.4.5 > > > > > > > > > First make sure to talk with your provider about failover IPs, etc. > > > Cory > > > > > > > > > > > > > > -- > > > > > > > > Christopher Maujean > > > > IT Director > > > > Premierelink Communications > > > > www.premierelink.com > > > > [EMAIL PROTECTED] > > > > > > > > PLEASE encrypt all sensitive information using the following: > > > > GnuPG: 0x5DE74D38 > > > > Fingerprint: 91D4 09FE 18D0 27C1 A857 0E45 F8A4 7858 5DE7 4D38 > > > > > > > > http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x5DE74D38 > > > > > > > > -- > > > > Christopher Maujean > > IT Director > > Premierelink Communications > > www.premierelink.com > > [EMAIL PROTECTED] > > > > PLEASE encrypt all sensitive information using the following: > > GnuPG: 0x5DE74D38 > > Fingerprint: 91D4 09FE 18D0 27C1 A857 0E45 F8A4 7858 5DE7 4D38 > > > > http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x5DE74D38 > > >
