Dual ISP - any software to aid in fast failover for critical redundancy?

[PwAg]

Hi there!

Main workstation has two NIC's (dual onboard).
O/S: XP PRO SP3

NIC #1 = Comcast Business Cable 25 mb/s
NIC #2 = Qwest DSL 7 mb/s

Onboard NIC = Realtek RTL8169/8110 Gigabit

Used to run HotBrick Dual WAN, but has failed and is past warranty. Before finalizing on another unit (favoring a mid-grade Peplink), want to inquire if there is a reliable software based fail-over solution. Do not need load balance or any other bells&whistles.

Requirement:
If cable is lost, need "immediate" (0-5sec) fail-over to DSL. Would prefer it stays on DSL even after cable comes back online. I then manually select to move back to cable NIC #1 when the situation allows. If possible, software should sample health of internet connection every ~5 secs.

XP Pro does perform a basic switchover, but sometimes it hangs and fails to recognize a downed ISP quick enough.

Cost for a new hardware unit is not really an issue as my livelihood is generated via this workstation. So if the hardware route is a must, so be it. I just would prefer to remove as many potential hardware liabilities out of equation as possible. HotBrick did not leave a good taste as I scrambled for several minutes to reconnect an ISP that never went down.

Any ideas for XP Pro that could help me do this on a consistent and accurate basis?


Issue #2:
Cable is my primary on NIC #1. However, whenever I have NIC #2 DSL Enabled, DSL supersedes NIC #1. Any idea why this may be and how I can ensure cable remains active as primary #1? Perhaps I need to assign DSL a specific IP? If so, how should I go about doing this.

Your input is greatly appreciated.

 

[RebateMonger]

Did you look at dual-WAN routers? Linksys makes a couple that aren't horribly expensive:

http://www.cisco.com/en/US/products/ps9923/products_qanda_item09186a0080a33b64.shtml

http://www.newegg.com/Product/Product.aspx?Item=N82E16833124160&Tpk=rv042

 

[spidey07]

Any cisco router can do this as well. The feature is object tracking and you can track just about anything you want - a ping, if you can reach a port/application, etc.

Your application won't like the IP address changing though, that will break TCP sessions but if the app is smart enough it will open a new one. So it depends on the app how transparent the failover is.

If you're looking for features and reliability I'd get a smaller cisco router. I don't know the smaller models so I "assume" the IOS for them contain object tracking. They should. This is an IOS thing so no linksys.

 

[PwAg]

Tx for input.

So no software solution possible here?

All relevant platform api's are intelligent, they pick up the new IP within ~10secs.

Cisco rv042 consensus is strong? I really do not mind spending 5x that if reliability is considerably better. I did not enjoy the Hotbrick Dual WAN experience.

 

[COPOHawk]

I dont know about a software option...but I bought a Syswan version and it has been running for about 5 months with no issues.

http://www.newegg.com/Product/Produc...82E16833373001

This is for the VPN version...they have a slightly cheaper option if you don't need VPN.

 

[drebo]

If it is that important, pay someone to set you up with a proper solution. Benefits are that you're going to be getting an enterprise-grade product (Cisco (not linksys)). Additionally, you'll have someone to bitch at if it doesn't work properly.

If this is your business, there's no reason not to spend the money to get it done right. (IP SLA on a Cisco router, it's not rocket surgery).

 

[alpineranger]

Tx for input.

So no software solution possible here?

All relevant platform api's are intelligent, they pick up the new IP within ~10secs.

Cisco rv042 consensus is strong? I really do not mind spending 5x that if reliability is considerably better. I did not enjoy the Hotbrick Dual WAN experience.

Rv042 doesn't look like an ios router. You can probably pick up an older unit for cheap, but you won't get support and some of them are not going to have the performance to keep up with a 25Mbps connection. Also new hardware shouldn't be prohibitively expensive.

I wouldn't trust a linksys/cisco small business unit for business use, linksys quality was borderline acceptable before, but has gone downhill in a major way ever since they were bought by cisco. In particular, i'd be worried about the commitment to software support. With ios that isn't a concern. I don't have enough experience with cisco hardware to say, but it should probably be pretty reliable.

I'm surprised you'd prefer a software solution, a hardware piece, assuming it's reliable, should be able to let you abstract away the particulars of your internet connection. Then your pc only need to have (and you need only worry about) a standard, one ethernet interface from your computer to your lan.

 

[mxnerd]

Just installed Cisco/Linksys RV082 (a bigger brother of RV042) at working environment over a month and it has been great. I used it for load balancing though. No problem at all if you configure it properly.

