Redundancy for customer with 2 ISPs

For a cloud hosted server, what is the best way to create redundancy for a customer who has 2 ISPs? I.E. Their router will fail over and all of a sudden you are natting out of a completely different IP. Of course you get the gap of time when the phones don’t even know the NAT has changed and you have to wait for the interval times for the phones to begin working again or reboot them to speed up the process.

Use border gateway protocol and obtain your own autonomous system number. This will normally require you use serious business oriented accounts.

2 Likes

BGP as recommended by @david55 is of course the best solution. If that’s not feasible, set a short registration expiry on the phones, e.g. 120 seconds. Also, test the router/firewall to confirm that the failover occurs quickly, say within 30 seconds, but it doesn’t false trigger on a couple of missed packets.

About how often does this failover happen? If it’s a frequent occurrence (the main ISP is unreliable and they can’t/won’t fix it), but the backup (presumably slower) ISP is solid, consider setting up the router/firewall for the phones to use the secondary ISP normally, failing over to the main.

BGP feasibility analysis

Both of the OP’s ISPs would need to be BGP capable and so be provisioned to accept your advertisements , there would need to be a local BGP enabled router to advertise any changed routes, the OP would need to buy and maintain an ASN, so likely inappropriate for most folks here.

Many phones have a setup for a secondary registrar so if they are external that should work , many VSPs also provide a ‘reroute’ facility by DID for failing inbound calls.

FreePBX also provides for fail-over outbound routing and will listen by port on all working interfaces for inbound calls and registrations

Even most prosumer routers do BGP, for example
https://www.amazon.com/Mikrotik-RB750Gr3-5-port-Ethernet-Gigabit/dp/B01MSUMVUB
under $60.

I thought about that, but he’s got a cloud PBX. Perhaps get a second IP address for the PBX and set up the local router so registrations sent to the two addresses go out via the two ISPs.

Not relevant for the OP’s cloud PBX, however most organizations with redundant internet also have UPS and generator, so moving the PBX inhouse may be a good choice. An ISP outage would still drop calls, though the system would be immediately available for new calls. However, if most calls are in a queue, on hold, or leaving voicemail, the on-site system could actually be worse.

$13/mo. isn’t awful, adding e.g. less than 3% to a $500/mo. phone bill.

Yes, I did miss the cloud bit, but given that and the cloud server is ‘robust’ then all that ASN BGP is moot.

So a rework, iproute2 is pretty robust for multi-homed networks and used by most lini , likely it will self heal quickly in the absence of the default route. Internal phones should not need to know how the traffic is routed by the router which connects by whatever route works to the cloud service, or am I missing something here?

WTF? Why is BGP even being talked about here? It’s an outlandish suggestion for people to be given when they are asking about WAN failover between two ISPs.

  1. You need to get an ASN and at least a /24 of IPv4 because they will not route less than that.
  2. It will probably take over a year to get a proper /24 assigned unless they pay someone a lot of money to get a /24 transferred.
  3. You would need to get both ISPs to advertise said BGP for you. Good luck with that, they generally don’t.

Oh yeah and the big one, this is still going to be two ISPs and a failover setup. It doesn’t matter if both IPs are from the same /24, when ISP A fails and moves over to ISP B guess what still happens? The WAN IP is going to change and thus you are back in the exact same boat you started in. The remote side having to deal with the failover and all the existing connections in the router still using the old IP.

Also, no. You cannot float the WAN IP between two ISPs since that will require them to play nice with each other and well do a lot of routing for you. Not really going to happen.

So, how about we offer a solution that isn’t going to cost the OP a few grand (at least), require them to wade through ARIN’s process to wait for a /24 that they might get and then have to fight with ISPs to have them announce it. Specially since it really doesn’t solve the original ask.

1 Like

If the network doesnt failover properly or the connections arent refreshed then the secondary wont work. The secondary registration is for when the host they are registering to stops responding. Not when the Internet connection of the phone stops working.

I would tend to agree that an onsite PBX is the best solution, regardless of which WAN interface is being used on failover. Phones would still maintain a local IP, and authorized IPs will be allowed through the freepbx firewall. This seems like the most simple solution ?

1 Like

This is a good and straightforward solution with one catch. If you are using FreePBX’s NAT handling (most people do), then FreePBX needs to know about its external IP.

If failover is infrequent and not “flappy” then a simple script[1] can periodically check the external IP, check it against what FreePBX knows, and if different, update FreePBX and reload. Any outage time would be reduced to the amount of time between checks (you could put the script in crontab for every minute).

Another possible way to deal with this, if you have a smart enough router, is to use SIP ALG on the router and let it handle NAT fixing for you. The benefit of this is that it knows the WAN IP address all the time and should seamlessly fix your SIP traffic going to the internet without you having to do anything.


[1] sample script:

#!/bin/bash

CURR_EXT_IP=$( /usr/sbin/fwconsole kvstore --action get --key externip Sipsettings )
REAL_EXT_IP=\"$( curl -s http://whatismyip.akamai.com )\"

if ! [[ $REAL_EXT_IP =~ ^\"[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\"$ ]] ; then
	# don't do anything; got a bad response from the curl
	exit
fi

MAILMSG="Current known IP is $CURR_EXT_IP\n"
MAILMSG+="New IP is $REAL_EXT_IP\n"

if [ $CURR_EXT_IP == $REAL_EXT_IP ] ; then
	# echo "No change in IP"
	exit	
else
	# echo "External IP changed"
	MAILMSG+="Updating PBXact:\n"
	MAILMSG+=$( /usr/sbin/fwconsole kvstore --action set --key externip --value $REAL_EXT_IP Sipsettings )
	MAILMSG+="\n"
	MAILMSG+=$( /usr/sbin/fwconsole r )
	MAILMSG+="\n"
	# do the following if you have PJSIP transport reload disabled - need to restart asterisk
	MAILMSG+="Need to restart Asterisk for this change:\n"
	MAILMSG+=$( /usr/sbin/asterisk -rx "core restart when convenient" )
	MAILMSG+="\n"
	
	# notify
	echo -e "$MAILMSG" | mail -s "PBX IP address change" [email protected]
fi

The phones are registered from the primary ISP in the PBX. When a failover occurs, which isn’t often, the phones will still be registered from the primary ISP. I suppose the OP wants to know the fastest way to have the phones wake up on the failover ISP so registrations reflect this. Rebooting the phones is a popular method, or waiting for the intervals.

On onsite PBX should eliminate the issues in that they will be on the LAN. It seems all that matters is the trunk. If you are using IP authentication with your provider, you should be able to allow access on the trunk from multiple IP addresses.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.