Results 1 to 12 of 12

Thread: Network 'peering' sanity check.

  1. #1
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,459
    Thanks
    1,539
    Thanked
    1,024 times in 868 posts

    Network 'peering' sanity check.

    So, the scenario is as follows: there are 2 separate LANs each with a NAT gateway and Internet connection but they need to be joined together somehow to allow traffic to flow over that link rather than over the Internet. A VPN is not suitable since the connection needs to be high-speed (100Mb/s) and low-latency. Also combining the networks to use the same Internet connection isn't possible so I was thinking about 'peering' the networks, setting up *nix-based routers in front of both gateways to route traffic between the two networks over a separate connection rather than out over the Internet. I think static routing with a few simple rules would be sufficient since there would only be the one WAN-facing IP in each network. So before I start experimenting with this, does it sound plausible?
    Thanks

  2. #2
    Senior Member
    Join Date
    Mar 2005
    Posts
    4,826
    Thanks
    161
    Thanked
    358 times in 288 posts
    • badass's system
      • Motherboard:
      • ASUS P8Z77-m pro
      • CPU:
      • Core i5 3570K
      • Memory:
      • 32GB
      • Storage:
      • 1TB Samsung 850 EVO, 2TB WD Green
      • Graphics card(s):
      • Radeon RX 580
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG02-F
      • Operating System:
      • Windows 10 X64
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • 80/20 FTTC

    Re: Network 'peering' sanity check.

    Quote Originally Posted by watercooled View Post
    So, the scenario is as follows: there are 2 separate LANs each with a NAT gateway and Internet connection but they need to be joined together somehow to allow traffic to flow over that link rather than over the Internet. A VPN is not suitable since the connection needs to be high-speed (100Mb/s) and low-latency. Also combining the networks to use the same Internet connection isn't possible so I was thinking about 'peering' the networks, setting up *nix-based routers in front of both gateways to route traffic between the two networks over a separate connection rather than out over the Internet. I think static routing with a few simple rules would be sufficient since there would only be the one WAN-facing IP in each network. So before I start experimenting with this, does it sound plausible?
    Thanks
    Sounds like the simplest solution. Personally I'd see if I can get hardware routers instead of *nix boxes unless cost of entry or mission creep were a concern. Also, if you want redundancy, you could implement a dynamic routing protocol on the routers and a VPN connection between the firewalls. The routers would need the dynamic protocol to have a lower metric and a static route pointing to the firewalls with a higher metric. The end result should be that provided the 100mbit link is up, the route used is the one from the dynamic routing protocol and if the link goes down, the dynamic protocol will have no route so the static route is used.
    Last edited by badass; 14-09-2010 at 05:31 PM.
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

  3. Received thanks from:

    watercooled (14-09-2010)

  4. #3
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,459
    Thanks
    1,539
    Thanked
    1,024 times in 868 posts

    Re: Network 'peering' sanity check.

    Thanks for the ideas. Ideally I want to keep costs low so I was thinking a *nix router naturally but I've read about a company, MikroTik who make "Routerboards". They're about the same size+layout as consumer routers but they have 5 properly routed ports plus a custom OS apparently based on Linux. I'm not really sure how they compare to other routers though or if I could find another hardware router for a more reasonable price. I'm not anticipating mission creep but if I used Linux I'd probably end up finding stuff to tinker with anyway. Would it not be possible to use a single dynamic protocol to just route traffic back over the Internet should the link fail? Also which protocol do you think would be most appropriate for this setup?
    Thanks again.

  5. #4
    Senior Member
    Join Date
    Mar 2005
    Posts
    4,826
    Thanks
    161
    Thanked
    358 times in 288 posts
    • badass's system
      • Motherboard:
      • ASUS P8Z77-m pro
      • CPU:
      • Core i5 3570K
      • Memory:
      • 32GB
      • Storage:
      • 1TB Samsung 850 EVO, 2TB WD Green
      • Graphics card(s):
      • Radeon RX 580
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG02-F
      • Operating System:
      • Windows 10 X64
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • 80/20 FTTC

    Re: Network 'peering' sanity check.

    Quote Originally Posted by watercooled View Post
    Thanks for the ideas. Ideally I want to keep costs low so I was thinking a *nix router naturally but I've read about a company, MikroTik who make "Routerboards". They're about the same size+layout as consumer routers but they have 5 properly routed ports plus a custom OS apparently based on Linux. I'm not really sure how they compare to other routers though or if I could find another hardware router for a more reasonable price. I'm not anticipating mission creep but if I used Linux I'd probably end up finding stuff to tinker with anyway. Would it not be possible to use a single dynamic protocol to just route traffic back over the Internet should the link fail? Also which protocol do you think would be most appropriate for this setup?
    Thanks again.
    I'd have to have a proper think about it when I'm a bit more awake but I'm thinking for simplicity's sake, RIP v1 or v2 can be used. TBH I've only used EIGRP in production because of it's simplicity, flexibility and the fact that I only use Cisco routers. OSPF should also work. The reason I've suggested the static/dynamic mix is because I've never seen neighbors for any routing protocol in different subnets in production, though i've only dealt with up to medium sized internetworks so far. I'll have a think about that tomorrow when I can remember how RIP works!
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

  6. Received thanks from:

    watercooled (14-09-2010)

  7. #5
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,459
    Thanks
    1,539
    Thanked
    1,024 times in 868 posts

    Re: Network 'peering' sanity check.

    Haha yeah it's a bit mind-numbing trying to think about it when you're tired! I get the feeling this is something that would be easier to just try rather than trying to think about it too much.
    Last edited by watercooled; 14-09-2010 at 10:51 PM.

  8. #6
    Senior Member
    Join Date
    Mar 2005
    Posts
    4,826
    Thanks
    161
    Thanked
    358 times in 288 posts
    • badass's system
      • Motherboard:
      • ASUS P8Z77-m pro
      • CPU:
      • Core i5 3570K
      • Memory:
      • 32GB
      • Storage:
      • 1TB Samsung 850 EVO, 2TB WD Green
      • Graphics card(s):
      • Radeon RX 580
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG02-F
      • Operating System:
      • Windows 10 X64
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • 80/20 FTTC

    Re: Network 'peering' sanity check.

    Quote Originally Posted by watercooled View Post
    Haha yeah it's a bit mind-numbing trying to think about it when you're tired! I get the feeling this is something that would be easier to just try rather than trying to think about it too much.
    Yep!

    I've had a think about it and off the top of my head the main argument against having routers interfaces in different subnets is that you would have to do a lot of messing around with multicasting settings on all of the devices in between, or in the case of RIP v1 it simply won't work as it uses broadcasts. This would make it a lot more complicated and so a lot more likely to fail. I would also bet a kit-kat that it's complately against best practice of any networking kit manufacturer.
    The only disadvantage of the static/dynamic route mix (as opposed to a dynamic/dynamic setup) is that all traffic will go over the dynamically routed interface until there is a failure, at which point all traffic will go over the VPN tunnel. However RIP and RIPv2 only do round robin load balancing so half your traffic would be going over the high latency, low speed link and half going over the high speed, low latency link. The end result would be your max bandwidth would be just double the VPN tunnel's max bandwidth!
    EIGRP can do vastly better load balancing but it's still not useful in this situation TBH. I can't remember how OSPF load balancing works as I haven't used it in production ever.
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

  9. Received thanks from:

    watercooled (17-09-2010)

  10. #7
    Registered+
    Join Date
    Feb 2008
    Posts
    57
    Thanks
    0
    Thanked
    5 times in 5 posts

    Re: Network 'peering' sanity check.

    How are (or will) the 2 networks connected at layer 1 i.e. physically? That will dictate the options open to you.... A simple tunnel may be the way to go, GRE, IPIP etc. As for RouterBoards, very good kit for the price, you can get the RB750G for ~£50 which gives you 5 Gbit ports, a programmable switch chip, support for everything from RIP to BGP, from PPP to layer 7 packet filtering and they even support MPLS. For some reason they don't support GRE tunnels though (unless as part of an EoIP tunnel). I use lots in production networks running OSPF and rarely get a problem, CLI is interesting to start with but it's not bad once you're used to it.

    Anyway, let us know about the topology then I can make a suggestion

  11. Received thanks from:

    watercooled (17-09-2010)

  12. #8
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,459
    Thanks
    1,539
    Thanked
    1,024 times in 868 posts

    Re: Network 'peering' sanity check.

    I may be overcomplicating this more than I need to, essentially what I want is a sort of direct VPN connection. One of the reasons I was trying to keep the routers on the public IP side is because I'm not entirely sure how SIP establishes connections and if possible it's one of the things which could go over the local link, i.e. if the routers were part of 'The Internet' then streams would go over the link regardless. This is where NAT becomes a real PITA. Anyway, the networks are both pretty simple, Cable/xDSL--->NAT Gateway--->Switches, etc all over Ethernet. The link between the two will probably be copper Ethernet too but possibly multi-mode fibre, not that it should matter. It doesn't really matter how they end up connected provided it works, I'm expecting to need to get more equipment anyway.

  13. #9
    Registered+
    Join Date
    Feb 2008
    Posts
    57
    Thanks
    0
    Thanked
    5 times in 5 posts

    Re: Network 'peering' sanity check.

    If you're thinking of installing RB750Gs then they can do the NAT for you so you may as well replace the current NAT devices. Once you've done that then you can just patch one RB750G in to the other, stick the relevant IPs on the interfaces and add your static routes and you're done. However if the two RB750Gs are going to be close enough to each other to patch from one to the other with copper then you may as well just use a single RB750G as the gateway for both networks.

    If you stick with the 2 gateway approach for whatever reason and you want failover in case the direct link fails (cable damage, port failure etc.) and really want/need to avoid NAT then build a tunnel between the 2 gateways and run a routing protocol that's weighted to favour the direct link rather than the tunnel. In normal use the direct link will be used, in the event the direct link fails the traffic will be routed over the tunnel and you'll still be able to use the private IP addressing scheme on your LANs and won't have to worry about NAT.

    SIP and NAT can play nice together however your success depends on a variety of things such as where the SIP server(s) sit(s), whether the NAT devices have a SIP helper (MikroTik units do) and whether your SIP proxy tries to do reinvites once a call is set up. If you manage the SIP server(s) all this is resolvable, if you don't then you may get stuck so you'll need to test everything first.

    To give you a definitive solution I'd need a topology map and to know exactly what you need the networks to do

  14. Received thanks from:

    watercooled (08-10-2010)

  15. #10
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,459
    Thanks
    1,539
    Thanked
    1,024 times in 868 posts

    Re: Network 'peering' sanity check.

    Sorry for not replying, I've had this tab open for ages and I forgot about it.

    Anyway, as it stands the networks are pretty simple, logically at least; it's just two networks like ISP---modem---NAT router---LAN
    There's a possibility I could use one as the gateway for both but there is some distance between them and I think using separate routers would be better for reliability i.e. so one network could continue operating if one router went down for whatever reason and if other networks needed to be connected in future. Thanks for the help everyone.

  16. #11
    Jay
    Jay is offline
    Gentlemen.. we're history Jay's Avatar
    Join Date
    Aug 2006
    Location
    Jita
    Posts
    8,365
    Thanks
    304
    Thanked
    568 times in 409 posts

    Re: Network 'peering' sanity check.

    wow I missed this thread some how!

    For this type of thing I do like to use Cisco 1841s and HSRP.
    □ΞVΞ□

  17. #12
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,459
    Thanks
    1,539
    Thanked
    1,024 times in 868 posts

    Re: Network 'peering' sanity check.

    I have a fairly limited budget so Cisco isn't really an option unfortunately.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Computer on network has lost connection to network
    By Furton in forum Networking and Broadband
    Replies: 9
    Last Post: 19-08-2011, 04:31 PM
  2. network name is duplicating self
    By lightfoot500 in forum Networking and Broadband
    Replies: 12
    Last Post: 12-01-2010, 05:54 PM
  3. Network conflict ASUS wifi and Windows?
    By Ken Robinson in forum Help! Quick Relief From Tech Headaches
    Replies: 2
    Last Post: 27-12-2006, 04:12 PM
  4. Small Home Network Setup Problems
    By ToxicPanda in forum Help! Quick Relief From Tech Headaches
    Replies: 2
    Last Post: 08-09-2004, 11:36 PM
  5. Wired+Wireless home network purchasing recommendations...
    By D001 in forum Networking and Broadband
    Replies: 4
    Last Post: 01-09-2003, 11:03 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •