From: Church, Chuck (cchurch@wamnetgov.com)
Date: Wed Jan 07 2004 - 11:19:14 GMT-3
Andrew,
I think you can accomplish this with GRE tunnels if the capability to make changes exists at the home office. I think you can do it with just 1 router at his end, but it will probably need 3 interfaces. The idea is to create 2 tunnels between his network and the main headquarters. One tunnel uses his DSL, and the other uses the cable. Enabling tunnel keepalives, and a dynamic routing protocol over the tunnels should do it. I think you'll need to policy route at his end, so that one tunnel's traffic uses one ISP, and the other tunnel uses the other ISP. I don't have the equipment to lab it up, but I don't see why it wouldn't work. But really, since this person is the CEO, why don't he/she just ask the IT Departartment for a fractional T1? Anyway, hope this helps.
Chuck Church
CCIE #8776, MCNE, MCSE
Wam!Net Government Services
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 703-819-3495
cchurch@wamnetgov.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40wamnetgov.com
> -----Original Message-----
> From: Andrew Moriarty [mailto:amgroupstudy@hotmail.com]
> Sent: Wednesday, January 07, 2004 12:53 AM
> To: ccielab@groupstudy.com
> Subject: OT:Fault tolerant CEO's home network setup.
>
>
> Ever have the feeling that you are missing something
> incredibly basic that
> will make you look stupid later? I do right now, and I hope
> someone can
> help.
>
> The scenario: The customers CEO often works from home. He
> accesess company
> servers in california, and he lives in Canada. Because of
> where he lives,
> all he can get at his house is a relatively basic DSL from
> one provider, and
> a basic cable modem setup from another. Both of these are
> "Home user" type
> setups, with addresess assigned by DHCP. The DSL provider is
> frequently down
> for a day or more. Problem is, thats the high speed
> connection! The cable in
> this area is much slower, and not much more reliable. (Don't
> ask me to
> explain why this so- it just is!- and before anyone makes any
> canada jokes,
> yes he can get a canoe at the local supermarket, all the TV
> netoworks carry
> hockey, and yes, there are wild elk running around in the parking lot)
>
> The CEO has a relatively robust home network- a unix based
> firewall, and a
> half dozen computers behind it.
>
> His goal is to have seemless fail-over, for as cheap as
> possilbe. He wants
> to be connected in to a contact management system all day
> long, and not
> worry about which ISP is up or down. In other words, he might
> buy a router
> or two, but he won't upgrade his personal "Home" service to a
> business class
> service. (its not available in that area anyways)
>
> Each ISP provides him with a public IP address. Right now he
> only uses one
> of them, and uses NAT on his unix firewall to provide
> internet access for
> his six machines. He wants to add the second ISP to the
> configuration, to
> povide fault tolerance.
>
> I've suggested buying a router and connecting it to both
> ISP's, and using
> one interface as the primary and one as the backup, with
> static routes and
> NAT.Cheap, simple solution. Problem is, if one ISP fails,
> there goes his
> public address that the NAT is using, and he'll have to log
> out of his
> contact managment software, and restart his session,
> potentially loosing
> data. He does NOT want to do that. Its no good flipping over
> to the second
> ISP/NAT connection, because then his public address will
> change, and his
> session will be invalid and have to start again.
>
> He doesn't have any public ip addresses inside his house,
> can't get any
> either with the services on offer in that area. He's not going to do
> anything complex like run BGP etc. The ISP's won't let him anyways.
>
> I'm not sure I can solve his problem, but I've got a tickle
> in the back of
> my mind about something, thinkingI saw this somewhere before.
> I even got out
> my Halabi and Doyle books and re-read some stuff.
>
> Does anyone have any suggestions on what to do here? Or even
> something to
> research.....
>
> am
>
> _________________________________________________________________
> The new MSN 8: smart spam protection and 2 months FREE*
> http://join.msn.com/?page=features/junkmail
> http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a
%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:37 GMT-3