We have both the drop we normally use from our regular
ISP, and a backup drop from our backup ISP. Initially
we figured changeover would be real easy -- just
unplug one and plug in the other, no effect on
Shorewall, no firewall reboot, no secondary
consequences.
(We don''t need the complication of load balancing
because both drops are plenty wide enough to carry all
our traffic by themselves. We don''t need an unattended
failover scheme because we can monitor and physically
switch the cables just as quickly. And we accept that
most of our connections will break once every few
years when an emergency forces us to switch drops.
We''re fully satisfied with this "dumb" solution and
aren''t motivated to try to change it; we just want to
make it work.)
Here''s our potential problem: our static IP was of
course delegated by our regular ISP, and we suspect it
_may_ be specific to that ISP only. If that''s the case
and we use the static IP address from our regular ISP
with our backup drop, we _may_ be be ticking off the
ISPs, and it _may_ not even work.
What do other folks who have more than one ISP and
static IP addresses do?
thanks!
-Chuck Kollars
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell. From the desktop to the data center, Linux is going
mainstream. Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
Chuck Kollars wrote:> > What do other folks who have more than one ISP and > static IP addresses do?While I don''t feel that the redundancy of a second ISP is worth the cost for me personally, if I had two uplinks I would: a) Have two external NICs in my firewall; one for each ISP b) Describe both as ''optional'' in /etc/shorewall/providers c) Specify ''balance'' on both (why not?) d) If one of the links goes down, simply take the interface down (ifdown) and restart Shorewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
Chuck Kollars wrote:> > Here''s our potential problem: our static IP was of > course delegated by our regular ISP, and we suspect it > _may_ be specific to that ISP only. If that''s the case > and we use the static IP address from our regular ISP > with our backup drop, we _may_ be be ticking off the > ISPs, and it _may_ not even work.Of course it won''t work. Outbound, the default gateway will suddenly not exist. Inbound, the rest of the internet is not going to suddenly start routing that IP address through a totally different ISP. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
On Sat, 2007-12-01 at 14:47 -0800, Tom Eastep wrote:> Chuck Kollars wrote: > > > What do other folks who have more than one ISP and > > static IP addresses do? > > While I don''t feel that the redundancy of a second ISP is worth the cost > for me personally, if I had two uplinks I would: > > a) Have two external NICs in my firewall; one for each ISP > b) Describe both as ''optional'' in /etc/shorewall/providers > c) Specify ''balance'' on both (why not?) > d) If one of the links goes down, simply take the interface down > (ifdown) and restart Shorewall.Of course, this works for outbound traffic only. Since you mentioned a static IP, Toms other comment still stands. The rest of the Internet will not suddenly start routing their traffic differently. This applies mainly, in case DNS resolves to that (primary ISPs) static IP and you are running publicly accessible services in your network (MX, http, etc). karsten -- [ESR] Eric S. Raymond: "How To Ask Questions The Smart Way" http://www.catb.org/~esr/faqs/smart-questions.html [SGT] Simon G. Tatham: "How to Report Bugs Effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4