Date: Mon, 30 Sep 2002 13:34:00 -0400 From: "Troy Settle" <troy@psknet.com> To: <freebsd-isp@FreeBSD.ORG> Subject: RE: Multihoming alternatives Message-ID: <000901c268a7$91bec160$2615c518@psknet.com> In-Reply-To: <C0A19920-D492-11D6-A6AC-000A27D85A7E@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG] On Behalf Of Chuck Swiger > Sent: Monday, September 30, 2002 12:36 PM > To: freebsd-isp@FreeBSD.ORG > Subject: Re: Multihoming alternatives > > > On Monday, September 30, 2002, at 11:58 AM, Paul Keith wrote: > > First I would like to apologise if this is not the place for such > > questions. > > I am looking for links/tips/'intel' on building > redundant/multihomed > > network that sits on a /29, (to serve webpages and mail to > its clients on > > different AS's to produce proper redundancy), without > resorting to BGP > > configurations or coloating with a large backbone.Is this possible? > > In which case, your easiest bet is to run two data lines (DS-1's or > whatever) in a redundant topology from one provider. With > Cisco routers, > I believe the term is "DHRP". The obvious problem is that if your > upstream provider goes down, you're out of service. However, you can > survive a failure of either data link or a local router, which covers > several probable failure modes. Are you talking about HSRP (Hot Standby Router Protocol)? Yes, this is a viable solution. Get loops from one provider to 2 separate parts of their network, then use 2 routers on your network with HSRP. Your traffic should be fairly well balanced, and protected against the failure of any one router or loop. While this is ideal, except for the 'single provider' part, it's not the only way to do it. You could just as easily do this with a single, non-redundant, router. > > Multihoming with two different network providers requires you > to either > have a /20 and be globally routable (via ARIN, and yes, > you'll have to do > BGP/EGP peering), or else you'll need to multihome your web server on > seperate IP networks from seperate providers. > Paul, BGP isn't some huge monster that needs to be slain. If you go with 2 separate providers and run BGP, I'm sure that either one of them could provide you with a BGP config that will do what you need. If not, post back here, and I'm sure that someone else on the list could whip up a config in no time flat. Assuming that you already have a T1 from one provider, get a second T1 from another provider, then get a full /24 from one of them, which any Tier-1 provider will do without question when you mention that you intend to run BGP-4 with 2 separate providers. The only thing you need from ARIN, is an ASN, which they will hand over without question once you use 'multihome,' 'bgp,' and 'multiple providers' in the same sentence. > DNS should round-robin the A records if you list several, but > that still > isn't perfect, since dumb clients won't, but it's better than > nothing. > Besides, if you do have a significant outage that will take > at least hours > to fix, you can adjust your DNS to disable the downed IP. There's been a number of discussions on this topic before, and I believe that the general concensus is that using a DNS round-robin is not even close to an ideal redundancy solution and should be avoided at all cost. There are ways to do this with a /29 from each provider and running 2 identical networks side-by-side, save for the IP addresses used. In this scenerio, DNS1 would only return addresses on it's own network, and DNS2 would do the same thing, with neither returning IP addresses on the other network. The only thing to consider here, is your routing setup, it could get quite ugly quite fast. > > > How will this DNS server run in a multihomed enviroment? Is > it possible > > to load balance across 2 or 3 DNS servers or am I being silly? > > Of course it's possible to load balance between multiple DNS > servers; just > list multiple NS records for the zone. While it's okay to > run DNS on a > multihomed box, you should not assume that a single machine with 2 > interfaces is redundant. You should use several DNS servers, > some offsite > or located with someone else's ISP. > The key is to consider your points of failure. Without drilling all the way down, here's a summary: 1. The web server itself 2. The DNS server 3. Your ethernet switch 4. Your router 5. The loop connecting you to your upstream 6. Your upstream provider's router 7. Your upstream provider's network Solution: 7. Get a secondary provider 6a. Get a secondary connection to your provider 6b. Get a secondary provider 5. See #6. 4a. HSRP with links to 2 points on 1 provider's network 4b. HSRP with links to 2 separate providers (requires eBGP and iBGP) 3. Deploy a redundant mesh topology between all nodes on your network 2. Run multiple DNS servers, each in a different location on a different network 1. Exercise for the reader :) The bottom line is that building a truly redundant network is very expensive and lots of fun. At a minimum, I recommend that you run BGP with 2 separate providers, as this puts all your single points of failure within arm's reach. Your total cost of connectivity should be less than $2000/month in the US unless you use frame relay and small PVCs, which can bring the cost down quite a bit. -- Troy Settle Pulaski Networks 540.994.4254 - 866.477.5638 http://www.psknet.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000901c268a7$91bec160$2615c518>