To have more flexibility and availability we planned to get another Internet Link from a different ISP.
My question is : Can I terminate two ISP on the same Internet Router and make it act as failover for all services on primary link.
On Primary Internet Link we run the following services
- End-user Internet Browsing
- SMTP Gateway Relay ( Email Relay Server )
- OWA hosting ( MS Exchange Web Mail )
- Corporate Website
- End-user VPN
I would appreciate kind input with some config input.
The additional information is helpful. If the second ISP will deliver the connection as Ethernet and if your 2821 has an additional Ethernet interface then the physical aspects should work ok. I would think that a 2821 could handle both links, especially as long as they are handled as primary/backup (not trying to load share and use both at same time). And with a second Internet link you should be able to provide failover for user Internet browsing pretty easily.
That was the easy part. The hard part is the other things. The functions of SMTP relay, website hosting, corporate website, and OWA depend on how people from outside get to you. It is easy when you are dealing with a single ISP because they know how to get to your address space. It gets complicated when you deal with a second ISP. To solve the question of how to get to you via second ISP you either need to advertise one provider address space through the other provider or you need some kind of solution that provides both sets of addresses via DNS (and it gets tricky especially if you want to shift DNS when the primary provider is having problems).
I would suggest that it is helpful to think about why organizations bring in a second connection. The obvious answer is that a single connection is a significant single point of failure and the second connection relieves the single point of failure.
so then it is helpful to think about what the failures might be and how that impacts the choice of the second connection. It seems to me that there are two failure modes that you want to protect against:
A) failure of the primary connection
B) failure of the primary connection or failure of the primary provider
I would suggest that A) is unfortunately common while B) is not common.
This leads me to the suggestion that for most small to medium organizations (and I assume that your organization is small or medium sized) you get more effective redundancy if you get a second Internet connection from the same provider than if your second connection is from a second provider.
before attempting to provide a config template there is an important aspect to be clarified:
are you the owners of a public IP address block, or are you using public IP addresses given by ISP1?
Each ISP has its own IP address blocks and ISP2, generally speaking, is not allowed to advertise a prefix that belongs to ISP1.
if this is the case network address translation is part of the solution.
See the following whitepaper for multihoming with NAT
IF you have your own public IP address block and your BGP AS number you qualify for a BGP multihoming solution
Hope to help