• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Redundant internet Connection for a Small business

StraightPipe

Golden Member
I work at a small business that has a T-1 for internet access. We've recently been consuming most of our bandwidth, and the connection is beging to get really slow for web use. I'm a hardware guy, but i'm not up to par on networking, so any help would be great.

I've determined that the major culprit of bandwidth consumption is our WebView software that allows us to view offsite web cameras and security systems. It streams video into our office from 48 different cameras at 4 offsite locations.

Basically we're paying $500/mo for our T-1 suppling a reliable 1.5mbps connetion now. Our ISP says they can double the bandwidth for double the price ($1000).

I was wondering if we could pickup a Cable modem to add more bandwidth (Comcast has 16x2 connections for $99). We dont need to download any one thing faster, we just need additional bandwidth for all the users (20-25 users).

Also we're hoping that having a second connection will provide some redundancy in case our T-1 goes down, we'd have a second provider to keep us online. We had also been considering a VZN wireless card to provide that redundancy, since wireless would be less likely to go down when the power and phone lines do (in storms).

I've already done some searching, and read JackMDS's Load Balancing FAQ, but i'm still pretty fuzzy on what needs to be done.

Currently we have the T-1 Smart Jack->T-1 Modem-> Firewall->dumb switch->all computers/servers on the lan.

Do we just add a 2WAN router between the Modems and our existing firewall?

Can we dumb down the router so it lets all our communications pass through? (we have our own exchange and BB server, plus VPN connections)

How do I setup the load balancing?
 
PS, we've got a dedicated IP on out T-1, so we can host our own email via Exchange Server.

I'm still new to this, but I want to be sure we dont interupt any current services by adding this additional gear.

thanks again for helping this noob 🙂
 
Load balancing isn't simple or cheap.

Best bet would be to get a device that can handle it. The company I work for is in the same situation. We need as much up/down as possible, T1's and DSL wasn't cutting it, so we stepped up to Comcast 20/2 (usually 30/4) and load balance with our T1 (mainly failover though).

We are using a Cisco 1800 series Dual WAN router. We had to customize the config for our needs. The router cost about $800, but it works hell of alot better than we could get Server 03 to do with multi NIC's.

If you are worried about losing an ISP connection do to power failure, then you should also look at a generator for your whole building, as whats the point of internet if no one can use it. You can only build in so much cover for yourself in case of failure.

Usually if a high Teir provider loses power, you have bigger problems.

Also remeber that even if you get internet from a different provider you could still be using the same pipeline. IE, in my area AT&T is the backbone. Other companies sell T1's using ATT's backbone, so don't think you are seperating yourself from disaster by usign a diff company. Check to see who's backbone they use.
 
Thanks. We've already got a backup generator, but big storms usually bring the power and T-1 (AT+T) down together...that's why we were considering VZN wireless or Comcast Cable for a backup. The break in connection happens about 2 blocks from our offices, and it's usually power and internet at the same time, so I dont think the Backbone in Birmingham Alabama would come down with them.

We dont really need it to be cheap and simple, but buying a $1000 worth of network gear is a whole lot less expensive than paying an extra $500/mo.

I've got access to everything in the office (firewalls, admin access, etc). I've got a good understanding of home networking, but very little experience using managed switches.

So do I basically get a dual WAN router and have it assume the role of my firewall? or just put the new router between my firewall and modems and get it to pass everything through?

 
The way I've done this in the past is through policy based routing on a Cisco router. What you can have it do is direct all camera traffic and exchange traffic to go out one connection and all other traffic to go out another. You can do this by IP, port, etc. Someone else might have a better idea for how to do this than I do, but this is what I was able to figure out.

It's important to realize, though, that by combining a 10mb cable downstream and a 1.5mb T1 downstream, you're not going to get 11.5mb. Connections that go out the 10mb will get 10mb and connections that go out the T1 will get 1.5mb. This is in stark contrast to using bonded T1s where all connections utilize the full 3mb.

An alternative to a Cisco router might be something like this: http://www.barracudanetworks.c...ucts/link_overview.php which accomplishes approximately the same goal, but would be easier for someone who has no Cisco background to set up.
 
this Barracuda seems like the type of hardware we need. I guess we would just replace our old Watchguard firewall with a device like this (and basically copy all the port rules to the new device).

