On Thu, May 2, 2013 at 8:14 AM, Michael Mol <mikemol at gmail.com> wrote: > > Ultimately, for this to work cleanly, anything which requires a public > IP (be it a raw authoritative DNS server or a load balancer) will > require an IP on both public subnets. No it doesn't, as long as you don't mind losing the source IP for logging or configure your http proxy to pass it. You can use separate front end proxies or load balancers on each public range, with its default gateway pointing toward the ISP handling it. DNS service is simple enough to have standalone servers for each instance you need. Web browsers are actually very good at handling multiple IPs in DNS responses and doing their own failover if some of the IPs don't respond. SMTP will retry following your MX priorities. For other services you might need to actively change DNS to drop IPs if you know they have become unreachable, though. > The only blocker right now is getting CentOS to do source-policy routing > properly. It's a black art - I'd give up the source IP logging first and rely on the back end servers sending back to the proxy that received the request and only has the default route to that one ISP. -- Les Mikesell lesmikesell at gmail.com