Re: [fw-wiz] router with 2 redundant inferfaces



On Sun, 13 Apr 2008, shadow floating wrote:

Hi guys,
my company is having 2 leased lines internet connections and they were
about to buy two routers to make them standby to each other, each with
one of the internet connections, as they were discussing with some
network consultant...he convinced them to reduce cost and put 2 wics
in one router only each connected to the each internet connection
instead of buying 2 routers....is that appropriate??

It's been a while since I did a fully redundant configuration, but the
principle points of failure are normally the same:

1. Power circuit.
2. Physical environment.
3. Backup power
4. Path into building.
5. Carrier/path.
6. Addressing.

If you're looking for redundancy, then two routers make more sense, but
you're still likely to have single points of failure in most environments-
so likelyhood of failure tends to be important.

1. Are both routers on the same power circuit? This is an easy thing to
fix and guards against circuit-level failures.

2. Is it necessary to guard against local events like fire/water damage
by splitting physical faclilities or rooms?

3. Are you plugging things into a single UPS or generator circuit? Is
that appropriate for your environment?

4. Are you getting all your circuits down one path from the street to
your facility? When I've been involved in new building design, we've
specified dual paths into the building for carrier access, one carrier per
path so that JBO (Joe Backhoe Operator) can't kill coms with one swoop.
What sort of service also starts to impact this, though moreso on voice
(SONNET rings are a good thing, as is foreign exchange fail-over from your
telco.)

5. Single carriers terminating at single routers in single facilities
aren't good for redundancy. Multiple carriers who use the same fiber path
also aren't. In the US, it's getting more difficult to get access to
carrier's fiber maps, so eliminating SPFs isn't always easy, especially if
you're somewhere that has limited long-haul circuits due to terrain or
cost issues (see Baltimore tunnel fire event a few years back.)

6. If you want it to be complete, you need to advertise the same address
space with each carrier. If you're really paranoid, get addressing from
each carrier, make them share routing for each other's blocks and
dual-address or NAT each device. Easier is split addressing with DNS
server zones for each address block, but it doesn't fail over, but it's
interesting load sharing.

If you have local environmental issues (power, cooling, dust, power
spike on line...) that make a router failure more likley, then dual
routers are cheap (depending on pipe size) insurance.

You can save even more money by not having the extra connection- I'm
guessing that someone's already made that call, so what criteria was it
made under? What was the business case, and how does a single router
impact that case?

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@xxxxxxxxxxxx which may have no basis whatsoever in fact."
http://www.fluiditgroup.com/blog/pdr/
Art: http://PaulDRobertson.imagekind.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Ideas for resolving this intermittent problem please?
    ... line or DSLAM/MSAN port is the issue and not the local wiring or router. ... Step one install 2 routers of exactly the same type with the same ... can get your routers on the same exchange with the same carrier even better. ...
    (uk.telecom.broadband)
  • Re: [fw-wiz] router with 2 redundant inferfaces
    ... It rather subverts the desire of having 2 circuits to begin with. ... Convince them to run dual routers (they don't have to be hefty but ... my company is having 2 leased lines internet connections and they were ...
    (Firewall-Wizards)
  • Re: [fw-wiz] router with 2 redundant interfaces
    ... How much redundancy and diversity is "enough"? ... On your premises, that means 2 routers, each with 2 NICs, connected to 2 independent and redundant power sources. ... my company is having 2 leased lines internet connections and they were about to buy two routers to make them standby to each other, each with one of the internet connections, as they were discussing with some network consultant...he convinced them to reduce cost and put 2 wics in one router only each connected to the each internet connection instead of buying 2 routers....is that appropriate?? ...
    (Firewall-Wizards)
  • RE: Wireless Router
    ... With a wireless router,the routers property boxes in "Internet Connections" ... needs specific data or codes to be typed in to its connection boxes,otherwise ...
    (microsoft.public.windowsxp.accessibility)
  • Re: Two DSL connections / networks, set one Intranet Only?
    ... Hi Jack, we have two DSL circuits for redundancy, and there are two ... different routers with separate IP addresses, ... internet through ONLY ONE circuit, ... If you do not want to use the second connection to the Internet why it is ...
    (microsoft.public.windowsxp.network_web)