Security Basics mailing list archives
RE: Failover internet connections, and implementation...
From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 23 Oct 2007 14:05:44 -0700
Neither of these will work if you host the company's Internet- facing servers (web, email) on the network, because DNS entries (cached all over the place) will still be pointing at your primary addresses. There are special appliances that will compensate for a failed ISP link, including serving up DNS with a short TTL and reflecting the change. The more traditional approach is to have dedicated routable addressing -- at least for those servers! -- and BGP to multiple ISP connections. David Gillett
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Dan Denton Sent: Tuesday, October 23, 2007 11:19 AM To: security-basics () securityfocus com Subject: Failover internet connections, and implementation... I've a question about failover internet connections. I'm interesting in knowing what kind of implementations that other SMB's use for redundancy, and to switch to in the case of a DOS attack. Do any of you have redundant highspeed internet connections for your offices (versus those for datacenters)? If so, what kind of setup do you have? Here's the setups I'm considering... 1. Have a second cable modem/dsl modem active, but not hooked into the network. In the event of a failure, move the connection for perimeter devices over to the standby connection and reconfigure the perimeter device to use a different IP. 2. Have a second set of perimeter devices (firewalls) programmed to use the IP's on the second connection, as a hot standby. My problem with the first option is the time it would take to reconfigure firewalls and IDS' to use the other ISP's connection. The problem I have with the second is the expense of firewalls and IDS' just sitting there idle. Any input is greatly appreciated! Dan
Current thread:
- Failover internet connections, and implementation... Dan Denton (Oct 23)
- RE: Failover internet connections, and implementation... jmacaranas (Oct 23)
- RE: Failover internet connections, and implementation... Joseph Lichty (Oct 23)
- RE: Failover internet connections, and implementation... Wilson Mosquera (Oct 23)
- RE: [SPAM] - Failover internet connections, and implementation... - Bayesian Filter detected spam Hopke, Greg (Oct 23)
- Re: Failover internet connections, and implementation... VM (Oct 23)
- RE: Failover internet connections, and implementation... David Gillett (Oct 23)
- Re: Failover internet connections, and implementation... jam (Oct 23)
- Re: Failover internet connections, and implementation... c0unter14 (Oct 24)
- RE: Failover internet connections, and implementation... Dan Denton (Oct 24)
- Re: Failover internet connections, and implementation... jam (Oct 23)
- Re: Failover internet connections, and implementation... Anthony (Oct 23)
- Re: Failover internet connections, and implementation... Larry Offley (Oct 24)