Re: 2 lines

[Zyumbilev, Peter]

On 30/07/2013 10:42, Shane Ambler wrote:
>I thought pfsense supported failover - or is that limited to outgoing?
> http://doc.pfsense.org/index.php/File:RouterDiagram.png
> http://www.techvilleottawa.org/pfsense-load-balance-fail-over-setup/
> 
> Otherwise something like wackamole or heartbeat to keep the ip address
> alive?
> 
> 
> 

"This setup enables pfSense to load balance traffic from your LAN to
multiple internet connections (WANs). "..

This is only outgoing :(

So so far 2 solutions:

1. Real one BGP, problem needs own ip range
2. DnsMadeEasy - cheap and easy ($34.50 per year), but not as good as BGP

Peter
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: 2 lines

[Shane Ambler]

On 30/07/2013 15:04, Zyumbilev, Peter wrote:


However really not sure what is the best way - the only feasible
solution I found so far is DNS faiolver
http://www.dnsmadeeasy.com/services/dns-failover-system-monitoring/.
However I am not 100% sure how well it will work and if this may cause
more troubles and embarrassment in front of the customer than simply
giving them  in a email

gate1.example.com(primary)
gate2.example.com(backup)


I thought pfsense supported failover - or is that limited to outgoing?
http://doc.pfsense.org/index.php/File:RouterDiagram.png
http://www.techvilleottawa.org/pfsense-load-balance-fail-over-setup/

Otherwise something like wackamole or heartbeat to keep the ip address 
alive?



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: 2 lines

[Zyumbilev, Peter]

On 29/07/2013 20:06, Matthew Seaman wrote:
> On 29/07/2013 17:38, Zyumbilev, Peter wrote:
>> Not sure what is the best way nowadays to get own /24 or at least /26 ?
>> I wonder if there is "second hand" ip market :-)
> 
> 
> Get a /64 or a /48 and subnet it...?
> 
>   Cheers,
> 
>   Matthew
> 

Hi,

Lines are from 2 different ISPs and evn come physically via different
route  - protection again construction workers :-) Basically to be fair
I need one single IP to have such fail over  - the Citrix server.

However really not sure what is the best way - the only feasible
solution I found so far is DNS faiolver
http://www.dnsmadeeasy.com/services/dns-failover-system-monitoring/.
However I am not 100% sure how well it will work and if this may cause
more troubles and embarrassment in front of the customer than simply
giving them  in a email

gate1.example.com(primary)
gate2.example.com(backup)

to connect.

Cheers,

Peter

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: 2 lines

[Outback Dingo]

On Mon, Jul 29, 2013 at 4:06 PM, Daniel Feenberg  wrote:

>
>
> On Mon, 29 Jul 2013, Terje Elde wrote:
>
>  On 29. juli 2013, at 18:38, "Zyumbilev, Peter" 
>> wrote:
>>
>>> Not sure what is the best way nowadays to get own /24 or at least /26 ?
>>>
>>
>> I don't think you ever said if this was two links from the same provider,
>> or two different providers. That's a huge factor in what your options are.
>>
>> You'll have a hard time doing BGP-based failover with a /26. It's just
>> too small a route to be announced globally.
>>
>> This stuff isn't just a technical question, but also one of policy and
>> politics. In order to get to a proper solution, your best option is
>> probably to give the provider(s) a call, and explain what you'd like to do.
>>
>> Depening on a lot of things, one option could be to have the provider
>> owning the IP(s) tunnel it over the other link durin fault. Hard to say if
>> they will, so you really nedd to talk to them.
>>
>> In the meantime, DNS-failover is a lot better than nothing.
>>
>
> Did the OP say he was running servers at all? If there are no servers,
> then any of a number of "dual-wan routers" will handle the problem with no
> difficulty and minimal expense. If he is running servers, these routers
> generally come with built in software to do dynamic updates of DNS, that I
> understand works, provided you don't have unreasonable expectations about
> reliability. Just because some institutions can't stand 5 minutes of
> downtime doesn't mean there isn't a legitimate use for facilities that
> suffer 5 minutes of downtime several times a year.


Yes he did... "However when one line is down all
connections Internet --> LAN to certain service(e.g www) via that
connection are down as expected."


>
>
> daniel feenberg
> NBER
>
>
>
>> Terje
>>
>> __**_
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/**mailman/listinfo/freebsd-**questions
>> To unsubscribe, send any mail to "freebsd-questions-**
>> unsubscr...@freebsd.org "
>>
>>  __**_
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/**mailman/listinfo/freebsd-**questions
> To unsubscribe, send any mail to "freebsd-questions-**
> unsubscr...@freebsd.org "
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: 2 lines

[Daniel Feenberg]

On Mon, 29 Jul 2013, Terje Elde wrote:


On 29. juli 2013, at 18:38, "Zyumbilev, Peter"  wrote:

Not sure what is the best way nowadays to get own /24 or at least /26 ?


I don't think you ever said if this was two links from the same 
provider, or two different providers. That's a huge factor in what your 
options are.


You'll have a hard time doing BGP-based failover with a /26. It's just 
too small a route to be announced globally.


