From: Sam Munzani (sam@munzani.com)
Date: Thu May 27 2004 - 16:58:48 GMT-3
Lupi,
This is a good concept if you would have access to ISP routers or ISP would
make config change to your needs. In my case ISP does not want to make any
changes to config since they want it standard across the board(Managed
service internet circuit where they own router).
Thanks for the interesting solution,
Sam
> The first thing that I would say is that inbound mail could be made to
> failover automatically with no modification to the process, simply add a
> secondary MX record for the domain(s) with the IP address on the DSL line
> that NATs to the internal IP of the mail server. When organizations get
the
> MX information for the domain they will try the mail server IP on the T1
> line first, when they can't connect to that they will try the secondary
> record which points to an IP on the DSL line.
>
> This could be made automatic by interconnecting the routers that interface
> with ISP 1 and ISP 2, on the ISP1 router create a second default route
that
> points to the DSL router over the dedicated link and make it so that the
DSL
> router NATs on that interface ONLY from the public IP(s) that the PIX-515
> puts forward to the public IPs that are used over the DSL line.
>
> So in this scenario the T1 goes down, the ISP1 router loses it's default
> route and backs off to the secondary default route. It sends the traffic
> from the PIX-515 to the DSL router, which NATs from those public IPs to
the
> public Ips valid for use on the DSL line, when the traffic returns the
> process is simply reversed. Incoming mail traffic would be routed over
the
> DSL line via the PIX-506 to the mail server. This won't work for a hosted
> website or Citrix server, but mail and Internet browsing would still be
good
> to go. When the T1 line comes back up everything goes back to normal.
>
>
> ---------Internet----------
> | |
> ISP1(T1)---------------ISP2(DSL)
> | |
> PIX-515 PIX-506
> | |
> ----- Router(R1) -------
> |
> Switch
>
> -----Original Message-----
> From: Sam Munzani [mailto:sam@munzani.com]
> Sent: Thursday, May 27, 2004 12:21 PM
> To: ccielab@groupstudy.com
> Subject: Network design case study
>
>
> Hi,
>
> A friend of mine stumped me on using DSL backup for their Internet T1
line.
> Below is how they are setup.
>
> ---------Internet----------
> | |
> ISP1(T1) ISP2(DSL)
> | |
> PIX-515 PIX-506
> | |
> ----- Router(R1) -------
> |
> Switch
>
> All users are connected to internal switch. ISP devices are part of their
> managed service so customer does not have access to it. CPE starts at PIX
> firewalls. They way it's done now is everybody's GW is router's ethernet
> interface. Router has default route pointing to PIX-515. In case of T1
> failure, manually change that default route to point to PIX-506. Both
> firewalls has necessary NATs, rules defined properly so they start using
DSL
> for internet. They don't have deep pocket for BGP so inbound mail traffic
> will not work until T1 is restored and they are OK with it.
>
> Is there any way to make the failover automatic? Since there is no dynamic
> routing between ISP routers and R1, how would R1 know about line failure?
>
> Any ideas will be greatly appreciated.
>
> Sam Munzani
> CCIE # 6479(R&S, Security)
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Jun 02 2004 - 11:12:18 GMT-3