Trying to develop redundant ISPs

[txcio]

I currently have 2 internet connections for my company. A primary and a backup. I have a range of IP's from my primary, but not my secondary.

My website and domain are hosted at a third party ISP. I have an mx record that points to one of the IP's from my primary ISP. This IP happens to be the IP of my firewall. My firewall then forwards that traffic to my internal mail server.

I also have this configuration setup for several other web services. MX record hosted, pointed to IP form my primary company. Firewall forwards traffic on those IP's to internal server.

My issue is this. When my primary ISP is down, I can plug in my backup ISP make the necessary WAN modifications and we are on the net for surfing, etc. But no external email and no other services like VPN, etc.

Is there a way to set things up to where even when I am on my backup ISP everything will work?

Thanks.

 

[ncotton]

create a Gateway server that just links your network to the outside world and contains all these settings. Then create a dual boot, set up all the settings for the secondary isp (not as if it were a backup). Then if you ever need to revert to the backup, reboot the gateway server, boot into the SecondaryBootMode setup. Ahoiy!

Neil J Cotton
njc Information Systems
Systems Consultant

 

[txcio]

Modifying my settings to my backup is not the issue. It takes me about 2 minutes to do this.

The issue is that my domain host is pointing my email to an IP that belongs to ISP#1. If ISP#1 is down, and I am on ISP#2 then we do not have external email.

I was theorizing earlier that I should have my host point my email to an IP that they own. They are one of these big shops that "never" go down. Then on my box at their place forward my email to ISP#1. This way if ISP#1 is down. I can make my changes in my local shop to ISP#2 and then logon to my box at my host and re-point it to ISP#2 and not have to wait for MX records to propogate.

The propogation is the real problem. If I am going to be down for more than a day it makes sense to do it. Propogation takes about 12-18 hours. Most of the time we are only talking a couple of hours so it makes no sense to do it.

Thanks for the reply though. I hope this clears some of it up.

 

[KiscoKid]

You need routable IP address space - called PA space in the ISP world.

Both of these ISP's should then be able to advertise this PA space to the outside world and regardless of which link you are using, there will always be a route to your internal services.

To apply for PA space, it's best to speak to one of your ISPs and request address space. They will likely send you a RIPE form to complete to justify your need for these unique addresses.

 

[txcio]

Great! Thanks. I have a call into my ISP now.

 

[rjs]

For mail, it is easier than that - assuming you have one static IP from your backup ISP. Create a secondary MX record for mail pointing to the the backup ISP IP address. You can have multiple MX records. So:

mail.mycompany.com MX 10
mail2.mycompany.com MX 50

Mail.mycompany.com points to the IP address through your primary ISP. Mail2 points to backup. Mail servers will always try lower #mx's. If they cannot connect, they go to the higher number.

This all assumes that authorative DNS for mycompany.com is hosted outside your LAN.

R.Sobelman

http://www.tracklogins.com