ISP inbound failover without BGP

Jon Lewis jlewis at
Tue Mar 4 05:38:10 UTC 2014

On Mon, 3 Mar 2014, Justin M. Streiner wrote:

> If they're not technically competent enough to handle BGP, they won't be 
> technically competent enough to deal with solutions that play the short DNS 
> TTL game.
> As someone else mentioned in this thread - would colocating the servers be a 
> workable solution for them?  Put the servers some place where the redundancy 
> exists already.

My vote goes to the traditional BGP multihomed solution.  It's the right 
way to solve the problem and the easiest to manage.

If getting AT&T to do BGP and buying a BGP capable router (they don't even 
need full so anything that'll speak BGP, take a pair of 
default routes, and handle whatever their traffic level is will do) is too 
costly[1], another possible option I've not seen mentioned is VPN.  They 
could put one machine/router somewhere with decent redundancy and setup a 
VPN gateway at their office that connects to the colo'd device.

You might even offer this as a service.

Spammers have been doing this for years.  It makes moving their operations 
easier as their public facing servers get cancelled.  All they do is move 
the VPN server(s) and their systems that do all the "work" remain online 
and hidden.

[1] If only I had a dollar for every time a client said redundancy was too 
expensive to have, but when their non-redundant stuff went offline, 
they claimed to be losing millions of $ per small unit of time.

  Jon Lewis, MCP :)           |  I route
                              |  therefore you are
_________ for PGP public key_________

More information about the NANOG mailing list