Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sagar_Manandhar
Advisor

static nat single host to multiple ISP IP's for failover

Hi,

I am trying to NAT single host statically to 2 different ISP for failover purpose for publicly hosted servers . Is it possible using manual NAT? Guide me on this... Thanks in advance

0 Kudos
7 Replies
Chris_Atkinson
Employee Employee
Employee

Using manual NAT this should be straight forward, are you using the ISP redundancy feature?

The only caveat that I can think of otherwise is that you'll likely need some PBR (source routing) or similar for the return traffic.

CCSM R77/R80/ELITE
0 Kudos
Wolfgang
Authority
Authority

With ISP redundancy enabled the return traffic will be no problem. Outgoing return traffic is sent via the same interface from  incoming.

Sagar_Manandhar
Advisor

we are using load sharing in our environment and PBR doesn't work in this scenario. Is their any alternative solution for this?

0 Kudos
Wolfgang
Authority
Authority

for incoming connections only (your webserver will be reachable via 2 external IPs) you have to define two manual NAT rules 

Screenshot 2022-04-11 105617.png

Sagar_Manandhar
Advisor

Is there any solution for outgoing traffic so that if single nat fail, nat automatically switch to another in load sharing environment.

0 Kudos
Wolfgang
Authority
Authority

@Sagar_Manandhar maybee you can provide more details of your use case. 

With the shown NAT rules your internal webserver can be reached via the IP address from ISP_A and via the IP address from ISP_B. Both are active at all the time. The return traffic from your webserver will be routed through the same ISP as it coming in. An incoming packet via ISP_A will be forwarded to your webserver and the return packet will be send out via ISP_A. This is how ISP redundancy works.

You have to define both external IPs in the external DNS for name resolution of your webserver. In case one of the ISPs is failing the failing ISPs external IP address has to be removed from this DNS record. If you want to have an automatic change of the DNS records you can use DNS proxy feature of ISP redundancy.

But I would prefer an external solution to check the availability of your ISPs and route the traffoc to the right incoming site. Something like Azure Traffic Manger as an example, they can probe your webserver via both ISPs and change DNS following the availability.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Agreed, the problem statement should be clarified. It still remains unclear if ISP redundancy (check point feature as different to the concept is being used here).

Provider independent addressing and a GTM solution would certainly help!

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events