[TCLUG] Multiple Internet Connections

Wed Apr 21 21:13:13 CDT 2004

Doug Coats wrote:

>I have an interesting twist that is going to be introduced to my network
>here in the next month and I would like your opinion as to how to approach
>it.
>
>We currantly have an Internet connection through Comcast (cable).  I then
>route this to two subnets and one webserver.  We have been forced (no DSL in
>our area) to have our mailserver off site hooked up to DSL so that we could
>have a static IP.
>
>This going to change in May because we will have DSL on-site.  We will be
>movig our mailserver so that everything is in one building.  We are planning
>on keeping the Comcast connection (it's faster) and I need to incorporate
>this new DSL connection into our exiting network so that we have outside
>access and so that in-house mail traffic stays in-house.
>
>I hope that I have explained that well enough.  Does anyone here have
>experience in anything similar?  Anyone with a gateway with two out-side
>NIC's in it?  Any suggestions or ideas would be greatly appreciated.
>
>  
>
the problem is not load balancing by itself ( linux will load balance 
over equal cost paths) but with routing.
say you have a block of IPs  from comcast and other from dsl provider, 
if you put up two defaults pointing to different ISP, you`ll end up 
sending the packets with source IP  of one provider via the link of the 
other provider where it`ll eventually be dropped.
what could be done:

1. get your own private IP block and announce it - hard, and may not be 
neccesary in your case
2. NAT + policy routing - very real :) In this case I`d assume that you 
have a real IP address from each provider. You put your gear behind NAT 
and inbound traffic destined to certain ports you NAT to internal IPs 
and vice versa. This is inbound traffic.  For outbound you setup  some 
policy routing, basically you can configure a linux box so that  for 
example web traffic goes through this ISP and SMTP through this one. For 
more info look at LARTC.org or contact me I`ll help you out.
For SMTP you can setup 2 MX records for your doiman zone pointing to 
different hostnames which in turn point to different IPs, this will give 
you some redundancy. But in this case you`ll not know via what link the 
pacet came and not now through which to send a subsequent responce. 
So you`d have to have some for of monitoring the link state so that when 
one fails then you start sending your traffic out of the active one. 
This could be done with a simple shell script that pings and if pings 
time out it executes the commands to switch the traffic over to other link.
To sum this all up, it all depends on what you want to achieve, how much 
redundancy and reliabilty you need. The setup I`ve described has 
limitations, but is fairly reliable and cheap, and you`d not have to run 
routing protocols.
Though of course best way to go is get a private space and run BGP, from 
what you told that would be an overkill and also it is quite expensive :)

>Doug
>
>
>_______________________________________________
>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>http://www.mn-linux.org tclug-list at mn-linux.org
>https://mailman.real-time.com/mailman/listinfo/tclug-list
>
>  
>

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list