Failover router?
November 9, 2006 7:02 PM Subscribe
I'm in a situation where I need to, for logistical reasons, make a quick decision and acquisition of a dual WAN failover router...and I know precious little about them. There's
I have a client who is having trouble running his business from his basement due to downtime/packet losses from Comcast. He's charged me with coming up, within 24 hours, a solution. He's ordered a DSL line, to go alongside his cable line. My job is going to be to find a router that will keep him up as lose to 100 percent of the time as is humanly possible.
I've googled and only found two obvious candidates, a Xincom unit that's fairly pricey and a unit called the RedBrick. Both seem to have detractors in the reviews department. What I'm hoping for here is to find a unit that can be delivered quickly, set up relatively easily, and will work with both a cablemodem and DSL.
The client's requirements are fairly basic, he needs NAT for his local network, port forwarding, and not much past that. The ability to do a VPN would be nice, just in case, although he does not currently do that now.
I'm sure that there's someone out there who's done this; I haven't and need to get up to speed instantly.
I have a client who is having trouble running his business from his basement due to downtime/packet losses from Comcast. He's charged me with coming up, within 24 hours, a solution. He's ordered a DSL line, to go alongside his cable line. My job is going to be to find a router that will keep him up as lose to 100 percent of the time as is humanly possible.
I've googled and only found two obvious candidates, a Xincom unit that's fairly pricey and a unit called the RedBrick. Both seem to have detractors in the reviews department. What I'm hoping for here is to find a unit that can be delivered quickly, set up relatively easily, and will work with both a cablemodem and DSL.
The client's requirements are fairly basic, he needs NAT for his local network, port forwarding, and not much past that. The ability to do a VPN would be nice, just in case, although he does not currently do that now.
I'm sure that there's someone out there who's done this; I haven't and need to get up to speed instantly.
Best answer: One of my workplaces uses a Linksys RV082 for internet access. It does dual-wan (either in load-balance or in primary/secondary modes), VPN, NAT, etc.
We have about 200 machines behind it, and it deals well with one of the WAN connections not working.
posted by MiG at 8:12 PM on November 9, 2006
We have about 200 machines behind it, and it deals well with one of the WAN connections not working.
posted by MiG at 8:12 PM on November 9, 2006
The principal issue may not be dual WAN capability for your client, it may be getting the Internet to deliver traffic to his LAN through either of his seperate WAN connnections. I say this because you've specified that the router do "port forwarding" indicating that he's running servers from his basement. If he is not running servers, he may not need the mechanism I'm about to describe to accomplish his desire for improved uptime, since no external systems need to know machines on his network can be reached by multiple static routes, but there would be little reason for him to require "port forwarding" then either.
To tell the Internet that his servers are available by two different paths, he needs to be able to set up multi-homing and BGP routing with both his service providers, so that, in the event either of his links goes down, the upstream routers in the Internet know how to deal with the situation, and begin seamlessly routing traffic to his servers without the need for DNS updates to propogate around the world (a process that can take from 24 hours to a week). So, if he's running servers from his basement, and is doing this for reliability, he needs, at a minimum, a router that can do BGP, an Autonomous System number from ARIN, and be multi-homed (have working multiple ISP services). Once you have all that, you contact the appropriate backbone provider(s), and tell them how to advertise your routes and AS number. If you have multiple MX records or other redundant DNS entries which provide failover services, you may need to tune these for your new BGP routes. After that, should either line go down, you should immediately begin getting all your traffic on the alternate feed.
But frankly, for the cost and hassle of doing BGP, he might rather want to set up co-location at a good datacenter.
posted by paulsc at 9:28 PM on November 9, 2006
To tell the Internet that his servers are available by two different paths, he needs to be able to set up multi-homing and BGP routing with both his service providers, so that, in the event either of his links goes down, the upstream routers in the Internet know how to deal with the situation, and begin seamlessly routing traffic to his servers without the need for DNS updates to propogate around the world (a process that can take from 24 hours to a week). So, if he's running servers from his basement, and is doing this for reliability, he needs, at a minimum, a router that can do BGP, an Autonomous System number from ARIN, and be multi-homed (have working multiple ISP services). Once you have all that, you contact the appropriate backbone provider(s), and tell them how to advertise your routes and AS number. If you have multiple MX records or other redundant DNS entries which provide failover services, you may need to tune these for your new BGP routes. After that, should either line go down, you should immediately begin getting all your traffic on the alternate feed.
