Zero Downtime Networking: Automated ISP Failover in a Dual-ISP Banking Environment
Abstract
Uptime is one of the vital requirements for enterprise businesses; hence a continuous internet connection is a crucial factor driving business continuity in modern organizations. In this blog, were going to discuss the topic of firewall failover with dual-ISP and how it is critical for high availability. Intelligent failover mechanisms allow for seamless traffic redirection during link or upstream product failures using a Cogent Communications ISP and Sudatel Telecom Group. It then focuses on SLA-based health checks, path diversity, and real-time monitoring as opposed to basic link-status detection. The post also describes common methods for implementation, including native firewall features, routing protocols, and automation scripts, before suggesting best practices to prevent issues like link flapping and false failovers. In the end, it all goes to show that when designing for failover to be successful, you must build a network infrastructure that is resilient and efficient along with high availability.
Let’s deep and dive to automate this script by below scenario
Scenario- Jisanth works as a SOC engineer at Barclays, where he supports critical financial applications running in the backend infrastructure. To ensure high availability and uninterrupted service, the organization uses a dual-ISP setup with Cogent Communications as the primary link and Sudatel Telecom Group as the secondary link.
.png)
In the event of an optical fiber cut (OFC) or any hardware-related failure affecting the primary connection, network traffic is automatically redirected to the secondary ISP. This failover process is seamless and designed to operate without manual intervention. As a result, end users typically do not experience any noticeable disruption, ensuring continuous access to critical financial services and maintaining the reliability expected in a banking environment.
.png)
import requests
import json
import os
import time
from netmiko import ConnectHandler
from requests.auth import HTTPBasicAuth
from getpass import getpass
# Configuration
PRIMARY_IP = "8.8.8.8" # Internet check
CHECK_INTERVAL = 5 # seconds
def csr_int_conf(csr_url,csr_auth,csr_headers):
int_name = input("Enter the interface name : ")
int_ip = input("Enter Ip address: ")
int_mask = input ("Enter subnet mask: ")
int_desc = input("Enter interface description: ")
int_paylod = {
"interface":
{
"name": int_name,
"description":int_desc,
"type": "iana-if-type:softwareLoopback",
"enabled": True,
"ietf-ip:ipv4": {
"address": [
{
"ip":int_ip,
"netmask": int_mask
}
]
}
}
}
int_conf = requests.post(url = csr_url, auth = csr_auth, headers = csr_headers, data = json.dumps(int_paylod), verify = False)
print(int_conf.status_code)
print(int_conf.text)
def asa_int_conf(asa_url, asa_creds, asa_headers):
int_name = input("Enter the interface name: ")
int_zone = input("Enter the interface Zone name: ")
int_ip = input("Enter the interface IP address: ")
int_mask = input("Enter the interface subnet mask: ")
int_payload = {
"securityLevel": 0,
"kind": "object#GigabitInterface",
"channelGroupMode": "active",
"flowcontrolLow": -1,
"name": int_zone,
"duplex": "auto",
"forwardTrafficSFR": False,
"hardwareID": int_name,
"mtu": 1500,
"lacpPriority": -1,
"flowcontrolHigh": -1,
"ipAddress": {
"ip": {
"kind": "IPv4Address",
"value": int_ip
},
"kind": "StaticIP",
"netMask": {
"kind": "IPv4NetMask",
"value": int_mask
}
},
"flowcontrolOn": False,
"shutdown": False,
"interfaceDesc": "Configured using RESTAPI",
"managementOnly": False,
"channelGroupID": "",
"speed": "auto",
"forwardTrafficCX": False,
"flowcontrolPeriod": -1
}
def check_primary():
response = os.system(f"ping -c 1 {int_ip} > /dev/null 2>&1")
return response == 0
def failover_action():
print("Primary link DOWN! Switching to backup...")
net_connect = ConnectHandler(**asa_int_conf)
commands = [
"config system interface",
"edit wan1",
"set status down",
"next",
"edit wan2",
"set status up",
"end"
]
net_connect.send_config_set(commands)
net_connect.disconnect()
print(" Failover completed!")
# Main loop
while True:
if not CHECK_INTERVAL ()
failover_action()
break
else:
print(" Primary link is UP")
time.sleep(CHECK_INTERVAL).png)
Network traffic from a primary internet service provider to its secondary in case of degradation or failure of the former link. Standard high-availability design, with two ISPs (e.g. primary link Cogent Communications, backup Sudatel Telecom Group), relies on automation to constantly check the health of links using ICMP, HTTP probes or service level agreement tracking. In case the primary link goes down (like fibre cuts, hardware failure), automated scripts or systems take action to failover in a matter of seconds on the backup ISP and traffic is forwarded with no manual intervention required.
This design greatly improves network availability, redundancy and operational efficiency in actual production environments. It reduces downtime, safeguards availability of vital applications, and keeps a consistent experience for users—all without them realizing that the transition is occurring. Automation also helps mitigate human errors, speeds up response time and provides consistent failover behavior across complex infrastructures. Native solutions such as SD-WAN or IP SLA is the preferred approach for deterministic performance, automation becomes valuable for custom scenarios, monitoring and integration with macro-network orchestration systems.
In summary, automated ISP failover plays a critical role in modern network architecture, ensuring high availability, business continuity, and reliable service delivery across the internet.
Comments (3)
Great introduction! Looking forward to more HTML5 articles.
Thanks Jane! We have more articles coming soon 🚀
This helped me understand semantic tags better. Thanks!
Could you also write about Canvas API in detail?
Leave a Comment