One question I have about fail over is related to our Exchange Server. Currently our mail domain is pointed to our T1's IP address via MX records. If the T-1 goes down how does the "automatic failover" handle switching to the IP of the new cable internet connection?
 
Set a new MX record with lower priority(higher MX Level) then your current record and point it to the IP you get with the backup connection.
 
Awesome. I know how to do that! I just dont have much experience, so it helps to have some nudges.

Thanks everybody. I'm off to search for some gear!
 
I agree with Drebo above. Policy based routing would be a good solution. I have seen similar setups in which critical traffic (email, SAP, WMS, etc.) go one way, and the internet traffic goes another way.

I would take the time to do your research, and don't jump into anything. There are probably a ton of whitepapers out there concerning small business topics such as this. Spending the time on proper access lists may be more efficient than the firewall you are using, but then it may not. I would try and get the opinions of those that have done similar, and listen to their lessons learned.

Many Cisco routers will give you the capability for two WAN ports as long as you have one or two WICs. I deal mainly with 2821's, and they are great at what they do and not too expensive.

P.S. You may want to provide more information on other things that travel your connection. VoIP, IM, etc.
 
I suggest you go with a cisco router. You can get one even with a T1, ADSL, DOCSIS, or cellular wireless WAN interface, so you could potentially consolidate everything on a single box. Additionally, you'd have the ability to add voice services, vpn, or other things. Plus, even if you're not a expert on setting up ios, it's easy to find help.

The small cisco routers really don't cost that much, especially compared to other business expenses like you mentioned.
 
I've been looking at this inexpensive cisco router. For $289 it handles both WANs and lets me replace my old firebox 700 Firewall (from Watchguard).

I know how to do basic NAT and port forwarding, so I'm planning on just attempting to duplicate the existing settings onto the cisco box. I've done those things before, so they shouldnt be an issue.

The Cisco box also supports DHCP and some other functions that are currently handled by our Domain Controller (Win 2003 STD), so I guess I can just disable those features.

the main appls we have running through the router are Email, VPN, and Blackberries, but these are all done on servers, just passing through the firewall. We also have these webcams coming through on various ports. All our web hosting is done on external hosts. Our phone system is digital/Voip hybrid, but it's on a seperate PRI connection. I updated the firmware on the firewall once last year and had to re-setup all the nat and port forwarding rules, but otherwise it's been running without intervention for 3 years.

I guess I need to do some digging on "Policy Based Routing". i believe it would be in our best interest to leave the Email and BB's on the T-1 (since they actually use significant upload bandwidth) and put the http traffic and web cameras on the 16mbx2mb Cable connection.
 
You probably want to move up in model. The higher you go the more throughput and features you can add. Policy based routing on lower lines is done in processor (I think, it's been a while since I've looked at all the models) so that could really limit your throughput.

You'll want all the features of IOS. You can setup "watch lists" (also called object tracking) to change routing depending on if your default gateway or a paticular upstream or downstream application is in service. Basically you can do anything you want.
 
I don't think that's a "real" cisco (ios) router. If you don't have to worry about continued vendor support for the product, I think it's worth the extra expense. How about something like this:
http://www.newegg.com/Product/...x?Item=N82E16833120024
or this:
http://www.newegg.com/Product/...x?Item=N82E16833120005

Call my cynical, but I don't have very much confidence in support from manufacturers of embedded network devices that sell to consumers.

Edit: Don't worry about performance. At this level every router you find will be doing everything save ipsec acceleration on the main processor. If you want hardware acceleration, you'll have to pay a lot more. But today even these basic processors are decently fast and ios makes efficient use of processor power. You will also miss things like ecc ram, redundancy features, and support for some more exotic interfaces.

As far as ios features, AFAIK, one of the nice things is that most any feature you want is available on even basic hardware like this.
 
Why do we need to move up from the $300 unit to a $700-900 unit?

All the comments on the more expensive cisco boxes say "you had better know cisco IOS if you want to use this" - that scares me, cuz I dont know it.
 
Originally posted by: StraightPipe
Why do we need to move up from the $300 unit to a $700-900 unit?