But frankly, for the cost and hassle of doing BGP, he might rather want to set up co-location at a good datacenter.
posted by paulsc at 9:28 PM on November 9, 2006
Let me second that. If what you're trying to do is transparent failover from one circuit to the other, without losing connections, this is quite complex and VERY expensive. Further, you have to have both your providers on board, because they both have to advertise exactly the same net range as being reachable through their systems. Almost nobody will do that for you unless you are on a T3 or higher. There's NO WAY you're going to get providers to do that for a residential DSL line. Not. Going. To. Happen. You might as well ask for a personal shuttle ride and an aircraft carrier of your very own.
If he just wants to be able to keep surfing the web without much pain, and he doesn't mind losing the downloads/connections he had open, it's not that hard to configure a failover. You basically do NAT, and when one link fails, you switch to the other connection and do NAT through that one instead. You're using one of the two links as a warm standby. I normally do stuff like that through a small Linux box, and build scripts to flip between the two links. You'd use a machine with with three network ports. Plug the cable and DSL modems into one each, and put the internal network on the third. Write scripts that bring up and take down one interface or the other, set the default route to the correct provider, set the default nameservers to the correct provider, and set up NAT. You can probably use the distro's utilities to write the original scripts for one provider, and then modify them for the other.
When he wants to switch circuits, just have him log into the box and type 'dsl' or 'cable'. If he was down, he should be instantly back up... but any connections he had running will have to be re-established.
This is NOT a good solution if he wants to run servers. For that, you need the super-complex BGP setup. It's much cheaper and much easier to just colocate the host somewhere. Or get a T1 or T3 to the house. Those circuits have incredible uptime... they'll almost NEVER go down.
If he just wants something cheap that doesn't fail often, DSL from Speakeasy tends to be highly reliable in my experience. They're not the cheapest, but they are one of the very best. Speakeasy DSL, assuming the local telco hardware is good, will almost never go down.
posted by Malor at 10:58 PM on November 9, 2006
If he just wants to be able to keep surfing the web without much pain, and he doesn't mind losing the downloads/connections he had open, it's not that hard to configure a failover. You basically do NAT, and when one link fails, you switch to the other connection and do NAT through that one instead. You're using one of the two links as a warm standby. I normally do stuff like that through a small Linux box, and build scripts to flip between the two links. You'd use a machine with with three network ports. Plug the cable and DSL modems into one each, and put the internal network on the third. Write scripts that bring up and take down one interface or the other, set the default route to the correct provider, set the default nameservers to the correct provider, and set up NAT. You can probably use the distro's utilities to write the original scripts for one provider, and then modify them for the other.
When he wants to switch circuits, just have him log into the box and type 'dsl' or 'cable'. If he was down, he should be instantly back up... but any connections he had running will have to be re-established.
This is NOT a good solution if he wants to run servers. For that, you need the super-complex BGP setup. It's much cheaper and much easier to just colocate the host somewhere. Or get a T1 or T3 to the house. Those circuits have incredible uptime... they'll almost NEVER go down.
If he just wants something cheap that doesn't fail often, DSL from Speakeasy tends to be highly reliable in my experience. They're not the cheapest, but they are one of the very best. Speakeasy DSL, assuming the local telco hardware is good, will almost never go down.
posted by Malor at 10:58 PM on November 9, 2006
Bleh, it's late, and I'm repeating myself a bit. I should say... Speakeasy is very reliable, but you can expect a little bit of downtime once in awhile... when I was in their service area, I think I had either two or three outages in two years, one of which was planned.
T1s and T3s, on the other hand, will often run happily for years at a time without outages.
posted by Malor at 11:01 PM on November 9, 2006
T1s and T3s, on the other hand, will often run happily for years at a time without outages.
posted by Malor at 11:01 PM on November 9, 2006
Response by poster: Well, he's not running servers at his home- I just need to get onto his boxen from time to time with PC Anywhere for maintenance. That's what I need the port forwarding for.
posted by pjern at 2:34 AM on November 10, 2006
posted by pjern at 2:34 AM on November 10, 2006
If you want to do this without BGP, check out either Fatpipe WARP or Peplink.
The Peplink device is much, much less expensive.
posted by crazyray at 11:51 PM on November 11, 2006
The Peplink device is much, much less expensive.
posted by crazyray at 11:51 PM on November 11, 2006
This thread is closed to new comments.
posted by TheNewWazoo at 8:10 PM on November 9, 2006