Re: [tlug] WAN fail-over configuration in Linux-based router

[Curt Sampson <cjs@example.com>]

On 2009-11-05 22:25 +0900 (Thu), Jianshi Huang wrote:

> Could somebody tell me what's the best way to achieve WAN fail-over
> (backup) in a Linux-based router....
> 
> Since full fail-over also needs support from ISP side.

Oh, that's easy! Just make sure you've got your own AS and set of
globally routable addresses, and you're using BGP with your ISPs. :-)

> Any established
> connection can allowed to be dropped if one line drops. New
> connections would be routed to the backup line.

Well, you wouldn't need to worry about that if you were using real
routing, as above. But you're not, and not likely to. So you're going to
fake it, and for that we need more information to figure out where you
compromise.

The first thing we need to know is if this is for connections that the
rest of the world initiate to your servers or connections your one
location initiate to the rest of the world. (If both, we divide and, er,
compromise individually at each.)

For the former, where you're trying to have redundant links for your
servers, it's pretty tricky, and you probably want some stuff related to
this designed in at the application level to make it work well.

For the latter, when you just want to deal well with one of your ISPs
going down, I'm reckoning it might be as easy as two NAT gateways on to
your interior each running HSRP (or a routing protocol, if you have an
interior internetwork and that's free anyway). Though I must admit I've
never tried this myself.

Oh, and all of this assumes IPv4.

cjs
-- 
Curt Sampson       <cjs@example.com>        +81 90 7737 2974
           Functional programming in all senses of the word:
                   http://www.starling-software.com