We have both the drop we normally use from our regular ISP, and a backup drop from our backup ISP. Initially we figured changeover would be real easy -- just unplug one and plug in the other, no effect on Shorewall, no firewall reboot, no secondary consequences. (We don''t need the complication of load balancing because both drops are plenty wide enough to carry all our traffic by themselves. We don''t need an unattended failover scheme because we can monitor and physically switch the cables just as quickly. And we accept that most of our connections will break once every few years when an emergency forces us to switch drops. We''re fully satisfied with this "dumb" solution and aren''t motivated to try to change it; we just want to make it work.) Here''s our potential problem: our static IP was of course delegated by our regular ISP, and we suspect it _may_ be specific to that ISP only. If that''s the case and we use the static IP address from our regular ISP with our backup drop, we _may_ be be ticking off the ISPs, and it _may_ not even work. What do other folks who have more than one ISP and static IP addresses do? thanks! -Chuck Kollars ____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
Chuck Kollars wrote:> > What do other folks who have more than one ISP and > static IP addresses do?While I don''t feel that the redundancy of a second ISP is worth the cost for me personally, if I had two uplinks I would: a) Have two external NICs in my firewall; one for each ISP b) Describe both as ''optional'' in /etc/shorewall/providers c) Specify ''balance'' on both (why not?) d) If one of the links goes down, simply take the interface down (ifdown) and restart Shorewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
Chuck Kollars wrote:> > Here''s our potential problem: our static IP was of > course delegated by our regular ISP, and we suspect it > _may_ be specific to that ISP only. If that''s the case > and we use the static IP address from our regular ISP > with our backup drop, we _may_ be be ticking off the > ISPs, and it _may_ not even work.Of course it won''t work. Outbound, the default gateway will suddenly not exist. Inbound, the rest of the internet is not going to suddenly start routing that IP address through a totally different ISP. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
On Sat, 2007-12-01 at 14:47 -0800, Tom Eastep wrote:> Chuck Kollars wrote: > > > What do other folks who have more than one ISP and > > static IP addresses do? > > While I don''t feel that the redundancy of a second ISP is worth the cost > for me personally, if I had two uplinks I would: > > a) Have two external NICs in my firewall; one for each ISP > b) Describe both as ''optional'' in /etc/shorewall/providers > c) Specify ''balance'' on both (why not?) > d) If one of the links goes down, simply take the interface down > (ifdown) and restart Shorewall.Of course, this works for outbound traffic only. Since you mentioned a static IP, Toms other comment still stands. The rest of the Internet will not suddenly start routing their traffic differently. This applies mainly, in case DNS resolves to that (primary ISPs) static IP and you are running publicly accessible services in your network (MX, http, etc). karsten -- [ESR] Eric S. Raymond: "How To Ask Questions The Smart Way" http://www.catb.org/~esr/faqs/smart-questions.html [SGT] Simon G. Tatham: "How to Report Bugs Effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4