ISP inbound failover without BGP
Jon Lewis
jlewis at lewis.org
Tue Mar 4 05:38:10 UTC 2014
On Mon, 3 Mar 2014, Justin M. Streiner wrote:
> If they're not technically competent enough to handle BGP, they won't be
> technically competent enough to deal with solutions that play the short DNS
> TTL game.
>
> As someone else mentioned in this thread - would colocating the servers be a
> workable solution for them? Put the servers some place where the redundancy
> exists already.
My vote goes to the traditional BGP multihomed solution. It's the right
way to solve the problem and the easiest to manage.
If getting AT&T to do BGP and buying a BGP capable router (they don't even
need full routes...so so anything that'll speak BGP, take a pair of
default routes, and handle whatever their traffic level is will do) is too
costly[1], another possible option I've not seen mentioned is VPN. They
could put one machine/router somewhere with decent redundancy and setup a
VPN gateway at their office that connects to the colo'd device.
You might even offer this as a service.
Spammers have been doing this for years. It makes moving their operations
easier as their public facing servers get cancelled. All they do is move
the VPN server(s) and their systems that do all the "work" remain online
and hidden.
[1] If only I had a dollar for every time a client said redundancy was too
expensive to have, but when their non-redundant stuff went offline,
they claimed to be losing millions of $ per small unit of time.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
| therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the NANOG
mailing list