Dual Homed Static NAT???

[tekio 117]

Is it posible (or easy as it seems in theory) to dual home a host, then statically NAT each NIC via a separate gateway, each gateway answering incoming requests from a different ISP? So say... one day users can connect to nic1.a-domain.net, then also connect to nic2.a-domain.net; in case one ISP is down?

 

Never really tried this before? 

 

EDIT: Been reading and from what I get it should be ok so long as both IP's are from a range not using the same ASN number? And traffic is not expected to automagically failover in an outage?  Anyone tried this before with success?

 

Edited August 18, 2016 by tekio

[dinscurge 51]

never tried but sounds like in theory should be fairly easy even if you wanted to make the traffic automagically switch if you had say a 'service' running which would ping a handfull of servers like google or something, and then upon whatever conditions do whichever responding action. using static configuration(s) should be easier than dhcp, but dhcp should be doable if you just configure it to ignore when its told thats the default gateway and you supply which is the default gateway i guess?

 

but.. is one of those things i havent seen much of a good solution really, as to what if someone had 3-4 internet connections being able to decide which to use for what etc

[tekio 117]

Did some research and this is totally possible. It would be harder to do load balancing, automatic failover (for current sessions), or static NAT with different IP addresses from the same ISP (the letters BGP are a little beyond my expertise. LOL). 

 

The default gateway is just that: the default for when one is unknown. If someone is coming into the box by ip address the routing table should keep track of the session by interface, I think.  Just like if you telnet (for example) from your LAN or in from your WAN. Going out just the default gateway could be defined when it needs to be switched. 

 

Will post a diagram or something when/if I can get this to work.

 

 

[dinscurge 51]

yeah definitely would assume it would be harder if not impossible to have all connection types be able to switch over during. but.. if dont mind if they reset should be very easy lol

[TheFunk 9]

I would like my traffic to automagically failover in the event of an outage, but from what the network engineer at my place of work says, that would require dynamic DNS, which always seemed a bit sketchy to me.

[dinscurge 51]

6 hours ago, TheFunk said:

I would like my traffic to automagically failover in the event of an outage, but from what the network engineer at my place of work says, that would require dynamic DNS, which always seemed a bit sketchy to me.

 

not sure exactly why it would if you had a program manually configuring what your computer(s) were using, say ping google at interval, if it fails to return proper return number then try a different interface/network whatever. would more see needing dynamic dns or something for automatic failover where.. you dont lose a session/stream the connection never breaks buut.. if you dont need that capability should be easy enough, especially since many connection purposes dont have issues with that, say your watching a video on youtube, you could switch from 3/4g to wifi  airplane mode whatever and when network resumes it will just start grabbing the video again. or if you had a torrent it will just not be able to download during the time between network not being available and it switching to a different source. where if it was http download it would fail and you'd have to start from the beginning in most cases.

 

so.. for home use probably not that big of a deal considering you might have to press f5 or something where if you didnt have it fail over youd just have no network until it came back up however long the outage is. where a server or some other higher priority network stuff it might be a big deal

[tekio 117]

Dynamic DNS would work well in the situation: just make script to update DNS. Or better yet - just train offsite employees to use the IP address of failed over static NATs. Internal it would be invisible: the default gateway is the same - the border router would just sense failover, then use the port/interface providing the static NAT to the failover ISP.

Edited September 13, 2016 by tekio

[TheFunk 9]

I suggested a script to update DNS, but that would take a few hours to propagate whereas DynDNS would be a lot faster. I just don't like the idea of having to configure a load balancer for that. We could pretty much fail everything over automatically as we are, but our external users would still be unable to reach us for a few hours until the new DNS records propagated.

[tekio 117]

I.P. Address. IMO - anyone who needs to access a remote system should be smart enough to read a word document and follow screen-shots.

 

I actually went through this with our G.M. where I work. Basically said, "the users need to revolve around the I.T. Department. And I'd like to think they could follow these steps (screen shots of putting in an IP address into our remote client). I still have a job.  :-)

  

I like to stay away from Dynamic DNS for business. For me, Dynamic DNS leaves a host too discoverable. I have obtained zone transfers from a major DDNS provider before. :-(

 

 

EDIT: from the way TCP works anything would need to reconnect anyway, for the most part. Anything that established a session would be left dead in the water and need to make a new virtual circuit????  Maybe some remote clients are able to do this. A VPN that tunnels everything into UDP could correct however. But it seems users experience a time-out and try to reconnect anyways. 

 

But that's me talking about educated guesses. :-)

Edited September 16, 2016 by tekio

[jfalcon 8]

I'm not sure if you considered this, but you may want to consider bonding the two interfaces to a hosted machine.  Then when an ISP gets cut by a backhoe, you're still rocking at the same IP address.  Additionally, you would also get a nice boost in speed.

 

Considering that congress has passed legislation on selling our network habits to 3rd parties, I think VPN and VPS providers are going to be in a growth period for a while.

 

[tekio 117]

Nice idea, jfalcon!   My Cisco/WAN skills are not the best in the world. :-(