 

[mloiterman]

http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x

You can take an old PC with three NICs, install pfsense, and make it work exactly as you describe. Shouldn't cost more than the price of the old PC (which is probably pretty close to $0, if you have one collecting dust somewhere) and an hour or two of your time. pfsense is very capable, very reliable, and very cheap.

Just another option to consider.

 

[Cooky]

From security stand of point, you're taking on a lot of risk by exposing the workstation that your livelihood depends on to the internet, since you're terminating Internet circuits right on your PC.
Best to go w/ a hardware solution, and pay for a professional to set it up for you.

 

[kevnich2]

I actually have two RV042's in use at different locations. One is being used on a 30mb cable and a dsl and the second is on a 25mb cable and 6mb dsl. Failover is whatever I set it at, you can choose to ping the gateway, a host, whatever and it'll ping every second, every few seconds, etc. Had both in for over a year with no hiccups at all. Actually found out our cable was going down repeatedly but no one really knew about it because the RV042 kept switching over to the dsl so quickly it took a while to figure it out.

 

[dman]

http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x

You can take an old PC with three NICs, install pfsense, and make it work exactly as you describe. Shouldn't cost more than the price of the old PC (which is probably pretty close to $0, if you have one collecting dust somewhere) and an hour or two of your time. pfsense is very capable, very reliable, and very cheap.

Just another option to consider.

I would suggest it as something to consider as well. That said, I've been using PFSense at two locations for about 6mo's now. There are some weaknesses / limitations in the Latest Official 1.2.3 release. If you are going to do basic failover / load balancing from ONE interface with little need for traffic shaping or PPTP (VPN) it works VERY well. If, however, you need Traffic shaping or use PPTP VPN's--well--there are some known limitations. OpenVPN works well.

The final 2.0 release which will expand upon the Load Balancing and Traffic Shaping features (and pretty much is the answer to all that is broken) seems to be a ways off, and the beta versions have not been very stable.

The community support (forums) have been OK, not as responsive or as helpful as the support I've seen from the WRT groups.

 

[PwAg]

Tx once again for the input folks. Much appreciated, as always.

After careful consideration, I've decided to hire a specialist to set the office up using higher tier hardware. He's very reasonably priced and came highly recommended to me by a local hedge fund (I run a small futures trading CPO). Even though I'm 95%+ DIY, I'm quite ignorant in this particular space and have plans to expand in near future. Might as well get properly prepped now.

To hold me over, I swung by Microcenter to pick up an RV042 last week. Does it's failover job at specified 2 retry/3 sec health sample interval. My trading platforms and data feeds pick up the backup DSL IP about 10-12secs faster than failover with the Hotbrick, so that's a plus. It's hardware v1.2 (Jan 2010 manufacture) with 12.19-tm (latest) firmware, fwiw. Log clear and helpful. Overall reviews/input are hit and miss, so not comfortable with long haul reliability. For just $160, will be perfect unit to keep around in case I do have a problem with the main show.

 

[stlcardinals]

Once you get properly setup, I'm sure some of us around here would like to get some specifics on what kind of a solution was put into place.

 

[kevnich2]

I've got that same rv042 router with the same firmware in place at two locations - both failover without a hitch if the connection drops without anyone even noticing it dropped. Actually long term that rv042 would work ok for you I think but with what you want to do, go ahead with that and keep the rv042 as a backup if you need it. Please keep us informed as to what the specialist puts in place. I'm sure alot of folks here are interested as to what hardware you end up getting.

 

[Jamsan]

What happens if your workstation crashes? Hardware failure, blue screen, etc.? Seems like your putting the correct emphasis on reducing single points of failure, but you still have a pretty main (and obvious) one in your setup.

 

[PwAg]

Will definitely let you guys know how it goes.

Jamsan: For my own desk, have 2 nearly identical workstation towers in holding pattern off a 3-way kvm switch. 4 systems total, 2 of which are constantly connected to 2 separate brokerages that enable us to put on immediate hedged positions in case of a failure on main WS. We also always have protective position stops/targets sitting on our broker servers & exchange. We are very anal/protected in that regard. 5 gal propane generator for extended power-outs that overwhelm the APS battery units in place. Admittedly, have been way too lax on the network redundancy aspect. Comcast Business has just been so unbelievably reliable in my area for the last 3yrs that I let it slide. This was not the case when I was using Comcast in San Diego.

Tx again all.

 

[yinan]

How would this work as far as the differing IPs go? Comcast has one IP range/IP you are getting and DSL would have a completely different setup.

