# Multiple interface failover... How to set up?



## jonheese (Oct 9, 2007)

Okay, I'm not sure if this question belongs in this forum, so let me know if there's a better place to ask. Here goes:

I've got a trio of Win2k3 servers here in the office, along with a handful (~15) of workstations. Our T-1 connection to the office has been a little flaky recently, so we're going to get a DSL connection, to be used as a backup to the T-1, for the times when it's down.

So, each of the servers (and the ISA server for the WSs) will have 3 NICs, as follows:

NIC 1: Local subnet (i.e. 192.168.3.x)
NIC 2: Public IP from T-1 router
NIC 3: Public IP from DSL router

Now, what I want is automatic failover: Use the T-1 for outbound connections all the time, unless it goes down, at which point it should switch to the DSL connections, and switch back again when the T-1 comes back online.

Now, I know the theory of setting the metrics on each NIC appropriately so it will use the T-1 NIC by default, and will switch to the DSL NIC if the T-1 NIC goes down. The problem is that in this failure mode, the T-1 NIC link is still "up". That is, it still has physical link with the router (next hop), but the second hop is down...

Is there a way to do this?

I've tested this on one of the servers already, and it works perfectly if I unplug the T-1 NIC, or pull the power on the T-1 router (since the NIC loses link), but if I just pull the T-1 line out of the T-1 router (killing the next hop, obviously), the server just keeps dumping packets into the abyss...

It's already been suggested to me to get three dual-WAN routers and plug my two WAN links into them, giving them the public IPs and letting the servers receive traffic via NAT. I can see this solution working, but it's not ideal. We'd like to keep this system as simple (and as inexpensive) as possible, and adding (at least) three more links in the networking chain, as well as the additional cost associated with them, is not preferred over a "Keep It Simple, Stupid"-type solution...

I'd even consider something as simple as a ping script that enables and disables the interface (via netsh or the like) as the link goes up and down... If I could be sure it was fool-proof.

Any and all suggestions welcome.

Regards,
Jon Heese


----------



## johnwill (Sep 26, 2002)

Why would you need three dual-WAN routers, and how would they connect anyway? Why can't you do this by using a single dual-wan router and wiring it to all three servers? Also, since a dual-WAN router would do load balancing, you would get better throughput all the time, both upstream and downstream.

Why the particular requirement to always send on the T1 line?


----------



## jonheese (Oct 9, 2007)

One router for each server. WAN1 on each router would go to the T-1 router and WAN2 would go to the DSL router. Each server would be the only thing behind each router.

The reason we can't just stick all three servers behind a dual-WAN router is because these are publicly-accessible servers... i.e. they each need to serve web content, Exchange RPC/HTTP, Sharepoint, Terminal Services, etc... Sorry I didn't mention that in my original post.

This is also the reason we want to use the T-1 as much as possible. The DSL upstream is only 384Kbps, and we want the servers to get the full 1.54Mbps of the T-1 whenever possible. In my understanding of how the dual-WAN thing works, since we're talking about external requests to the servers, it has to be one or the other... No "shotgunning" the two ports together in the response.

Regards,
Jon Heese


----------



## jonheese (Oct 9, 2007)

Okay, I'm looking at the Intel PRO/1000 PT Dual Port Server NICs as an option here, and I'll probably be calling Intel to get some more information and find out for sure whether they are smart enough to do what we want here.

Does anyone know if a NIC like this is "smart" enough to detect a down-level outage? That is, it would still have physical link to the T-1 router, and could ping the it, but couldn't get packets out past that point...

Regards,
Jon Heese


----------



## johnwill (Sep 26, 2002)

I'll be pretty amazed if they're that smart. :smile: I think if they make it to the next hop, they're probably happy.

Your configuration makes a bit more sense with the added info, you had me wondering before. :smile: I can't imagine the three routers working, port forwarding would be a nightmare! :grin:

I'm guessing you need a much smarter gateway to do this task.


----------



## jonheese (Oct 9, 2007)

Yeah, I just got an e-mail back from Intel's pre-sales team, and even though they TOTALLY misunderstood what I was trying to do in their answer, they included a link to a whitepaper PDF on the concepts involved... Nope. Not smart enough.

As I'd feared.

I don't see the 3 router idea as being hard to setup or make work, it's actually pretty simple, when viewed separately: Each server has its own dual-WAN router, which will have the two public IPs (one on the T-1, one on the DSL) that the server formerly had, and will forward the handful of necessary ports directly to the server, which will be the only machine on its own private subnet.

So it's not a matter of a nightmare to set up, it just seems inefficient and non-scalable... Sure, we only have 3 servers now, but what if we buy another? It would be nice to have a slick way to make this work with just servers and NICs so I can set something like this up somewhere else too. I have another client that will want this same kind of redundant WAN link setup on their servers as well...

I think I'm going to try out a simple ping script and see how well that works: Pick a host that's virtually always up, set a static route for that host to always go out the T-1, and have a script that pings that host and watches for dropped packets. When it gets 10 dropped packets in a row, it switches the default gateway to the DSL. When it gets 10 non-dropped packets out the T-1, it switches the default gateway back to the T-1.

Anyone see any potential problems with this idea (besides the "virtually always up" concept)?

I'd also need to figure out how to handle the switchover from an inbound perspective too, but I'm thinking a round-robin DNS entry for the servers' FQDN... When the T-1 goes down, external hosts will fall back to the DSL IP. Yeah?

Regards,
Jon Heese


----------



## animesh_mcse (Sep 23, 2009)

Hi 

I have Same setup with ISA Server 2006

Having 3 NIC 

One for LAN interface and 2 WAN (Internet form 2 separate ISP)
I want to have same kind of failover between these 2 WAN int

can u send me the ping script u have made to do so.

Thanks 

Animesh


----------



## jonheese (Oct 9, 2007)

animesh_mcse said:


> can u send me the ping script u have made to do so.


Sorry, but consider that that was almost 2 years ago... I no longer have the ping script, nor those servers, nor the routers...  The company went out of business, sold all of their server equipment, and came back as a different company and bought all new stuff. They no longer have the same reliability problems with their T-1 connection, so this is no longer an issue.

Are you fluent in any scripting languages? Perl, PHP? It should be somewhat trivial to find a script out there in your favorite language for a ping test, and one for switching on and off NICs in Windows, and piece them together to make what you want.

Good luck!

Regards,
Jon Heese


----------

