-2

We have a customer that has a windows server located behind a dual wan router that has two static IP addresses from each ISP. They have staff out in the field that have laptops with applications that can only point to one Public IP address.

They are want the ability to purchase an additional public address online and we would be able to setup the primary ISP public IP address and then a secondary ISP public IP address under the newly purchased IP address.

The applications only support a single public IP address and will not work with DNS name address.

This would provide a redundant failover in the even one ISP went down for their applications.

Any insight would be appreciated.

enter image description here

voretaq7
  • 79,879
  • 17
  • 130
  • 214
Garrett
  • 11
  • 1
  • 3
  • What exactly are you asking about? The scheme seems sensible, though the single external IP could have connectivity issues as well, maybe you could get any anycasted address? – NickW May 03 '13 at 15:52
  • Yes, It appears that I explained the typography but failed to explain what I am asking for. I am wondering where I can get the service for the Hosted Online IP address. Just as you mentioned with Anycast. – Garrett May 03 '13 at 15:57
  • 1
    If it's pure routing you're looking for, voretaq is correct, it's going to be expensive, and should be done by a professional. – NickW May 03 '13 at 16:04
  • BTW, what application are they connecting to, do they use a VPN to connect? – NickW May 03 '13 at 16:05
  • Thank you NickW. Your information is helpful. There use to be VPN but as the applications developed they could point to a public IP address. Our company is assisting this company with several tasks and we just needed general direction on a service in which we could use to perform this task. Thank for your help. – Garrett May 03 '13 at 16:09
  • @NickW Can you even get anycast IPv4 addresses anymore? – Michael Hampton Jun 06 '13 at 23:18
  • @MichaelHampton really good question, if you have your own /24 any decent Tier1 will probably do it for you.. but it's been a few years since I've dealt directly with any of them, it may be something the only offer on IPv6 nowadays. – NickW Jun 07 '13 at 08:34

2 Answers2

6

You seem to be operating under a number of misconceptions - I STRONGLY URGE YOU to seek professional assistance.

Doing what you're asking for in your question is an involved process.

For starters, you don't purchase a single "additional public IP address" - IP addresses are allocated in blocks by Regional Internet Registries (RIRs), or through ISPs.

To do what you want you would need to acquire a netblock from your local RIR, then find (at least) two providers willing to provide you transit over their networks, install routers at your site, and configure BGP to advertise your block through the two carriers.

This is a nontrivial task, and very expensive (carrier services don't come cheap).
Further, attempting it without a good amount of experience in network design & management will lead to dismal failure, with much recrimination and gnashing of teeth.
(The fact that you're asking this question on Server Fault is a good indication that you lack the requisite experience to do this on your own without help.)

If you don't want to go that route (because of cost/expense) you have the option of load balancing on a reliable connection from someone else (using something like Amazon ELB). Whether or not this is viable depends on what exactly you're trying to make redundant.

voretaq7
  • 79,879
  • 17
  • 130
  • 214
  • I am simply asking on ServerFault because I know there are ways of doing it and we have trained staff that can do all this but we just needed general information in which way to move forward. It seems to me that this is a simple task. Just need direction and what other people have done in the past. – Garrett May 03 '13 at 16:02
  • 1
    What suggestions does your trained staff have? – Keith Stokes May 03 '13 at 16:35
  • 2
    @Garrett If you have trained staff (with experience in network design and routing) you should be asking them these questions - there are other options (like VPNs) which I didn't go into here since you seem to want a public IP. Also forgive me for being blunt, but if it seems to you that "this is a simple task" you are either willfully ignoring the underlying complexity, or out of your technical depth and unaware of it. Virtually all high-availability solutions *look* simple until you consider the implementation requirements underlying them. – voretaq7 May 03 '13 at 18:06
1

It looks like what they want is "ISP failover". I'm not sure why - it seems like there are many other SPOFs (single points of failure) other than the ISP. Are the ISPs unreliable?

Anyway, my first suggestion is "talk to the ISPs". Such a HA solution is possible but will be complex and expensive, as voretaq has pointed out. The networking knowledge to build such a solution is typically found at an ISP.

My second suggestion is to consider moving the server hosting the application into the cloud. That removes all reliance on the two (or more) ISPs and the Watchguard router. It does replace it with reliance on a cloud provider but those are generally very reliable.

Additionally, I suggest that you be sarcastic with whoever wrote that app. Tell them there is a technology designed, in part, to deal with fail-over between ip addresses. It is called DNS and was first developed in the early 1980s. You know, thirty years ago…

All sarcasm aside, the idea of an app that doesn't support DNS and only connects to one public ip address is appalling. You should strongly suggest to the customer that they pressure (with their wallet!) to get the developers of the app to do networking the proper way.

Greenstone Walker
  • 779
  • 1
  • 5
  • 16