0

We have two internet connections which are load balanced to share the load between the two. We set this up after one of the internet provider proved to be less than reliable but great speed and latency wise when it is working. We'd rather utilise both connections as much as possible rather than leave one idle until the other drops out.

We have a number of remote workers who occasionally need to connect via VPN from their laptops or iPads, we also have a small number of permanent LAN to LAN tunnels running from smaller branches.

Originally we only had one internet connection and used one of our static IP addresses for all VPN users. Now that we have two internet connections running all of the time I am trying to make sure that the VPN is available to our team regardless of which connection drops. So my solution is to create two A records for our domain name with a value of vpn. and the two static IP addresses from each peer.

Is this a sensible way of achieving this? Should I expect higher latency due to packets being lost if one peer fails and some packets still get routed to it anyway?

A brief mockup of the setup I have:

Round Robin Diagram

dannymcc
  • 2,717
  • 10
  • 48
  • 72
  • 1
    Does your company have a provider-independent IP address block, or are all your blocks assigned by your upstreams? – Mike Pennington Jul 06 '12 at 19:46
  • We have one block from each provider. I didn't even know you could get provider-independent blocks to be honest. Both our connections are small business ones as we are only a small setup. – dannymcc Jul 06 '12 at 19:57
  • Most PI blocks were assigned years ago, it's Pretty Hard to get a PI block now. Some companies have resorted to purchasing other companies that had their own PI block if it was that important to their business model. – Mike Pennington Jul 06 '12 at 20:00
  • It's interesting to know that they exist though. I can't see us acquiring any companies anytime soon though! – dannymcc Jul 06 '12 at 20:02
  • Which VPN software? – mgorven Jul 06 '12 at 20:21
  • @mgorven We use IPSec tunnels and PPTP remote workers which connect to our VPN endpoint, which in this case is a Draytek Vigor router. – dannymcc Jul 06 '12 at 20:24

1 Answers1

1

There is no guarantee from the client on how they will use the Double Record. WHile it should work, I must point out that it will not be 50/50 also there is no guarantee the client will automatically use the other IP.

If you can I would suggest take a look at a DNS service provider like DNSMadeEasy or Amazon Route 53. They will allow you to set "Weighted" DNS which will effectively broadcast one IP to some users and other IP at other times in rotation (something like that) as well as support failover you can use either solution or combine them to achieve desired result. For example if Internet IP A is down the DNS provider can switch the DNS to point to IP B. Whats awesome is that DNSMadeeasy also supports LAN IP records

http://www.dnsmadeeasy.com http://aws.amazon.com/route53/faqs/#Support_for_WRR

Abhishek Dujari
  • 567
  • 2
  • 5
  • 17