All the comments on the more expensive cisco boxes say "you had better know cisco IOS if you want to use this" - that scares me, cuz I dont know it.

I'm telling you when it comes to dual WAN and it working proper spend the money. The 1811 works great for our comany (~100 people) as a main backbone and handling dual WANs.

I have cheaper ones at home 1-300 range and they suck because of horrible routing, dropping packets because they go out one wan and come back the other.

Knowing IOS helps, but there is the Cisco SDM GUI interface on the 1811 which you can do basically everything from.

Also because of the popularity there is alot of scripts out there that you can customize to your needs then just paste it into SDM and save it.

Also as an FYI no matter what you try you are going to have a delay of traffic if one connection goes down. For our mail we use Exchange but we use DynDNS mail hop, so they cache our mail in case our Exchange server is down, mail doesn't bounce.
 
Originally posted by: StraightPipe
Why do we need to move up from the $300 unit to a $700-900 unit?

All the comments on the more expensive cisco boxes say "you had better know cisco IOS if you want to use this" - that scares me, cuz I dont know it.

The first router your linked is a Linksys router, not a Cisco router. It only carries the Cisco name. Effectively, it's a SOHO router, not a business router. Most SOHO routers only support dual WAN in failover mode, not in a proper load-balancing mode.

For proper load-balancing or policy based routing, you'll want something a bit bigger. Not only that, but it will be much more stable. With SOHO gear, if you have to call a manufacturer, you'll get people reading from scripts asking about which operating system you're using (as if that matters one lick for networking). With Cisco, you'll (most of the time) get a competent technician that can actually help you with problems. Not only that, but your control of the device is MUCH more granular.

My advice if you don't have the experience is to hire someone to set it up for you. That way, you have someone else to blame when problems happen.
 
Now that is my kind of thinking 🙂

Thanks for the help all. I've got a few consultants up my sleeve who can probably take it from here.

Thanks again for the assisstance. This little bit of knowledge will help tremendously in explaining what I need the consultants to do.
 
You don't have to spend that much even. Another option is older used cisco equipment, which works fine but may be at the end of it's life and not have continuing software support for much longer. This is not as bad as it sounds, because if you don't do anything too exotic, the features you use should be mature and time-tested by now. You can pick up an old 2600/3600 series router for a few hundred, and it will provide you with everything you need.
 
Is a 2600/2700 going to require me to know CLI for IOS?

Also, I just remembered I have a Cisco 1760 our ISP left us with 3 years ago. It's got an ethernet jack for T-1 DSU/CSU, 10/100 Ethernet, AUX, and Console. Plus there are 3 empty card slots in here. Could i get a card with an additional WAN port cheap? Is this going to be another IOS rig or will i be able to use an easy Web interface?
 
it seems this 1760 (that we already have) will do the job, but needs a WIC-1ENET to give Dual LAN.

Now I just need to find a card and someone who can configure it.

Edit: hmmm, looks loike that WIC is only 10BaseT. Since we're going with a 16mbps cable modem, i think that's going to bottle neck our internet connection...

 
The 1760 should work perfectly well for you purposes. You can get additional ethernet or other interfaces. The way you configure this typically is via the serial (console) port (there's a special baby blue rj-45 to serial cable).

I've heard that cisco technical support is good - you can call them up at any time and they'll even help you configure your router, or send you replacements if something breaks. You do have to purchase a support contract though - not sure how expensive they are.

Edit: you can get a fast ethernet wic. I haven't seen a 1 port fast ethernet one, but I have heard of the wic-4esw which is also an fast ethernet switch.
 
One guy I asked is saying that the IOS is going to be out of date because it hasnt been used in 3 years. There is definately not a contract on it, and i think the product has hit EOL...

Is that going to be a problem?
 
Nope, it is still new enough you can get a service contract on it. Then you can update to a newer version. Alternatively, you can live (midly) dangerously and use whatever it has right now.
 
My concern with getting a contract on it is that this used to be our ISP's. They left the gear with us when we changed providers 3 years ago... so I'm assuming the serial is still registered to the ISP.

Any idea where I can find Cisco Certified installers? I need to find one in the Birmingham Alabama/Tuscaloosa area.
 
Back
Top