This stuff isn't just a technical question, but also one of policy and 
politics. In order to get to a proper solution, your best option is 
probably to give the provider(s) a call, and explain what you'd like to 
do.


Depening on a lot of things, one option could be to have the provider 
owning the IP(s) tunnel it over the other link durin fault. Hard to say 
if they will, so you really nedd to talk to them.


In the meantime, DNS-failover is a lot better than nothing.


Did the OP say he was running servers at all? If there are no servers, 
then any of a number of "dual-wan routers" will handle the problem with no 
difficulty and minimal expense. If he is running servers, these routers 
generally come with built in software to do dynamic updates of DNS, that I 
understand works, provided you don't have unreasonable expectations about 
reliability. Just because some institutions can't stand 5 minutes of 
downtime doesn't mean there isn't a legitimate use for facilities that 
suffer 5 minutes of downtime several times a year.


daniel feenberg
NBER



Terje

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: 2 lines

[Matthew Seaman]

On 29/07/2013 17:38, Zyumbilev, Peter wrote:
> Not sure what is the best way nowadays to get own /24 or at least /26 ?
> I wonder if there is "second hand" ip market :-)


Get a /64 or a /48 and subnet it...?

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey




signature.asc
Description: OpenPGP digital signature

Re: 2 lines

[Terje Elde]

On 29. juli 2013, at 18:38, "Zyumbilev, Peter"  wrote:
> Not sure what is the best way nowadays to get own /24 or at least /26 ?

I don't think you ever said if this was two links from the same provider, or 
two different providers. That's a huge factor in what your options are. 

You'll have a hard time doing BGP-based failover with a /26. It's just too 
small a route to be announced globally. 

This stuff isn't just a technical question, but also one of policy and 
politics. In order to get to a proper solution, your best option is probably to 
give the provider(s) a call, and explain what you'd like to do. 

Depening on a lot of things, one option could be to have the provider owning 
the IP(s) tunnel it over the other link durin fault. Hard to say if they will, 
so you really nedd to talk to them. 

In the meantime, DNS-failover is a lot better than nothing. 

Terje

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: 2 lines

[Zyumbilev, Peter]

On 29/07/2013 16:46, Mark Felder wrote:
> The right way to handle this is to get your own IP allocation and do BGP
> out both providers. Then the internet can reach you over both internet
> connections and when one goes down all traffic is routed through your
> other connection.
> 

Not sure what is the best way nowadays to get own /24 or at least /26 ?
I wonder if there is "second hand" ip market :-)

Peter
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

2 lines

[Zyumbilev, Peter]

Hi,

I have 2 fiber lines and using pfsense(freebsd) I can easily use them
for backup of LAN --> Internet traffic i.e when primary is down, second
line kick in automatically.  However when one line is down all
connections Internet --> LAN to certain service(e.g www) via that
connection are down as expected.

My question is: is there some smart(e.g DNS) solution that can help me
overcome this ?

Thanks,

Peter
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: 2 lines

[lconrad]

On Monday 29/07/2013 at 8:14 am, "Zyumbilev, Peter"  wrote:

Hi,

I have 2 fiber lines and using pfsense(freebsd) I can easily use them
for backup of LAN --> Internet traffic i.e when primary is down, 
second

line kick in automatically.  However when one line is down all
connections Internet --> LAN to certain service(e.g www) via that
connection are down as expected.

My question is: is there some smart(e.g DNS) solution that can help me
overcome this ?
DNS works at a higher layer that physical connections, so cannot be 
the solution, but may be required in a solution.


fail-over for WAN link failure is the solution.

For DNS, if you're running public domain named services and you cannot 
bring up the backup WAN link on the same IP as the failed primary, 
then you'll have to dynamically update the domain names with new A 
record.


Len
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: 2 lines

[Mark Felder]

The right way to handle this is to get your own IP allocation and do BGP
out both providers. Then the internet can reach you over both internet
connections and when one goes down all traffic is routed through your
other connection.

Another feasible, but poor option: proxy your services out in the cloud
and have it be intelligent enough to be able to reach your content over
both providers and properly failover when one goes down.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: 2 lines

[Outback Dingo]

On Mon, Jul 29, 2013 at 9:06 AM, Zyumbilev, Peter wrote:

> Hi,
>
> I have 2 fiber lines and using pfsense(freebsd) I can easily use them
> for backup of LAN --> Internet traffic i.e when primary is down, second
> line kick in automatically.  However when one line is down all
> connections Internet --> LAN to certain service(e.g www) via that
> connection are down as expected.
>
> My question is: is there some smart(e.g DNS) solution that can help me
> overcome this ?
>

using dns for this is the wrong way to go about it.

>
> Thanks,
>
> Peter
>
>
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscr...@freebsd.org"
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

2 lines

[Zyumbilev, Peter]

Hi,

I have 2 fiber lines and using pfsense(freebsd) I can easily use them
for backup of LAN --> Internet traffic i.e when primary is down, second
line kick in automatically.  However when one line is down all
connections Internet --> LAN to certain service(e.g www) via that
connection are down as expected.

My question is: is there some smart(e.g DNS) solution that can help me
overcome this ?

Thanks,

Peter


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"