1. Home
  2. Cisco Systems
  3. ISP Multihoming Using NAT

ISP Multihoming Using NAT

Hi All

I want to multihome to 2 different ISPs, I do not have the justification nor want to support the complexity of obtaining a public AS and IP range BGP etc and therfore want to do this using NAT. I want to utilise both of these links in a load balancing scenario and also for my solution to be fully redundant if one link should fail. I am comfortable with the outgoing traffic by using 2 HSRP groups to acheive load balancing and redundancy and am also happy to direct incoming mail traffic down one link and set a secondary MX record to point to the public range assigned to the second link. The concept that I am struggling with is succesfully directing traffic to my web server down a particular link and to have that incoming traffic fail over to the other link, remembering that both links will have public addresses from different ranges. I could do this with round robin DNS load sharing however this does have some drawbacks, the main one of concern is that it will blackhole a portion of the traffic in the event of a link failure.

Is there a way that I can acheive this domain name redundancy without having to implement the full blown BGP solution?

Have read through the relevant chapter of Jeff Doyle Routing TCP/IP vol 2 but found nothing on the domain name issue

Cheers Danny

Reply to
Noddy
Loading thread data ...

I think there's an example of this in Vincent Jones's High-Availability Networking with Cisco book.

Reply to
Barry Margolin

It's in Chapter 8... "Configuration Example: Using NAT for an Alternate ISP Path" starting on page 436. The configuration listing is on my web site, but for the description of how it works (and how it doesn't work) you'll have to get the book.

Good luck and have fun!

Reply to
Vincent C Jones

Thanks for this Vincent

I have ordered the book today. BTW it's currently out of print, I need to get a 2nd hand copy from Amazon. Does this specifically cover the return path domain name issue that I raised?

Cheers Dan

Reply to
Noddy

There is no real solution to the domain name issue, so my book only addresses it to the extent of pointing out that the common hacks of setting a short DNS lifetime and/or returning multiple records are both prone to failure in the real world and are only reliable in environments where you have end-to-end control. In the case of a public web server, you don't have end-to-end control, so your choices come down to: (1) do BGP, (2) outsource your web server to a provider which does BGP, or (3) live with some users being nailed whenever you have a problem (which, by Murphy's law, will typically be a critical user at the most inconvenient time).

It always amazes me how many people find an excuse to do (1) when doing (2) would be both cheaper and more available. Keep in mind that no matter what you do, you will always have some down time for some users, all you can adjust is how many users, for how long, and how often, and, of course, how much you spend. Also keep in mind that adding redundancy always costs money, but does not always improve availability and can even degrade availability if not properly implemented.

Good luck and have fun!

Reply to
Vincent C Jones

I have found a box from Radware called linkproof that appears to address these issues, has anybody had any experience with these, do they work well?

formatting link

Reply to
Noddy

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.