 

[spidey07]

How would this work as far as the differing IPs go? Comcast has one IP range/IP you are getting and DSL would have a completely different setup.

Normally the app would just start a new TCP socket.

The ideal way is to have your own address space and then just run BGP with the two providers so that addresses never change.

 

[Emulex]

good luck getting a /24 portable - bgp route tables are huge as well. too expensive.

pull a T-1 in with cbeyond - back that up with (whatever). T-1's might be slow and cumbersome but their uptime is about 99.99% versus comcast (98%).

1.99% is alot if you factor in the critical aspect of voip and teleworkers.

 

[PwAg]

The ideal way is to have your own address space and then just run BGP with the two providers so that addresses never change.

Spidey, would it be possible to provide a bit more detail on this? Any links to example setup/schematic? Extremely interested in this... no IP migration using two ISP's is an option I did not think was cost feasible. Does this involve AS? I have not talked with the technician yet (install in ~1.5wks)...would like to talk with him about this if it's cost effective. This would seemingly be a perfect solution to deal with the 10-15sec tcp sock switchover. In 3 years at my location, there has been ZERO simultaneous downtime of cable & dsl per logs I keep.

Emulex:
T-1 1.5mbs not an option for us. Insufficient latency and bandwidth for amount of live data we stream. Been there, done that. T-1 chokes during periods of high market volatility. A blend of cable/dsl has proven sufficient. No local ISP's can touch the 40ms latency provided by Comcast Business to Chicago CME. Do you have a rough figure what BGP would cost/entail? Tx!

 

[jlazzaro]

Do you have a rough figure what BGP would cost/entail? Tx!

both providers would need to support BGP peering and you would need a registered AS + provider-independent IP space. full bgp routing is probably beyond your requirements...you would just receive a default route from both providers and use the circuits in an active/standby configuration.

even with bgp, we are not talking about split-second failover. when your primary circuit fails you will start sending traffic immediately out the secondary circuit. it *could* take up to a few minutes before the Internet as a whole recognizes your new AS path as being preferred and return traffic starts flowing. this can take even longer when you're dealing with tier2/3+ carriers as opposed to an AT&T, Sprint, etc.

bgp is the "right" way to do true multi-homed Internet connectivity, but it adds a lot of complexity. for someone with no experience (guessing) with IOS or Internet routing, it may not be the wisest choice.

 

[drebo]

Spidey, would it be possible to provide a bit more detail on this? Any links to example setup/schematic? Extremely interested in this... no IP migration using two ISP's is an option I did not think was cost feasible. Does this involve AS? I have not talked with the technician yet (install in ~1.5wks)...would like to talk with him about this if it's cost effective. This would seemingly be a perfect solution to deal with the 10-15sec tcp sock switchover. In 3 years at my location, there has been ZERO simultaneous downtime of cable & dsl per logs I keep.

Emulex:
T-1 1.5mbs not an option for us. Insufficient latency and bandwidth for amount of live data we stream. Been there, done that. T-1 chokes during periods of high market volatility. A blend of cable/dsl has proven sufficient. No local ISP's can touch the 40ms latency provided by Comcast Business to Chicago CME. Do you have a rough figure what BGP would cost/entail? Tx!

Ahhh...if you're getting lower latency from Comcast than you are from a T1, you're doing it wrong.

Hire someone to set up IP SLA for you and be done with it. BGP is much more than what you actually need.

 

[PwAg]

jlazzaro: Thanks for the clarification. After some further research yesterday, including your input, it does not seem to be a suitable match to my needs.

drebo: Yeah, IP SLA is at the top of list. Tx. Wrt T-1, our data feeds from Chicago stream 1.8-2.2mb/s to our platform at a continuous clip. We simultaneously monitor 100's of market instruments. Antiquated T-1 1.5mb/s was not up to the task as our downstream requirements matured. We had it professionally installed at previous office by a party that was instructed by our Chicago exchange side tech. We are currently ~10-15ms quicker latency than the T1. Perhaps it was improperly setup, but it was certainly not up to the bandwidth task. T3 not in our budget.

 

[drebo]

You can get multiple T1s. The cost is high, but you can bond up to 8 T1s together for a total of 12 megabits. You lose a little bit of latency in the MLPPP protocol, but you would still be looking at less than cable. But, yes, a congested T1 would have high latency, just like any other congested transport medium.

That said, if you're happy with the performance and stability of your cable and DSL connections, there's little reason to spend the money on bonded T1s. IP SLA will get you the failover you need and can be tuned to be very quick.