Re: Name Resolution across two ISP's

Kevin Melton · ‎09-09-2006

In an effort to provide load balancing and redundancy for DMZ applications, I recently assisted a customer bring in a 2nd ISP to their network for Multihoming.

Each provider has allocated a Class C /24 for the customer.

The network is basically now configured as follows: each ISP connection hits an Edge Router which has a Outside Perimeter Firewall behind it. These OP firewalls then hand off via inside interface to the DMZ.

Right now I have a translation for the company Mail Server in the 1st ISP's Class C block. Also a RDNS and MX record.

I am not sure how I can also have the same MX and RDNS record in the 2nd ISP's Class C Space for the same Mail Server. I think I need this for the redundancy scenario, I am simply not certain exactly what to do.

I have filed for an AS from ARIN so that BGP sessions can be set up between the ISP routers and ours...I still have to figure out this duplicate translation issue....

ths as always

Edison Ortiz · ‎09-10-2006

With a BGP implementation between ISPs, you will use only one Class C address. Both ISPs will advertise your network for failover and redundancy. That's the reason BGP is the recommended solution for multiple ISPs connection.

---

Please rate helpful posts.

Thanks

mchoo2005 · ‎09-11-2006

Hmmm... you have a tricky situation. Even if you obtained a BGP AS from ARIN, your ISPs may not be willing to peel off one of their C-classes from their summary.

Let's say one of your ISPs, say ISP-A, agrees to peel the C-class they gave you from their summary. In this scenario, redundancy won't be an issue. You won't have to create duplicate MX/RDNS records. In fact, you don't even have to use the C-class assigned to you by ISP-B. All you need is to configure your BGP routers to "dual-home" to two different ISP's. All done, as far as network redundancy goes.

I'm not sure how comfortable you are with BGP, but if you're still a little unsure, I'd recommend reading up on BGP. My personal preference as far as BGP book goes is still Internet Routing Architecture by Sam Halabi.

HTH.

mheusinger · ‎09-12-2006

Hi,

the cleanest solution would be your own AS and your own IP address block (presumably /24). When you continue to use provider assigned IP addresses BOTH provider have to agree to announce the same /24 belonging to ISP A, which is not impossible, but unlikely. If only ISP B will announce the /24 it will get all the traffic because of longest match.

With your own IP address block you can doo whatever you want, i.e. announce it to both ISPs and no issues should arise.

The second approach would be to have two DNS entries - one IP from each provider - for your mail server. This might still give you connectivity issues when a line fails.

Regards, Martin

Kevin Melton · ‎09-13-2006

I had considered your answer in the past, but I was thinking that for folks trying to send mail in, that it would cause conflicts for resolution for them due to getting back to records for the same host...??

mchoo2005 · ‎09-13-2006

What conflict? You can have multiple DNS entries with different hostnames/domain names/IP addresses. More often than not, the DNS will simply hand out each entry in round-robin fashion. If you only have a single mail server in the internal network, with multiple external MX records, it doesn't matter if your external client/supplier/business partner uses one MX record or the other, their email will still end up in your email server anyway. Now, if you have multiple email servers associated to different MX records, then it's a different story, but still no big deal.

jackyoung · ‎09-13-2006

Due to you are using the pulic IP address, no matter the traffic come from which ISP, it will go to your host (or via firewall / NAT). It depends on the remote host close to which ISP, and select which path to arrive your host.