2 default gateways for fault tolerance

[Jeff Vandervoort]

Setting up a branch office on a separate subnet from the main office,
connected by a T1. Users will use Remote Desktop to connect to a Terminal
Server at the main office across the T1.

In case the T1 goes down, they want to be able to use a DSL connection at
the branch office through a SOHO router to continue their RDP sessions via
Internet. A pause during the changeover is OK, but the objective is to make
the failover transparent, and not have the user have to know how to switch
between back and forth between them.

There will be a Win2003 DC at the branch office that will include DHCP and
DNS. We plan to use split DNS so the FQDN of the Terminal Server will
remain the same whether connection is made via LAN or Internet.

If I set up DHCP at the remote office to hand out 2 Default Gateways, the
1st pointing to the router that goes back across the T1 to the main office,
the 2nd pointing to the SOHO router, will that accomplish automatic failover
to the SOHO router if the T1 drops?

Likewise, once the T1 is up, if we turn off the SOHO router for a minute or
so, will the machines failback to the T1?

TIA

Jeff Vandervoort
JRVsystems

 

[Steven L Umbach]

That will not work the way you want. Multiple default gateways can be used
for dead gateway detection but the problem is that when the operating system
switches to the next default gateway, it will stay there until it detects
that it is down and will not automatically switch back to the "preferred"
default gateway. I do not know exactly how you connect a T1 line but there
are firewall/NAT router devices that can accept multiple wan connections and
will act to load balance and provide automatic failover protection. I have
not tried one myself yet. I know Linksys makes at least three devices that
can do this and so does Sonicwall with an OS upgrade. --- Steve

http://www.linksys.com/products/product.asp?grid=34&scid=29&prid=589 --
Linksys device.
http://www.sonicwall.com/products/tz170.html -- Sonicwall device.

 

[Jeff Vandervoort]

Thanks for your reply, Steven.

Seems like, when the T comes back up, if we tell the office manager to
unplug the SOHO firewall for 1 minute, the Windows machines would all switch
back to the "preferred" router. The SOHO firewall would, for that minute, be
the dead gateway. That's something we can arrange pretty easily. Correct?

This client says he's heard routers that provide redundant connections don't
work very well unless you're switching between 2 identical physical
networks: DSL and DSL, or cable and cable, or T1 and T1, or 100BaseTX and
100BaseTX. True? Don't know why that would be, and I don't have any
experience with it, but he's pretty set against it, hence this arrangement.

A router without NAT that supports redundant connections would be better for
us. Only the port on the Internet side needs to be protected; the port that
goes to the T1, which is part of the private network, can't be firewalled or
AD (among other things) won't work. Any economical recommendations for a
router like that?

 

[Steven L Umbach]

In theory that should work but I have never really tried "forcing " a
computer back to the preferred default gateway and that would need some
testing to see how well it works. I have never had any direct experience
with a configuration using a device that can manage default gateways, I have
just read about them so I can not recommend one. You might try emailing
Sonicwall explaining your needs to see what solution they can offer. If the
T1 line is fairly reliable the solution with trying to force the default
gateways to change back by unplugging the backup line may be something to
consider after testing that it would work keeping in mind that it would work
only for computers currently using the default gateway as idle or inactive
computers would still use the backup gateway if the backup connection was
reconnected before they had a need to use it.. --- Steve

http://www.microsoft.com/technet/community/columns/cableguy/cg0903.mspx --
Windows default gateway behavior.