Backup internet connection

[pantscat]

Hi all,

 

Does anyone run a secondary backup internet connection?

 

If so - how do you do it? and what do you use?

 

I've currently got a 20Mbps fibre line and am looking to upgrade this to 50Mbps - as part of this project I'm also considering getting a DSL connection that can be used as a failover for email traffic and whatnot as the fibre is a single point-of-failure.

 

Could I just register the static IP of the DSL connection as a second MX record for my domain (with a different priority) or should I do something much more snazzy and clever? (I think a Citrix Netscaler might be a clever way to dynamically re-point things).

 

Ideas or just general ramblings would be very much welcome.

 

Thanks,

 

Ant

[danrhodes]

I think quite a lot of schools run a secondary backup line now days, mostly from what I've heard of, its to use for external mail clients to get to Exchange as trying to go through the LA connection can be......troublesome!

 

 

D

[SYNACK]

The second MX record is exactly how you should handle failover of incomming email, other services like http don't fail as gracefully and would require an upstream load balancer or manual switch over to remain accessable from the outside world. If you are wanting to keep internal traffic flowing as well you will probably need some extra hardware/software to do this. Some solutions like smoothwall offer this function builtin so it would be a good idea to check what your existing gear can do in this regard before looking at buying anything else.

[GrumbleDook]

A little word of warning. Some RBCs will not allow you to have a second line as it is in breach of *their* terms of services with *their* providers. By sticking a second line in you run the risk of introducing an unfiltered connection and allowing others to make use of services from JANET, etc by acting as a routing point.

 

If you are running a second line then you have to make sure it does not run at the same time as your primary line. In EMBC land the use of secondary MX records is irrelevant. All mail traffic runs through a store and forward system within the central server farms ... this means that should the line between you and the RBC WAN goes down then the mail is kept on the system for 1.01 days and will be pushed down to local exchange boxes once the blip is dealt with. The MX records are not for your servers but for the EMBC mail filter / store & forward.

 

Other RBCs will vary on how they deal with mail but you will find a pretty consistent message about the risks of running a second line. Just think how you would feel if the RBC WAN was compromised by another school in the area and it affected your connection? I am aware of some schools in other areas (non-EMBC) who are running second lines in fail-over mode (using watchguard or Cisco kit to manage it), but it is like everything else ... the more guaranteed up-time you want the more you pay for it.

[pantscat]

Thanks chaps for the replies - much appreciated.

 

RBCs don't concern me - I'm at a private school.

 

@Synack - I've already got a smoothwall box... so I'd better re-read the manual!