The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
Webservers and networking issues...
SeñorAmor
!!!Registered User regular
!!!Registered User regular
(Please forgive the cross-post. I'm at my wits-end here, and need all the help I can get.)
Here at the office, we run our own webserver. It hosts our website as well as several internal web-based applications that I have created for our employees.
At my suggestion, my bosses purchased a second business-class internet connection on a different ISP than our primary net connection. My reasoning behind it was that if we put our two nameservers on different ISPs, both ISPs would have to experience problems for our website to be down. I checked into it, and it seems it's a pretty common set up.
Now I'm no networking guru, and an issue that I had not expected has arisen. It seems that you can only have one default gateway on a computer. I can have multiple network cards on multiple ISPs, but only one gateway. This is a problem if my gateway is associated with NIC 1, and traffic comes in NIC 2. It appears I cannot have two public IPs from separate ISPs on my webserver and have it function properly.
My solution to this was to set up 2 NAT firewalls and add a 2nd NIC to my webserver. My firewalls would now have the 2 external IPs (and 2 IPs internal to my LAN), and forward all web traffic to a NIC on my webserver (e.g. - firewall 1 would forward to NIC 1, and firewall 2 to NIC 2). Unfortunately, it would seem that I'm going to run into the exact same problem. I can't have multiple gateways. Data coming into NIC 2 would want to go back out NIC 1 (and subsequently firewall 1).
I am at a complete loss as to how to properly achieve this. Others do this (like big datacenters), and I cannot figure out how they do it. Does anyone have any suggestions? I'm tearing my hair out here.
Thanks in advance.
Here at the office, we run our own webserver. It hosts our website as well as several internal web-based applications that I have created for our employees.
At my suggestion, my bosses purchased a second business-class internet connection on a different ISP than our primary net connection. My reasoning behind it was that if we put our two nameservers on different ISPs, both ISPs would have to experience problems for our website to be down. I checked into it, and it seems it's a pretty common set up.
Now I'm no networking guru, and an issue that I had not expected has arisen. It seems that you can only have one default gateway on a computer. I can have multiple network cards on multiple ISPs, but only one gateway. This is a problem if my gateway is associated with NIC 1, and traffic comes in NIC 2. It appears I cannot have two public IPs from separate ISPs on my webserver and have it function properly.
My solution to this was to set up 2 NAT firewalls and add a 2nd NIC to my webserver. My firewalls would now have the 2 external IPs (and 2 IPs internal to my LAN), and forward all web traffic to a NIC on my webserver (e.g. - firewall 1 would forward to NIC 1, and firewall 2 to NIC 2). Unfortunately, it would seem that I'm going to run into the exact same problem. I can't have multiple gateways. Data coming into NIC 2 would want to go back out NIC 1 (and subsequently firewall 1).
I am at a complete loss as to how to properly achieve this. Others do this (like big datacenters), and I cannot figure out how they do it. Does anyone have any suggestions? I'm tearing my hair out here.
Thanks in advance.
SeñorAmor on
0
Posts
Or buying a gateway that can handle two separate inbound connections.
By the way, I am just guessing at this. I too know it is possible (I used to work for my university's datacentre, and we did the same thing with our fibre-optic connections) but I only know of it in the context of big expensive pieces of Cisco kit (like $20000 USD).
We use Watchguard X700's but they also require the Fireware Pro OS to support HA and LB so it's roughly $5000 for that setup. This is on the low end of the price spectrum.
You could always go the manual route: swap the internal IP's of the firewalls if the primary goes down. In either case, you don't need two NIC's in the webserver.
Just having both firewalls forwarding port 80 or whatever to the web server's single IP address and two dns A records for the web sever's external (public) IP's probably won't do what you need either. The problem with this setup is that DNS will round-robin your website IP's so you will have people randomly getting one IP address or the other. Also, if they are connected to the IP that fails they have to wait for the TTL to expire to try to get a new address but they are not guaranteed to get an IP address different than the one that failed.