[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Multihoming an end user

Problem is, getting address space from ARIN doesn't tell the rest of the world how to route traffic to you. You would be able to work out how your two ISPs can route to you, but how would you tell everyone else to route that traffic to them in the first place? Looking at it the other way, what is it about a "direct from ARIN" block that makes a network "multihomeable"?

Ok, so getting an ASN is key. I guess the real question remains then, would a DSL provider route BGP4 over a DSL link or do we need to upgrade our service to T1 levels first.

For your situation, I'd consider something like having the Linux router run NAT for inside addresses while a process monitors your primary Internet link. If the link goes down, have the router automatically switch to using IPs from the secondary link for the public side of the NAT.

This wouldn't help with your Watchguard, though. If your primary link went down, clients would have to change how they connected. One possibility would be if you controlled your own DNS (and if the clients connected by name instead of IP), you could have the same script that monitors your Internet connection take care of changing the DNS entry to point to a secondary IP on the Watchguard (from the secondary ISP's IP block).

Still some issues remain, like changing the default route on the Watchguard.


It's the Watchguard VPN that does make the NAT/script idea fall apart if we want full redundancy. We have a few employees that work offsite but more importantly we have several employees who work in our building employed by our parent company using the VPN to their offices. Internet could route fine with the new route, email would continue with a secondary MX on the other IP, but the VPN needs set to a static IP.

Reply to: