+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
Wired Networks Thread, Best setup for routing between 6 subnets plus internet? in Technical; Hi all, There is a chance that we might end up with up to 5 feeder schools connecting in to ...
  1. #1

    Join Date
    May 2007
    Location
    Southampton
    Posts
    94
    Thank Post
    7
    Thanked 4 Times in 4 Posts
    Rep Power
    16

    Best setup for routing between 6 subnets plus internet?

    Hi all,

    There is a chance that we might end up with up to 5 feeder schools connecting in to our site via leased lines, and we would house various services here for them to access and be used as a gateway for internet access. The schools also need to have the option of being able to connect to each other. Each school has its own subnet, so I'm thinking that I would need to be able to route between the 5 schools, a DMZ, and the internet.

    My question is: what is the best way of achieving this? Does anyone know of any particular hardware that would handle this well?

  2. #2
    jamesfed's Avatar
    Join Date
    Sep 2009
    Location
    Reading
    Posts
    2,214
    Thank Post
    138
    Thanked 347 Times in 293 Posts
    Rep Power
    90
    Sounds like its a VPN connection setup that is needed (all feeding into your main site) - this way you could share secure services without having them posted on the internet.

  3. #3

    Join Date
    May 2007
    Location
    Southampton
    Posts
    94
    Thank Post
    7
    Thanked 4 Times in 4 Posts
    Rep Power
    16
    I don't think I understand why a VPN would be necessary? The connections between the schools would be via leased line, direct in to the school and not over the internet. In that respect it would already be a private network. I might be missing something, but I think the issue is finding the best way of routing between so many subnets.

  4. #4
    jamesreedersmith's Avatar
    Join Date
    Sep 2009
    Location
    Ruskington
    Posts
    1,194
    Thank Post
    81
    Thanked 263 Times in 235 Posts
    Rep Power
    79
    A router!

  5. #5

    Join Date
    May 2007
    Location
    Southampton
    Posts
    94
    Thank Post
    7
    Thanked 4 Times in 4 Posts
    Rep Power
    16
    Yes, but which! I know my way around IPCop but that only supports 4 interfaces, and I have no experience of anything that might be able to handle 7.

  6. #6
    nicholab's Avatar
    Join Date
    Nov 2006
    Location
    Birmingham
    Posts
    1,568
    Thank Post
    4
    Thanked 101 Times in 97 Posts
    Blog Entries
    1
    Rep Power
    53
    You need to deploy a device that can control traffic between sites as well as the internet. I would look at these rather than Cisco as they do more for the money www.vyatta.com | or these http://www.firebrick.co.uk/products_6000.php
    Last edited by nicholab; 13th September 2011 at 11:53 AM.

  7. Thanks to nicholab from:

    nutso (13th September 2011)

  8. #7
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,726
    Thank Post
    176
    Thanked 229 Times in 211 Posts
    Rep Power
    69
    Quote Originally Posted by nutso View Post
    Yes, but which! I know my way around IPCop but that only supports 4 interfaces, and I have no experience of anything that might be able to handle 7.
    pfSense might be able to handle a few more interfaces than IPCop, could be worth a look

  9. Thanks to gshaw from:

    nutso (13th September 2011)

  10. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    Each satellite site needs a router. This will be your gateway for the subnet at each site. These pass traffic on to your main site. Your main site needs the same setup however it also needs static routes setup to route the traffic from the satellite sites in/out through the main site. Things get a bit more complex if you have a DMZ or if you want the satellites to be able to talk to each other. But that's the basic idea.

  11. #9
    jamesfed's Avatar
    Join Date
    Sep 2009
    Location
    Reading
    Posts
    2,214
    Thank Post
    138
    Thanked 347 Times in 293 Posts
    Rep Power
    90
    Quote Originally Posted by nutso View Post
    I don't think I understand why a VPN would be necessary? The connections between the schools would be via leased line, direct in to the school and not over the internet. In that respect it would already be a private network. I might be missing something, but I think the issue is finding the best way of routing between so many subnets.
    Do ignore my post I thought the lines were just out onto the web and not direct into the school site.

