Koozali.org: home of the SME Server
Contribs.org Forums => General Discussion => Topic started by: dbaddour955 on October 25, 2022, 02:00:36 PM
-
Hello,
we are an international company, but our main office are in Canada one on the east coast and one in the west coast. with multiple offices around the globe.
our set up now is all external office connection with SME GW to our west coast network via site-to-site. Now we are looking for a redundant solution since if the network went down on the west coast none of these offices can connect to any of the company internal network. I was wondering if it is possible without any conflict with network connection to install a secondary SME GW site to site in our east coast location that will have all other offices with the exception of our west coast location to be as client to E.coast location and that will not interfere or cause any network issues as long they are on different subnet/IPs?
any suggestions?
Thank you
-
Globally i would say yes possible.
you could make a round robin domain name that would connect to the first answering ip to connect as vpn. then all is a matter of addressing the routes correctly between the two major sites and having backups ready to roll
-
Be good if you can post any information on how you do this for other people.
We can make a wiki page on it!
-
Good Day and thank you for the reply.
I totally understand your point. all we are looking for is the keep the business going if the main site goes down, that either auto redundant or a user be able to switch to a different VPN connection/Config.
With any requirements all must have a start up point to implement and what I am looking for is where to start? I can implement an SME/GW/VPN main server in our east cost location and have another SME/VPN installed on the other sites. but what I am worried about if I am going to face with conflict (even of course they will be on totally different subnet/IP then the original one) if will be a conflict within the network if this scenario was implemented and break something on the network. Unfortunate I do not have a sand box to test with this kind wide area and locations. Haven't said that I may have to test in off hours but with live connections?
suggestions or how to will be much appreciated.. I believe we have other that looking for the same solution
thank you so much for all of your help and reply..DB
-
Good Day and thank you for the reply.
Sorry - he is a spammer. Had to remove the post.
Your query is complex. There is no 'one size fits all' or out of the box solution. Failover and load balancing are always tricky.
As JP suggested, you could have a round robin domain that can connect to any of the gateway servers, and the gateway servers each then handle the internal routing. So West knows how to route to East and East knows how to route to West etc.
See this for more on DNS.
https://www.cloudflare.com/en-gb/learning/dns/glossary/round-robin-dns/
-
as told by Reetp there is no one size fit all and it is important for you to state what are the essential services and on wich coast they are and how you plan to failover if the main service is unreachable.
I mean if your main application is on a east coast computer and the vpn for roadwarriors to east coast is unreachable, chance are that the s2s is also down. so you need to have some sort of heartbeat or slave replication at least for read only consultation on the west coast when the s2s fails in order to have the service available. you also need some script to mod the vpn dns to point to the local west coast read only replica instead of the main on the east coast main service.
all of this is doable, but this is way more advance than the purpose of SME, while doable with SME, and will need some advanced skills to deploy it.
this is advance professional level service.
-
interesting information