ISP Multihoming Using NAT

Discussion in 'Cisco' started by Noddy, Jun 28, 2005.

  1. Noddy

    Noddy Guest

    Hi All

    I want to multihome to 2 different ISPs, I do not have the justification
    nor want to support the complexity of obtaining a public AS and IP range BGP
    etc and therfore want to do this using NAT.
    I want to utilise both of these links in a load balancing scenario and also
    for my solution to be fully redundant if one link should fail.
    I am comfortable with the outgoing traffic by using 2 HSRP groups to acheive
    load balancing and redundancy and am also happy to direct incoming mail
    traffic down one link and set a secondary MX record to point to the public
    range assigned to the second link.
    The concept that I am struggling with is succesfully directing traffic to my
    web server down a particular link and to have that incoming traffic fail
    over to the other link, remembering that both links will have public
    addresses from different ranges.
    I could do this with round robin DNS load sharing however this does have
    some drawbacks, the main one of concern is that it will blackhole a portion
    of the traffic in the event of a link failure.

    Is there a way that I can acheive this domain name redundancy without having
    to implement the full blown BGP solution?

    Have read through the relevant chapter of Jeff Doyle Routing TCP/IP vol 2
    but found nothing on the domain name issue

    Noddy, Jun 28, 2005
    1. Advertisements

  2. I think there's an example of this in Vincent Jones's High-Availability
    Networking with Cisco book.
    Barry Margolin, Jun 29, 2005
    1. Advertisements

  3. It's in Chapter 8... "Configuration Example: Using NAT for an Alternate
    ISP Path" starting on page 436. The configuration listing is on my web
    site, but for the description of how it works (and how it doesn't work)
    you'll have to get the book.

    Good luck and have fun!
    Vincent C Jones, Jun 29, 2005
  4. Noddy

    Noddy Guest

    Thanks for this Vincent

    I have ordered the book today. BTW it's currently out of print, I need to
    get a 2nd hand copy from Amazon.
    Does this specifically cover the return path domain name issue that I

    Noddy, Jun 30, 2005
  5. There is no real solution to the domain name issue, so my book
    only addresses it to the extent of pointing out that the common
    hacks of setting a short DNS lifetime and/or returning multiple
    records are both prone to failure in the real world and are only
    reliable in environments where you have end-to-end control. In the
    case of a public web server, you don't have end-to-end control,
    so your choices come down to: (1) do BGP, (2) outsource your web
    server to a provider which does BGP, or (3) live with some users
    being nailed whenever you have a problem (which, by Murphy's law,
    will typically be a critical user at the most inconvenient time).

    It always amazes me how many people find an excuse to do (1)
    when doing (2) would be both cheaper and more available. Keep in
    mind that no matter what you do, you will always have some down
    time for some users, all you can adjust is how many users, for how
    long, and how often, and, of course, how much you spend. Also keep
    in mind that adding redundancy always costs money, but does not
    always improve availability and can even degrade availability if
    not properly implemented.

    Good luck and have fun!
    Vincent C Jones, Jun 30, 2005
  6. Noddy

    Noddy Guest

    Noddy, Jul 1, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.