  12. #10

    Join Date
    May 2007
    Location
    Southampton
    Posts
    94
    Thank Post
    7
    Thanked 4 Times in 4 Posts
    Rep Power
    16
    Quote Originally Posted by Geoff View Post
    Each satellite site needs a router. This will be your gateway for the subnet at each site. These pass traffic on to your main site. Your main site needs the same setup however it also needs static routes setup to route the traffic from the satellite sites in/out through the main site. Things get a bit more complex if you have a DMZ or if you want the satellites to be able to talk to each other. But that's the basic idea.
    Actually this was another thing that I wasn't certain of - if each satellite site needed a router also. I haven't dealt with leased lines before but as I understood it they are just glorified fibre links. I figured that because you don't need a router to link two buildings with fibre, that I wouldn't in this case either and that I'd only need a router to handle traffic between the subnets. Did I get this wrong?

  13. #11

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,682
    Thank Post
    49
    Thanked 484 Times in 351 Posts
    Rep Power
    144
    We have a TalkTalk Business MPLS circuit connecting all of our remote sites together, private IP addresses at each site all routing to each other through HP L3 switches.
    The core switch at each location is the gateway address.

    We all share a common Sonicwall Firewall managed by us to enable NAT/PAT from Firewall to any segment/host.

    Mitel 3300 Phone systems at each site all linked to create a common voice platform over the MPLS.

    The only problem with the entire system is TalkTalk... but thats another story.

  14. #12

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    Quote Originally Posted by nutso View Post
    Actually this was another thing that I wasn't certain of - if each satellite site needed a router also. I haven't dealt with leased lines before but as I understood it they are just glorified fibre links. I figured that because you don't need a router to link two buildings with fibre, that I wouldn't in this case either and that I'd only need a router to handle traffic between the subnets. Did I get this wrong?
    In the fibre case you cite routers aren't required because both building networks are on the same subnet. This is not the situation in multi-site setups as you put each site in its own subnet with its own router to route traffic in/out of the site as required. You do this because you don't want your (slower) intersite link bogged down with broadcast traffic (which is what would happen if you didn't subnet and route between your remote sites).

  15. Thanks to Geoff from:

    nutso (13th September 2011)

  16. #13
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,605
    Thank Post
    544
    Thanked 301 Times in 277 Posts
    Rep Power
    85
    Pfsense all the way - it will do what you want plus more - there are hundreds of packages to install too for monitoring etc etc so you could monitor each connection and there are packages in there for MPLS and OSPF etc etc

    We have Pfsense boxes running networks at remote locations and have done for a long time.

    It's free and does the job nicely, all you'll need is an old PC with enough NIC's.

  17. #14

    Join Date
    May 2007
    Location
    Southampton
    Posts
    94
    Thank Post
    7
    Thanked 4 Times in 4 Posts
    Rep Power
    16
    Ah, good thinking on the broadcast traffic - that would be the point that I'm missing so I'd definitely need a router at each site. Then if I'm thinking right, I would need a suitable router to handle traffic between the different sites, and also out on to the internet. It's not exactly the most simple setup, but I think I'm getting my head around it

  18. #15

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    It really depends on the speed of the links between the sites as to if broadcast traffic is a problem. The worse culprits are Windows PCs network discovery, printers, bonjour and ARP. IPX/SPX used to be terrible too, but hopefully everyones killed that off by now?



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 2
    Last Post: 12th August 2011, 02:17 PM
  2. Routing Between Two Subnets
    By neilault in forum Wireless Networks
    Replies: 4
    Last Post: 7th April 2011, 11:24 AM
  3. Replies: 18
    Last Post: 12th November 2006, 11:09 AM
  4. Wireless Routing between two wireless routers
    By HodgeHi in forum Wireless Networks
    Replies: 2
    Last Post: 4th August 2006, 06:24 PM
  5. Best manuals for Visual Basic .NET?
    By kingswood in forum Coding
    Replies: 6
    Last Post: 3rd October 2005, 11:41 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •