[ale] "Small Guy" redundant routing

JD jdp at algoloma.com
Sun Apr 3 15:38:29 EDT 2011 

I think Monowall and PFsense both support redundant WAN connections
(multiple routes). There are probably other distro choices too.

Linux Advanced Routing and Traffic Control
http://www.linux.org/docs/ldp/howto/Adv-Routing-HOWTO/index.html
The server was down.

BTW, I'm not suggesting "shared hosting" - just the reverse proxy needs
to be on a single VM, all the back ends can run anywhere.

Your situation is probably more complex.

If you want private services to completely different internal network
segments, you could setup many different OpenVPN inbound connections to
the different internal subnets too.  Then you could explicitly limit
which openVPN connections gain access to each subnet.  Now I'm just
thinking out loud.

On 04/03/2011 03:19 PM, Michael Trausch wrote:
> I have VMs running which are "untrusted" in the sense of the word that
> a shared hosting environment for the services that they have is just
> really not feasible.
> 
> I may just try to free up some space by moving some of the things that
> can be trusted to play nicely together to a VM hosted elsewhere, such
> as Linode.  But what I'd like to avoid is using something like Linode
> to do routing for me.
> 
> I just want multiple routes.  That's all.  I think that the short
> answer is that "I can't have them" without doing a lot of stuff to
> significantly increase the liklihood of bottlenecks in unexpected
> places...
> 
> On Sun, Apr 3, 2011 at 15:10, JD <jdp at algoloma.com> wrote:
>> With "small guy" services, it is fairly easy to setup redundant network
>> access with cable and DSL services.  If you combine those with a reverse
>> proxy someplace in the cloud, then you can have redundant, round-robin
>> load balancing for inbound connections, not just outbound redundancy
>> too.  I have a friend with this setup and he's had it working for about
>> a decade.
>>
>> These days it is possible to run 200+ services off a single public IP,
>> but your reverse proxy configuration will not be trivial.
>>
>> The big network guys seem to think that a single IP means a single
>> service. That simply isn't the case.  You can do it with subdomains
>> and/or subfolders.
>>
>> app1.domain.com
>> app2.domain.com
>> app3.domain.com
>>
>> can all forward to different internal services. I suspect you already
>> understand that. You can even use reverse proxies to share a single SSL
>> cert and forward the requests to different backends inside your network.
>>  A few months ago, I read how to perform SSL load balancing using a
>> single IP and Apache, but it only worked with really modern browsers.
>> http://www.howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch
>>
>> Let's see ... are there any gotcha services ... email.  Hosting multiple
>> email domains on a single IP is definitely possible.
>>
>> Ok, so here's the thing that you asked for and I don't think you can
>> have, at least not cheaply. You don't get to have much of a subnet,
>> except on 1 connection and the other connection will be on a completely
>> separate public address space.  Obviously, you could pay $XYZ/month to
>> get what you're asking for (I didn't check prices), but why when
>> $150/month will get you 2 business class connections (DSL + Cable), just
>> with limited public IP space?
>>
>> I used to have a /29 at home through Abraxis many years ago.  I never
>> used more than 2 of those IPs.  These days, I make due with a single
>> public IP. Sure there are times during migrations that it would be handy
>> to have another public IP, but not as often as you'd think.
>>
>> I'm pretty certain there are lots of people on this list who have also
>> solved the same problem.
>>
>>
>> On 04/03/2011 12:59 PM, Michael B. Trausch wrote:
>>> I have been trying to find an answer to this for quite some time.
>>>
>>> I want a means by which to have two connections to the Internet, and the
>>> ability to use my own IP address space on both (that is, I want multiple
>>> routes that can reach my network, maybe one via DSL and one via cable).
>>> Of course, using "small guy" Internet connectivity (because I cannot
>>> afford to spend thousands and thousands of dollars per month on
>>> dedicated leased lines and the like which would allow me to do route
>>> announcements) I would appear to not have that option.
>>>
>>> Is there any sort of service out there that would fill the niche for
>>> what I want?  Essentially, I'd like to be able to buy a /27 network and
>>> have all of the addresses for that /27 reach me over either of my
>>> connections to the Internet.
>>>
>>> Is it even possible to do with "small guy" services?  Or do I really
>>> have to be a huge entity with tens of thousands of dollars of cash flow
>>> in order to have that sort of thing?
>>>
>>>       --- Mike
>>>

More information about the Ale mailing list