Internet Failover

Internet Failover Strategies for Small Business

Cloud service providers can easily outperform small businesses in systems availability and data protection. By using cloud applications and storage, small businesses can reduce their IT costs, ramp up new capacity easily, and increase their systems reliability. That is, as long as they can stay connected to the Internet. By using an Internet failover system, small businesses can remove that single point of failure in their cloud computing strategy.

Building Better Internet Reliability

Building more reliable Internet connectivity doesn’t need to be complex or expensive. Internet reliability can be built in stages with each step adding more reliability. 

Step 1 – Business Class Internet Service

The first step is to upgrade to a business class Internet service if you are not already using one. They are more suitable for the uptime requirements of a business.  Business class Internet services provide higher priority service levels than consumer class Internet services. If your circuit goes down, you want it back up as soon as possible.
Business class Internet services also include dedicated IP addresses and greater upload speeds, important for on-site web or email servers.

Internet failover

Getting your Internet service restored after an outage as fast as possible is imperative. The only thing better would be if your Internet connection never went down in the first place.

You can have this kind of protection by installing a second Internet connection and configuring your router to automatically failover to a good connection when the other goes down. 

Since you are trying to eliminate single points of failure, you should use a different Internet Services Provider (ISP) for your second Internet circuit. Using a different ISP for your failover circuit protects you if your ISP has infrastructure or routing problems. If both circuits were with the same ISP, the failover circuit could go down with your primary circuit.

Improved performance is another benefit of having two circuits. You can load balance your Internet traffic between the two circuits, but our primary goal here is to automatically fail over to a secondary Internet circuit if the primary circuit goes down.

Step 2 – Internet Failover with Single Router and Two Internet Circuits


Single Router/Firewall – Two Internet Circuits

With this method, each ISP Internet circuit connects to a single Internet router or router/firewall. In a typical configuration for a small business, one circuit may be a business class Internet service with your local cable TV/Internet company, while the other is business class Internet service using DSL provided by your local phone company.
You can reduce the monthly cost of your failover system by using a slower, less expensive connection as the secondary circuit. You will need to determine if you can operate with reduced capacity in the event of an outage until your primary circuit can be repaired. Measuring your Internet circuit utilization over time before you provision a second circuit can help you decide. 
The cost of deploying this solution includes the one time cost of an Internet router with failover capability, the installation and monthly cost of another Internet circuit, and the installation and configuration of the router. Both Cisco and Sonicwall offer affordable router/firewalls with failover ability. 
A backup, business class, DSL Internet connection in my area starts at $45/mo for a 3 Mbps circuit and goes to $120/mo for a 40 Mbps circuit. My local cable TV/Internet company provides business-class Internet starting at $80/mo for a 7 Mbps circuit and goes as high as $466/mo for a 100 Mbps Internet circuit.



Step 3 – Internet Failover with Two Routers and Two Internet Circuits

 Two Router/Firewall – Two Internet Circuits
With Step 3, each ISP Internet circuit connects to its own Internet router/firewall. With this step, you will eliminate another single point of failure (the router). 
Other advantages of this configuration are increased Internet performance and the ability to upgrade circuits or routers with no downtime.
You can build on step 2 with this method or deploy it immediately after you provision your secondary Internet circuit. If your business plan includes a second site, you may want to consider buying a second router that can connect or be upgraded to multiple circuits.


OSPF or Open Shortest Path First is a “link state” routing protocol that allows computers to detect the open shortest path to their communications destination. OSPF automatically calculates optimal routes using link data on bandwidth, delay, and reliability. When multiple routers are connected to the Internet, this is an important part of a failover strategy.
Using OSPF, when a path to the Internet is no longer available for any reason – an on-site router failure, circuit failure, an ISP router failure, ISP equipment failure, or IPS upstream connection failure  – other routers automatically update their information on the best path to the Internet. 
These route updates happen in milliseconds, so even link congestion can cause traffic to be diverted onto a faster circuit, and then back again when congestion is alleviated. OSPF not only tells your network computers the best way to get to the Internet but can also be configured to “load balance” the circuits for optimal utilization. Along with the obvious additional bandwidth of two circuits, this load balancing helps increase the overall performance of your networks’ Internet connectivity.
In this scenario, OSPF is only used when Internet communication is initiated from inside your networks. The path back is sent along with the data so resulting inbound communications (downloads) will also use the same path. For communications to your network that are initiated from the Internet, the receiving computer’s address is looked up by DNS (domain name system). This is important if you have a email server, web server, or terminal server on your network. In that case, with a circuit failure, you will need to use dynamic DNS (see below).

Two Locations – Two Router/Firewalls – Two Internet and WAN Circuits

Two Locations -Two Router/Firewalls – Two Internet Circuits
With this method, like step 2, each ISP Internet circuit connects to its own Internet router/firewall, but the router/firewalls are in different locations, and the locations connect with a private WAN (wide area network) circuit.
You can also provide redundancy for your WAN connection with a VPN that connects your locations with an encrypted “tunnel” over your Internet connections. The VPN can be configured as an automatic failover circuit for your WAN. As in step one, OSPF is used to route outbound traffic to the Internet. If the WAN connection fails, OSPF can be used to route traffic to your other network across the VPN, providing automatic failover for your WAN as well.



Dynamic DNS

If you plan to host your own web server, email server, or terminal server on-site, you will need a dynamic DNS provider. DNS is what translates a web address (domain name) like to an IP address. 

Each ISP will assign you IP addresses from their respective networks. Because you will want your customers to reach your web server if one of your Internet circuits goes down, you will need a dynamic DNS service 

A dynamic DNS provider will constantly monitor each of your Internet connections from multiple locations. If they detect that one of your circuits is down, they will change the corresponding IP address of your server’s domain name to an address assigned by the ISP of the circuit that is still up. 

Normally DNS changes can take a while to propagate to computers and other DNS servers, but dynamic DNS services will set the TTL (time to live) of your domain names to one minute. When a computer looks in its cached DNS records, it will see the one minute TTL, and request a new record from the DNS source of authority – your dynamic DNS service. 

Two reliable dynamic DNS providers are zoneedit and Dyn. There are others, but many only provide services for home users that need to access their computers remotely.

In summary

The combination of multiple Internet circuits, OSPF, and dynamic DNS will provide reliable Internet connectivity for your cloud applications, web servers, email servers, and terminal servers*. These methods will scale to almost any size of business and number of locations and circuits.

These methods are complex to configure. You will need to hire an IT network professional to spec, install and configure your equipment. They will need to work with your ISP and DNS providers, to ensure the needed services are understood, configured properly, and thoroughly tested. 

Weighed against the advantages of cloud computing, reliable Internet connectivity can be cost-effective for small businesses. Fear of Internet outages should not keep your business from using cloud applications and services. 
*Terminal servers communications are very active by nature. Unlike web servers that receive a request, then send a page, terminal servers constantly send and receive acks (acknowledgments). Even with one minute TTL DNS records, terminal server clients will lose their connection temporarily. They can manually re-initiate communications in less than a minute, but this can be a nuisance for terminal server users. Since Microsoft Server 2003, terminal server has included an automatic reconnection feature, but it will need to be configured for your specific environment and applications.
For more information:

No Comments

Please join the discussion! Tell us what you think.

%d bloggers like this: