Fog Creek Software
Discussion Board




Surviving unreliable internet connections

I have a local network serving web/db developers accessing databases/webservers located at a remote site. Link: Connecting the two site are two firewalls utilizing VPN configurations. End Point 1: The DSL is linking our office to the net. End Point 2: The connection to the remote servers are served by reputable ISPs and can be treated as clean ethernet straight to the box.

Our DSL is terribly unreliable (though no more unreliable than cable or a really bad T1) and we hope to add a separate line for the office will help. We are wondering if a cable + dsl solution is possible where:

<<The firewall knows to route all VPN packets automatically using the alternative route when the primary route goes down. >>

We hope all existing connections within the VPN will survive such transition and the latter resumption. In fact, this is one of the major reasons for the additional network investment. We have long running database and web jobs that would be much more difficult to program without this additional reliability.

How do we do this if on both ends of the VPN the protection is CheckPoint? How do we do this with major Linux/OpenBSD VPNs? Can you offer any articles or explain below? Thank you so very much!! :-)

Anonymous
Monday, August 11, 2003

Why not go for a partial T1? 

GiorgioG
Monday, August 11, 2003

I know it's hard for some to believe, but before we went DSL we were on T1 for quite a while, but it was unreliable. We know T1 isn't normally like this (in fact, most people's experience has been it's rarely unreliable), but the downtime was staring at us straight from the logs.

Anonymous
Monday, August 11, 2003

You have a network problem.

I've been on a lot of networks, and every time there's been a "flaky internet connection" the problem has been the network configuration. The littlest thing can cause lost packets, corrupt packets, etc, etc.

Get a good sysadmin in to look over your network.

"The firewall knows to route all VPN packets automatically using the alternative route when the primary route goes down."

This may have changed recently, but in my experience this is *really* hard to do. I believe current hardware solutions run tens of thousands of dollars to make this work, but others more knowledgeable may correct me on this.

Philo

Philo
Monday, August 11, 2003

VRRP

Obvious Man
Tuesday, August 12, 2003

*  Recent Topics

*  Fog Creek Home