[169558] in North American Network Operators' Group
Re: ISP inbound failover without BGP
daemon@ATHENA.MIT.EDU (Eric A Louie)
Mon Mar 3 23:03:07 2014
Date: Mon, 3 Mar 2014 20:02:41 -0800 (PST)
From: Eric A Louie <elouie@yahoo.com>
To: Ray <sixsigma44@hotmail.com>, Matthew Crocker <matthew@corp.crocker.com>
In-Reply-To: <BLU179-W818D2DBB2C6E4ACFD5FE73DC8E0@phx.gbl>
Cc: NANOG <nanog@nanog.org>
Reply-To: Eric A Louie <elouie@yahoo.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
That's a good point Ray - thank you.=0A=0A=0A=0A=0A>_______________________=
_________=0A> From: Ray <sixsigma44@hotmail.com>=0A>To: Matthew Crocker <ma=
tthew@corp.crocker.com>; Eric A Louie <elouie@yahoo.com> =0A>Cc: NANOG <nan=
og@nanog.org> =0A>Sent: Monday, March 3, 2014 6:31 PM=0A>Subject: RE: ISP i=
nbound failover without BGP=0A> =0A>=0A>=0A> =0A>Depending on their busines=
s, using dynamic DNS providers could be a really bad idea. If they deal onl=
y with home users who won't even know, it'll probably work. If their custom=
ers are security-aware businesses, they probably block all sites hosted wit=
h dynamic DNS systems.=0A>=0A>Ray=0A>=0A>=0A>> Subject: Re: ISP inbound fai=
lover without BGP=0A>> From: matthew@corp.crocker.com=0A>> Date: Mon, 3 Mar=
2014 20:50:26 -0500=0A>> To: elouie@yahoo.com=0A>> CC: nanog@nanog.org=0A>=
> =0A>> =0A>> =0A>> Depends on the application, =0A>> =0A>> SIP, VPN, SMTP,=
etc just setup both IPs and let the end-user application figure it out (SI=
P-UA register to both IPs for example)=0A>> =0A>> HTTP/HTTPS setup a proxy =
server in a colo that is multi-homed to frontend the requests. Then it can =
load balance traffic over both IPs.=0A>> =0A>> DNS TTL =E2=80=98tricks=E2=
=80=99 are just that, they work =E2=80=98kinda=E2=80=99=0A>> =0A>> Fatpipe?=
Crazy expensive IMHO but I hear they work ok.=0A>> =0A>> -Matt=0A>> =0A>=
> --=0A>> Matthew S. Crocker=0A>> President=0A>> Crocker Communications, In=
c.=0A>> PO BOX 710=0A>> Greenfield, MA 01302-0710=0A>> =0A>> E: matthew@cro=
cker.com=0A>> P: (413) 746-2760=0A>> F: (413) 746-3704=0A>> W: http://www.c=
rocker.com=0A>> =0A>> =0A>> =0A>> On Mar 3, 2014, at 8:11 PM, Eric A Louie =
<elouie@yahoo.com> wrote:=0A>> =0A>> > This may sound like dumb question, b=
ut... I'm used to asking those.=0A>> > =0A>> > Here's the scenario=0A>> > =
=0A>> > Another ISP, say AT&T, is the primary ISP for a customer.=0A>> > =
=0A>> > Customer has publicly accessible servers in their office, using the=
AT&T address space.=0A>> > =0A>> > I am the customer's secondary ISP.=0A>>=
> =0A>> > Now, if AT&T link fails, I can provide the customer outbound Int=
ernet access fairly easily. So they can surf and get to the Internet.=0A>>=
> =0A>> > What about the publicly accessible servers that have AT&T addres=
ses, though?=0A>> > =0A>> > One thought I had was having them use Dynamic D=
NS service. =0A>> > =0A>> > Are there any other solutions, short of using B=
GP multihoming and having them try to get their own ASN and IPv4 /24 block?=
=0A>> > =0A>> > =0A>> > It looks like a few router manufacturers have devic=
es that might work, but it looks like a short DNS TTL (or Dynamic DNS) need=
s to be set so when the primary ISP fails, the secondary ISP address is adv=
ertised.=0A>> > =0A>> =0A>> =0A>=0A>=0A>
