Portal Home > Knowledgebase > Articles Database > Anycast DNS as a "wanna be" BGP ?
Anycast DNS as a "wanna be" BGP ?
| Posted by excessnet, 04-06-2012, 10:39 AM |
| Hello,
I've readed a bit about Anycast DNS but I'm still a bit confused.
We have here only one ISP and would like to add a backup ISP. The problems is, if the primary ISP fall down, the backup ISP won't have the same IPs.
Can Anycast fix that? By take one "global" IP and send it to ISP1 or ISP2 (when ISP1 is not responding) ?
That "global" IP is the same as the current we have now or I need a new one?
Thanks!
|
| Posted by layer0, 04-06-2012, 11:30 AM |
| You technically need to use BGP to accomplish anycast properly anyways, so I don't see it as a replacement.
|
| Posted by excessnet, 04-06-2012, 12:05 PM |
| yeah, I think that's what I've read, wasnt so sure. Thanks!
|
| Posted by InfiniteTech, 04-06-2012, 03:56 PM |
| Anycast and DNS does not have anything to do what you are trying to accomplish. I have simplified my response here to suit your scenario.
DNS is to resolve domains to IPs. Just leave it at that.
Anycast is used when you want 2+ different locations on the planet to respond to the same IP. No point reading any further on this topic either.
What you need is a BGP capable router, 2 ISPs that you can have a BGP session with, 1 ASN and one routable IP block (/24 IPv4 prefix minimum).
You will have your BGP router announce your IP space to both your upstream ISPs. If one upstream has downtime, the BGP routes will automatically converge over to the 2nd ISP's routes. Voila! You're still online inspite of a carrier failure.
You will need atleast 10,000 USD to implement what I described here with some technical knowledge. Do not even attempt this if you do not have either.
There is still the problem of the single-router setup. You will go offline if your router goes offline. So you now need more money and technical expertise to make your network highly available. Not to mention the difficultly you'll go through trying to secure a /24 or an ASN from a RIR.
Good luck.
Last edited by InfiniteTech; 04-06-2012 at 03:59 PM.
|
| Posted by excessnet, 04-06-2012, 04:08 PM |
| Thanks InfiniteTech, we already looked into this, way to expensive (for the need). That's why I was asking for that Anycast DNS !
|
| Posted by InfiniteTech, 04-06-2012, 04:14 PM |
| I think I misunderstood your question. I apologize.
You can contact a few DNS providers who provide monitoring/switching service. When your ISP1 goes offline, they will automatically switch A records to ISP2 IP address.
|
| Posted by hafthorr, 04-08-2012, 02:40 AM |
| Our company just did a setup for a small hosting company, using 2 fortinet 60c units in HA setup.
Theoretical throuput of these units is 1Gbit over firewall (any packet size), and in HA Active-Active setup even more.
2 x Fortinet 60c ends up costing something in lines of 1200-1300$, and without a security bundle license can do DDoS IPS, SSL VPN and other assorted nice features.
So 10,000 USD is a bit over the top
ps. 60c units cannot pull full BGP tables, which you really do not need for lets say 2 x 100-200Mbit upstreams. Wonders can be done via asymmetric routing and policy routing.
|
| Posted by InfiniteTech, 04-08-2012, 04:49 AM |
| The only reason I mentioned 10K USD is assuming the routers are capable of full routing table. I cannot think of any new routers thats half decent and less than 5K~ USD per unit from Juniper or Cisco.
It would be a real shame if you went with a HA setup but are not able to scale well.
With current bandwidth growth, you'll most likely double your capacity within 12 months.
|
| Posted by excessnet, 04-08-2012, 10:55 AM |
| well, it could work, we already have 2 x Fortigate 110C, but the problems is more likely to find an IP provider and ISP that want to configure the BGP. Not that easy in Quebec, Canada.
10k$ for those Juniper would not be a problems if the rest of the BGP was fine.
|
| Posted by snapstart-chris, 04-08-2012, 08:11 PM |
| Just to confirm what you're looking for:
2 completely separated networks (at the same site, or different sites?)
1 network+all servers are active
1 network+all servers are passive, and are only used if the primary site is unreachable
If that's what you're looking for, anycast and BGP aren't needed, but BGP would certainly be the easy way...
|
| Posted by excessnet, 04-09-2012, 11:50 AM |
| well, to explain, we have :
- One MAIN site with two Fortigat 110C.
- More remote branch connected by VPN to the MAIN site (also using Fortinet).
All the remote site are connected to the MAIN site. We also have some webpage like "support" and "helpdesk" pointing to the main site. Later, we will have Citrix/RDP.
What we would like to do, is having a "backup" ISP (like our Fiber + 3G Network as backup). When the Fiber is down, on the main site, we are able to connect to the outside (browsing internet, etc...), but VPN can't reconnect.
So, what I would like to do is having one IP that goes to the two ISP (Fiber and 3G) and the only way to do that (I think) it's a BGP.
|
| Posted by snapstart-chris, 04-11-2012, 02:49 PM |
| BGP is the best way to do it, but you could:
Setup 2 name servers, each with a single public IP.
-Use extremely low TTLs for all records
-NS1 has an IP from ISP1
-NS2 has an IP from ISP2
-Setup Linux-HA, going across the Internet
Dual home all servers, and set 2 default gateways on each. The gateway on ISP1 should have a low metric, and the gateway on ISP2 should have a high metric.
So, if ISP1 goes down:
-NS1 becomes inaccessible
-HA on NS2 would kick in, and start resolving requests
-All servers wouldn't be able to send data out to the lower metric gateway
-All servers would start sending data out the higher metric gateway
There would be a short, but noticeable period during the cut over, if ISP1 goes down. But this is the best way of doing it without BGP. (But BGP would really be preferred!)
|
| Posted by InfiniteTech, 04-11-2012, 04:50 PM |
| Jeez. Utter confusion. OP, after reading your follow up posts, my first post is applicable to your situation. http://www.webhostingtalk.com/showpo...26&postcount=4
If you commit to say 100 Mbps dedicated lines from both providers, I'm sure both will setup a BGP session with your router. Quebec or Iran, this is true.
The harder part is managing to secure a /24 (256 IPs) for your requirements. This is the minimum size required to broadcast publicly. RIRs will decline your request, so you would need to get this from one of those ISPs.
|
| Posted by excessnet, 04-12-2012, 02:05 PM |
| I know!
|
Add to Favourites 
Print this Article
Also Read
Shared Hosting
Shared Hosting
