ISP inbound failover without BGP

William Herrin bill at herrin.us
Tue Mar 4 04:19:36 UTC 2014


On Mon, Mar 3, 2014 at 8:11 PM, Eric A Louie <elouie at yahoo.com> wrote:
> One thought I had was having them use Dynamic DNS service.
>
> Are there any other solutions, short of using BGP multihoming
> and having them try to get their own ASN and IPv4 /24 block?

Hi Eric,

I went through this a couple years ago with continuity of operations
planning. The bottom line is: with the notable exception of
low-activity electronic mail, switching the address record in the DNS
entry will generally not work as expected. For folks serious about
reliable access to their servers, BGP isn't just the best way, it's
the only way.

Reasons why dynamic DNS fails to perform as expected include:

* Web browser DNS pinning can result in a customer's web browser
holding the old IP address indefinitely.

* Host-level caching of looked up names which discards the TTL.
Remember: your desktop or laptop performs lookups against multiple
name services, e.g. DNS, /etc/hosts, lmhosts, NIS+. DNS TTL is no
longer in scope once the name to address map enters the generic host
lookup mechanism. Most OSes have a fixed timeout of one sort or
another, some old ones as long as 24 hours.

* Custom applications with either IP addresses hardcoded into the
configuration or with getaddrinfo() called only once and the resulting
IP address held for the lifetime of the application.

* Anti-spam systems block IP addresses when receiving large quantities
of email from formerly-quiescent IP addresses. This is a problem if
your mail server sends a lot of email and suddenly switches to a new
sending IP address.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004



More information about the NANOG mailing list