An Introduction to Internet Bonding and Failover
Combining multiple Internet services enables a business to failover from one Internet connection to another, bond multiple WAN connections into a single WAN connection, and optimize the business network to take advantage of the bandwidth and attributes of each connection. The key difference between bonding and failover is that with a bonded service, when a WAN connection fails, local and remote users using the failed connection continue uninterrupted whereas with failover there is a brief disconnection.
This brief disconnection is a minor problem for local users accessing the internet, but remote users accessing the office must be reconnected to the server they were using. Inbound failover solves the problem of different Internet connections using different IP addresses by maintaining the same IP on multiple WAN connections when one fails. Outbound failover which simply reconnects the office to the internet is suitable for LAN's that are not accessed remotely from the Internet.
To summarize, some of the benefits of combining multiple connections include:
* 100% reliability to the Internet or corporate network
* failover from one WAN connection to a second WAN connection
* increase upload and download speeds
* replace expensive Internet connections with lower cost alternatives
* use Policy Routing to separate public (Internet) and private (interoffice) traffic
* use Policy Routing to separate latency sensitive services (e.g., VoIP, RDP) from other traffic
Please email firstname.lastname@example.org or call 604.482.1225 for more information.
Internet Bonding and Failover: Further Reading
Every business has different requirements when choosing a bonding or failover service. Here are five things to consider:
- Outbound Failover
- Inbound Failover
- Bonding Multiple Services
- Policy Routing
- Prioritizing Traffic with QoS
There are two failover solutions for traffic outbound to the Internet. They are only appropriate if people do not need to access your application servers from the Internet.
1. Cold standby requires physically moving your LAN from one WAN connection to another. The cable between your LAN and primary WAN connection is moved to the backup WAN connection and your firewall or edge router is reprogrammed to use the IP addresses and gateway of the backup WAN connection. This takes a few minutes (or much longer if you are offsite).
2. Automatic failover uses equipment that supports two WAN connections and is capable of automatically failing over when there is a certain amount of packet loss or a complete outage. The status of each connection is determined by pinging an IP address through it and measuring packet loss. The equipment automatically fails over when packet loss occurs and fails back when the connection returns to service.
Inbound failover is critical to maintain the continued connection of remote traffic to application (mail, VoIP, Citrix, email, web, ftp, etc.) servers hosted on your LAN. Inbound traffic is more difficult to failover because all Internet services use different IP addresses. There are three ways to avoid changing the IP addresses of your local servers:
1. Dynamic DNS is used in addition to automatic failover and only works if inbound traffic resolves to the host name of the application server instead of directly to its static IP address. The host name in turn resolves to the static IP address of the application server. When the primary connection fails, the host name automatically resolves to the IP addresses of the backup connection.
DDNS is provided for free or a nominal charge by DDNS providers. There is no Internet standard and most DDNS providers only support host names that are extensions of their own domain name (e.g., customer.ddns.com). Remote users are disconnected when the primary connection drops and can only reconnect after the DDNS server is updated. DDNS is most effective when all remote users share the the same DDNS server. Otherwise, the length of the changeover depends on how long it takes the DNS change to propagate throughout the Internet.
2. IP Failover transfers the IP address assigned to one connection over to another. The failover appliance switches to another connection when one goes down, establishing a VPN tunnel to your ISP who redirects the IP's assigned at that connection to the VPN tunnel. Within seconds, the inbound traffic flows through the VPN tunnel instead of the lost connection.
3. Shared IP failover is by far the simplest and most efficient of all failover solutions. Shared IP shares a single IP address on two or more internet connections and when one connection goes down, the failover appliance simply sends all traffic through another connection.
This is the Skyway West recommended solution, and there are very few companies offering Shared IP failover. Skyway can supply multiple WAN connections or work with connection(s) provided by other ISP's. Shared IP failover is also available to customers outside our Internet access serving area. In this case, we tunnel our IP addresses through both connections.
Bonding is when two or more connections are simultaneously used to access the Internet.
Basic bonding is done by load balancing between the connections. For example:
- Separate services are sent through separate connections. For example, services sensitive to congestion (e.g., terminal server, Citrix, VoIP) are sent through one connection and less sensitive services (e.g., web browsing, email, ftp) through another.
- The services are load balanced by session or bandwidth utilization. Session balancing sends each session through a different connection. Bandwidth balancing sends all traffic through a specific connection until a certain percentage of the connection is utilized. At that point, the second connection is used.
True bonding is when the combined bandwidth of two or more WAN connections is available to any application. For example, downloading a large FTP file would use multiple connections simultaneously. As well, true bonding allows for failover within the bonded connection allowing applications like VoIP and RDP using the failed connection to continue uninterrupted.
Skyway's T1 Xstream is a true bonding solution. It dramatically enhances the speed and reliabiliity of your broadband connection. T1 Xstream combines multiple Internet access services provided by Skyway (e.g. adsl, cable, T1, fibre or fixed wireless) or other providers and can apply compression to further accelerate upload and download speeds.
T1 Xstream combines multiple Internet connections using different IP addresses into a single connection with a single IP address. Inbound and outbound traffic only slows down if an individual Internet service fails. VoIP and terminal services stay connected.
Skyway and our Value-Added Partners support many traffic-management devices and security/VPN appliances (e.g., Astrocom, SonicWall, Fortigate, Mikrotik, etc.) capable of failover and bonding.
Failover appliances can use Policy Routing to manage traffic on multiple WAN connections. For example, a Mikrotik Routerboard 750GL has four wide area network (WAN) ports for connecting multiple broadband connections to a local area network (LAN) and can be configured to separate the outgoing WAN traffic based on policy routing statements. If the IP traffic matches particular criteria (i.e. protocol, port number or particular destination IP) then the outbound traffic is directed up one of the WAN interfaces.
Companies typically segregate highly interactive or latency-sensitive applications like VoIP, VPN or Gaming from from bulk data transfers like email, ftp and http. Alternatively, they might segregate private traffic from public traffic for better security and to prevent public traffic from introducing instability into the less resilient private traffic. Skyway tags and separates the traffic based on a variety of metrics including IP Addresses, Type of Service (TOS) bits, Protocol and Port ranges.
The Mikrotik pings an IP address at the other end of each broadband connection to confirm they are operational. If pings are lost, and that loss exceeds a certain threshold, then the WAN interface is declared down and the Mikrotik fails outbound traffic over to the other broadband connection. The Mikrotik continues sending pings until the "down" interface responds and at that time the Mikrotik begins using both broadband connections again.
Most failover appliances can also prioritize outgoing traffic based on how it is tagged but have no control over inbound traffic.
Some failover appliances like the Mikrotik provide extra value by integrating with Skyway's network equipment. This integration allows Skyway customers to prioritize both outbound and inbound traffic on either connection and when one connection fails to the other.
Please contact us for a detailed consultation: