HA public service

  • Hi, how do you guys keep services HA to outside world?. Imagine you already have two WAN interfaces from two ISPs with services published to outside world (web, ftp, whatever). With DNS round robin,  monitoring availbility and updating DNS with low TTL zones sounds a pain in the ass and it's not bullet proof (DNS caching). I think a custom script running from outside applies here.

    Are there other options?, I've read something about BGP, but apparently it applies if both links are provided by same ISP.


  • well, read a little more about BGP and seems the way to go for HA but seems to be impossible for little installations as you need to own your own valid ip address range and apply for an ASN..

  • Rebel Alliance Developer Netgate

    You are correct there. The proper way to do that is BGP, but that can be expensive or not feasible for smaller sites.

    You may not need BGP if both links are from the same ISP, but that depends on what kind of links they are. If it's something like DSL, or T1s even, multiple circuits could be bonded into a larger, fault-tolerant pipe. Provided the ISP supports that of course.

    Playing tricks with low DNS TTLs is how some devices try to make that work, but that can be quite problematic.

  • Right now both links are from the same ISP, fibre + WiMax. In the near future the secondary link will be switched to another ISP.

    We'll be doing some tests with DNS failover (not load balancing), we'll see how it goes…