I am working towards providing inbound failover capability between two separate Internet connections. I have two separate routers (router A and router B), one to each Service Provider (Provider A and Provider B).
I want to provide failover access to my externally accessed servers (WEB, Mail, etc.) through Provider B should my serial link to Provider A fail. My Web and Mail servers are known on the Internet by Provider A's Global IP addresses. Therefore, normally all inbound traffic to these servers will be routed through Provider A.
I am providing outbound failover using HSRP. In this config, all of my outbound traffic is forced through router B (Provider B) as the primary outbound path and uses router A (Provider A) is the secondary outbound path. I am performing outbound NAT on each router using addresses from the respective service provider. I assume, therefore, that if the link to Provider B fails, existing outbound connections will be dropped and users will have to reconnect - no big deal.
To summarize, I am using HSRP (with NAT) to provide outbound failover, and BGP for inbound failover.
I have at least one question:
1. Since I am only providing inbound failover for one Provider's (Provider A) IP address range, do I need to advertise BGP to both service providers? And what network(s) do I advertise to them?
Any other ancillary information that I may be overlooking would be appreciated.
For a quick overview of your options, see the white paper "Multi-Homing -- Connecting to Two ISPs" on my web site. But the bottom line is the most reliable way to provide an IP address serviced by two different ISPs is to use BGP for both inbound and outbound failover. NAT as you currently have it set up will not work for your web and other servers. Fortunately, contrary to popular belief, you do not need a powerful router with lots of memory to be multihomed to the Internet with BGP.
Of course if you really want high availability for your externally accessed servers, there are a lot of other considerations in addition to your T1s to your ISPs. You might find my book interesting reading, although it could cause you to lose sleep at nights as you worry about all the other problems which can knock your site off the Internet... You might also find that by the time you take all the steps required to raise your availability to where you need it, that it is cheaper to outsource your servers to one of the providers who specialize in high availability hosting.
With BGP, you would only advertise one of the two networks, and you would use it for your NAT pool or on your servers. You would advertise the netblock to both providers, and it should be a /24 minimum for global routability. It isn't necessary to get the Netblock from arin, you can use a block from one of your ISPs. I've done several BGP implementations, if you need help, e-mail me off-list. EjayHire@hotmail.com
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...