Chuck Kollars
2007-Dec-03 17:47 UTC
Re: Shorewall-users] ?: backup ISP & static IP addresses
Sorry I don''t think I made my question clear. By "work" I mean _eventually_. I know the existing connections will break and I know it may take several minutes to establish new connections; that''s okay. The key issue is using a _static_ IP assigned by the ISP whose drop is temporarily down. And the question should not have been whether or not it will work, but rather _how_ to make it work. In other words, what do other folks with a _static_ IP and _multiple_ ISPs do? thanks! Chuck Kollars <ckollars9 <at> yahoo.com> writes:> We have both the drop we normally use from our > regular ISP, and a backup drop from our backup ISP. > Initially we figured changeover would be real easy > -- just unplug one and plug in the other, no effect > on Shorewall, no firewall reboot, no secondary > consequences. > > (We don''t need the complication of load balancing > because both drops are plenty wide enough to carry > all our traffic by themselves. We don''t need an > unattended failover scheme because we can monitor > and physically switch the cables just as quickly. > And we accept that most of our connections will > break once every few years when an emergency forces > us to switch drops. We''re fully satisfied with > this "dumb" solution and aren''t motivated to try to > change it; we just want to make it work.) > > Here''s our potential problem: our static IP was of > course delegated by our regular ISP, and we suspect > it _may_ be specific to that ISP only. If that''s > the case and we use the static IP address from our > regular ISP with our backup drop, we _may_ be be > ticking off the ISPs, and it _may_ not even work. > > What do other folks who have more than one ISP and > static IP addresses do? > > thanks! > > -Chuck Kollars > >-Chuck Kollars ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
Andrew Suffield
2007-Dec-03 18:12 UTC
Re: Shorewall-users] ?: backup ISP & static IP addresses
On Mon, Dec 03, 2007 at 09:47:30AM -0800, Chuck Kollars wrote:> Sorry I don''t think I made my question clear. By > "work" I mean _eventually_. I know the existing > connections will break and I know it may take several > minutes to establish new connections; that''s okay. The > key issue is using a _static_ IP assigned by the ISP > whose drop is temporarily down. And the question > should not have been whether or not it will work, but > rather _how_ to make it work. In other words, what do > other folks with a _static_ IP and _multiple_ ISPs do?They have several static addresses. The rest is routing and careful DNS configuration. ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
Simon Hobson
2007-Dec-04 07:55 UTC
Re: Shorewall-users] ?: backup ISP & static IP addresses
Chuck Kollars wrote:>Sorry I don''t think I made my question clear. By >"work" I mean _eventually_. I know the existing >connections will break and I know it may take several >minutes to establish new connections; that''s okay. The >key issue is using a _static_ IP assigned by the ISP >whose drop is temporarily down. And the question >should not have been whether or not it will work, but >rather _how_ to make it work. In other words, what do >other folks with a _static_ IP and _multiple_ ISPs do?So as I read this, you have a static IP from a provider, the link is down, and you want that static IP to work via another provider ? If that is the case, then as Tom has said, you CANNOT make it work<period>.* That IP is allocated to the ISP and will be routed as part of a larger block to that ISP. There is NOTHING* you can do to have that IP routed elsewhere. You may or may not be able to send packets out via the second provider with that IP as the source address, the second provider may or may not filter them out as forged - but you will never get any replies. * Actually that is not 100% - but to do anything else would require that your ISP do some tricks. The only trick likely to be supported, and only then by very, very few providers would be to provide you with two connections and run a routing protocol between you and the ISP to manage your traffic. Since this will normally involve having two links via the same technology, provider, and routing, there is likely to be little redundancy. I did also read about a provider that does it differently - you build two VPNs to them via whatever connections you have available, and they provide an IP from their range which is forwarded to you via the VPNs. I can''t recall who it was, and it wasn''t cheap, and I suspect it adds a certain amount of latency. ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4