Fault Tolerance with 2 IPS's?

[StretchedTech]

I have a problem our company has two connections from 2 different ISP's. Our primary connection is a T1 line connected to s0/0 of a 2620 router, and the second connection is a wireless ISP connected to Ethernet1/0.

Here is my problem my boss wants the secondary line to kick in if the primary goes down. BGP is out of the question because we do not have a full class C subnet. We were provided with 15 ip's from each provider and we only have 3 servers that are accesible to the public.

Is there another way I can setup up the router to have the second line kick in and how would the DNS work so our webservers can still be reached from the internet?

Any help would be appreciated and please let me know if you need any more information. Thanks in advance.

 

[baddos]

Yeah... you could setup multiple DNS records for all your webservers, etc. I.E.

http://www.webserver.com

would translate to 1.1.1.1 and 2.2.2.2. Your router that is doing NAT, could do it for both those addresses, etc. It would be best to get a /24 from one of your isps, and run bgp though.

 

[apasuper8]

You probably would want to use NAT since you are dealing with two different lines coming from different CO's. Then if you want to you can load balance between them rather than one laying around as a fail-over. Just a suggestion.

 

[IllegalOperation]

backup interface e1/0


That is the command to use your second ISP as a failover. You can test this out by doing a no shut on s0/0. You can even go as far as configuring how much down time before e1/0 kicks in, and how long it remains up after your primary link comes back. Never tried this feature on an ethernet interface before, but dont see why it wouldnt work...

 

[NetEng631]

I am going to restate my assumptions of your network for clarity. You have one router a 2620 with two Internet connections. The primary on S0/0 and the secondary on e0/1. You have a connection to your LAN on E0/0, or some other interface on the same router. Your doing a static one for one Nat on your webservers.

You have 15 IP address from both providers and three Web Servers. The rest of the addresses your pooling.

Out bound traffic is easy. You can set up a floating static defualt route out. You just add a weight to the end of the static route.

http://www.cisco.com/en/US/tech/tk365/tk80/technologies_tech_note09186a00800ef7b2.shtml

The problem is in-bound traffic. If your link fails how does the internet know how to route the traffic to the secondary addresses. I'm not a DNS guru but you may be able to use a dynamic DNS service. You may be able to set up multiple inbound Nat's to the same webserver. I have never tried it and I'm not sure it can be done. This is the only Idea I have.

As far as I know a /24 does not matter you need portable address space to advertise out multiple paths on the Internet.

 

[StretchedTech]

Thanks for all the help I really appreciate it. Baddos I would like to run BGP but we dont have a need for a whole class C.

NetEng631, You are somewhat correct on the way the network is set up. You are right up untill how we are setup up on the LAN side of things. All this setup for now is done through the primary provider. We have a Sonicwall that has the three web servers and a mial server in the DMZ each with static public addresses and the firewall is doing the natting with another public address for the company. The rest of the addresses we were given are setup through the firewall as one-to-one nat's for the admin machines that need to be on the LAN and accessible through the internet.

Could I do the natting for both address through the router. For example have everyone nat through 216.*.*.226(Primary provider) and if they go down have the router dynamically nat 63.*.*.127(Secondary Provider), and set up the one-to-one nats for the rest of the machines for both providers.

 

[NetEng631]

You can check Cisco's website for NAT but I dont think so.

 

[michaeling]

You probably have this sorted by now but I found that RAD manufacture a box specifically designed to deal with this scenario.