two gateways, one as a backup on second internet line

[philippe mercier]

Hello,

i am trying to protect myself against the unavailability of my main
leased line using a backup ADSL line.

here is my config.

A/ [My main server] is connected to [a firewall with ip 10.0.0.1]
which is connected to a [cisco router with external IP 161...161 for
example] which is connected to the [leased line]:

[Main]-[Firewall: 10...1]-[cisco]-[line]

B/ I have a [Backup server with software firewall with IP 10.0.0.220]
on the same network connected to a [ADSL line]:

[backup 220]-[ADSL LINE]


I have configured two gateways on my main server:

10.0.0.1 (main line) - metric 1
and
10.0.0.220 (backup pc that will route to adsl) metric 2

when i turn down my [firewall ], the system cannot contact 10.0.0.1
(the firewall) so packets are rerouted to 10.0.0.220 - great !

But i have two questions:

1/ when i turn on my main route again (10.0.0.1), some packets still
go thru the backup 10.0.0.200,, why??

2/ this system does not switch to the backup line,, if the [cisco] or
the [leased line] goes down. because in that case the firewall is
still responding to the server...

How can i configure that? a timeout?

thanks
philippe

 

[Phillip Windell]

1/ when i turn on my main route again (10.0.0.1), some packets still
go thru the backup 10.0.0.200,, why??

Dead Gateway Detection will not return back to the first gateway when it
comes back up unitl the second gateway fails. If their are more than two,
then it must work its way all the way to that last gateway (due to gateway
failures) before returning to the first one.

128978 - Dead Gateway Detection in TCP/IP for Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;128978

171564 - TCP/IP Dead Gateway Detection Algorithm Updated for Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;171564

2/ this system does not switch to the backup line,, if the [cisco] or
the [leased line] goes down. because in that case the firewall is
still responding to the server...

How can i configure that? a timeout?

You can't.

The right way to do all this it with two lines from the same ISP that both
come into the same Router (ex. one into each of the Serial Ports on the
router). The Router is then setup with Routing Protocols that handle
determining the Routes. This Router must work together with the ISP's Router
at the other end. So, in other words you have to work together with the ISP
to make this work. Redundnacy and fault tolerance should be part of the
"plan" that you have worked out with the ISP for the services that you pay
for.

 

[Emiliano G. Estevez]

You can setup two lines one in each router, the you can configure HSRP on
both routers, this should work, if you need references on how to setup HSRP
look in the cisco site.

Best Regards.

1/ when i turn on my main route again (10.0.0.1), some packets still
go thru the backup 10.0.0.200,, why??

Dead Gateway Detection will not return back to the first gateway when it
comes back up unitl the second gateway fails. If their are more than two,
then it must work its way all the way to that last gateway (due to gateway
failures) before returning to the first one.

128978 - Dead Gateway Detection in TCP/IP for Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;128978

171564 - TCP/IP Dead Gateway Detection Algorithm Updated for Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;171564

2/ this system does not switch to the backup line,, if the [cisco] or
the [leased line] goes down. because in that case the firewall is
still responding to the server...

How can i configure that? a timeout?

You can't.

The right way to do all this it with two lines from the same ISP that both
come into the same Router (ex. one into each of the Serial Ports on the
router). The Router is then setup with Routing Protocols that handle
determining the Routes. This Router must work together with the ISP's Router
at the other end. So, in other words you have to work together with the ISP
to make this work. Redundnacy and fault tolerance should be part of the
"plan" that you have worked out with the ISP for the services that you pay
for.

 

[Phillip Windell]

Yes, the routers is the right way to go. But since the ISP owns the router
at the opposite end (sometimes both ends) it requires getting them involved
in setting it up.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

You can setup two lines one in each router, the you can configure HSRP on
both routers, this should work, if you need references on how to setup HSRP
look in the cisco site.

Best Regards.

1/ when i turn on my main route again (10.0.0.1), some packets still
go thru the backup 10.0.0.200,, why??

Dead Gateway Detection will not return back to the first gateway when it
comes back up unitl the second gateway fails. If their are more than two,
then it must work its way all the way to that last gateway (due to gateway
failures) before returning to the first one.

128978 - Dead Gateway Detection in TCP/IP for Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;128978

171564 - TCP/IP Dead Gateway Detection Algorithm Updated for Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;171564

2/ this system does not switch to the backup line,, if the [cisco] or
the [leased line] goes down. because in that case the firewall is
still responding to the server...

How can i configure that? a timeout?

You can't.

The right way to do all this it with two lines from the same ISP that both
come into the same Router (ex. one into each of the Serial Ports on the
router). The Router is then setup with Routing Protocols that handle
determining the Routes. This Router must work together with the ISP's Router
at the other end. So, in other words you have to work together with the ISP
to make this work. Redundnacy and fault tolerance should be part of the
"plan" that you have worked out with the ISP for the services that you pay
for.