From: asadovnikov (asadovnikov@comcast.net)
Date: Wed Jan 14 2004 - 02:42:02 GMT-3
Andrew,
The answer depends on your application requirements...
If the application requires continues connectivity, but can deal with
changing of IP address (i.e. usual WEB browsing) then all you need is a box
which provides redundant NAT availability such as
http://www.radware.com/content/products/lpb/default.asp (you can get similar
functionality at about half the price). All this products work similarly,
they can NAT into either provider IP space, but then they check each link
for health (not just link light) and choose one of 2 spaces, even
loadbalancing is supported. Obviously no protection against box itself
failing but this is not what you looking for, right?
If application requires persistent IP then setup is a little more difficult
but not impossible. Usually it is achieved with BGP, but it is not an
option. What you can do though:
* you need a secondary site (such as your home office) where you have
highly reliable Internet connectivity
* then you put one of the loadbalancers at your reliable site and
another at your CEO home office
* then you run VPN tunnel between 2 boxes, the boxes will be able
to make the tunnel available as long as at least one path exists
* then you tunnel all IP traffic via VPN to your reliable site and
send it to Internet from there
This way high availability from CEO home office is only provided to reliable
site, but from there it is much easier to send it reliably to Internet
keeping same IP. Packets will make 2 Internet trips one to your reliable
site and another to the ultimate destination.
Best regards,
Alexei
P.S. Cisco does not have an easy solution for ether of 2 options, you get
to go third party but the technology was around for a while and works well.
-----Original Message-----
>From: "Andrew Moriarty" <amgroupstudy@hotmail.com>
>Reply-To: "Andrew Moriarty" <amgroupstudy@hotmail.com>
>To: ccielab@groupstudy.com
>Subject: OT:Fault tolerant CEO's home network setup.
>Date: Wed, 07 Jan 2004 00:53:20 -0500
>
>Ever have the feeling that you are missing something incredibly basic
>that
>will make you look stupid later? I do right now, and I hope someone can
>help.
>
>The scenario: The customers CEO often works from home. He accesess
>company
>servers in california, and he lives in Canada. Because of where he lives,
>all he can get at his house is a relatively basic DSL from one provider,
>and a basic cable modem setup from another. Both of these are "Home user"
>type setups, with addresess assigned by DHCP. The DSL provider is
>frequently down for a day or more. Problem is, thats the high speed
>connection! The cable in this area is much slower, and not much more
>reliable. (Don't ask me to explain why this so- it just is!- and before
>anyone makes any canada jokes, yes he can get a canoe at the local
>supermarket, all the TV netoworks carry hockey, and yes, there are wild elk
>running around in the parking lot)
>
>The CEO has a relatively robust home network- a unix based firewall,
>and a
>half dozen computers behind it.
>
>His goal is to have seemless fail-over, for as cheap as possilbe. He
>wants
>to be connected in to a contact management system all day long, and not
>worry about which ISP is up or down. In other words, he might buy a router
>or two, but he won't upgrade his personal "Home" service to a business
>class service. (its not available in that area anyways)
>
>Each ISP provides him with a public IP address. Right now he only uses
>one
>of them, and uses NAT on his unix firewall to provide internet access for
>his six machines. He wants to add the second ISP to the configuration, to
>povide fault tolerance.
>
>I've suggested buying a router and connecting it to both ISP's, and
>using
>one interface as the primary and one as the backup, with static routes and
>NAT.Cheap, simple solution. Problem is, if one ISP fails, there goes his
>public address that the NAT is using, and he'll have to log out of his
>contact managment software, and restart his session, potentially loosing
>data. He does NOT want to do that. Its no good flipping over to the second
>ISP/NAT connection, because then his public address will change, and his
>session will be invalid and have to start again.
>
>He doesn't have any public ip addresses inside his house, can't get any
>either with the services on offer in that area. He's not going to do
>anything complex like run BGP etc. The ISP's won't let him anyways.
>
>I'm not sure I can solve his problem, but I've got a tickle in the back
>of
>my mind about something, thinkingI saw this somewhere before. I even got
>out my Halabi and Doyle books and re-read some stuff.
>
>Does anyone have any suggestions on what to do here? Or even something
>to
>research.....
>
>am
>
>_________________________________________________________________
>The new MSN 8: smart spam protection and 2 months FREE*
>http://join.msn.com/?page=features/junkmail
>http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.ms
n.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:44 GMT-3