+ Post New Thread
Results 1 to 10 of 10
Wireless Networks Thread, Multiple internet connections - some advice in Technical; Hi all. Back to basics network advice required here. Like most schools here in NZ we have seen a huge ...
  1. #1
    earlyriser's Avatar
    Join Date
    Apr 2009
    Location
    New Zealand
    Posts
    62
    Thank Post
    11
    Thanked 5 Times in 5 Posts
    Rep Power
    11

    Multiple internet connections - some advice

    Hi all. Back to basics network advice required here.

    Like most schools here in NZ we have seen a huge uptake in internet usage over the last year. We currently have a single 2mb Telecom SchoolZone connection for our internet access and web filtering, and over the last few months have experienced some pretty severe bottlenecks. Senior management are concerned that when the internet connection is saturated because of use in the classroom, it is affecting the 'business' side of the school, and they have asked me for an interim solution until we move to a fibre connection (hopefully at some point towards the end of next year...)

    My thought is to purchase a standard business DSL package (which will obviously come with a router), stick that on the network, and use DHCP Reservations and the 'Router' option to point the office/administration PCs to that router for internet.

    I'm confused about DNS however. My DC, which is issuing DHCP addresses to my workstations has it's gateway set to our SchoolZOne router and all existing internet traffic goes through this. How do I configure DNS on the DC and workstations to still use the DC for it's primary DNS, then forward to the new router for unresolved queries.

    Does that make sense?

  2. #2
    Out_of_Sync's Avatar
    Join Date
    Aug 2008
    Location
    Windhoek
    Posts
    49
    Thank Post
    13
    Thanked 2 Times in 2 Posts
    Rep Power
    13
    Setup a proxy server for the DSL line...point all admin pc's to the proxy.

  3. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,034
    Thank Post
    852
    Thanked 2,662 Times in 2,260 Posts
    Blog Entries
    9
    Rep Power
    766
    With the setup that you propose all of the admin traffic except DNS would go via the secondary provider as it will still use the specified default gateway as the next hop to get to the external IP address. All your internal domain PCs do need to point to the DCs for DNS so that internal traffic and authentication/config traffic is propperly directed. What I would suggest is adding the secondary providers DNS server settings to the end of fowarders list on your DNS servers. I would use the actual ISP server addresses rather than the router as router DNS is notorious for dropping out. Seting it up like this will still allow DNS names to be resolved even if SchoolZone has issues but it will only use it if the SchoolZone one is unavalible because there is some stuff that is schoolzone internal only and may not be resolved by another ISP DNS server.

    A couple of considerations with this setup, do the admin staff use any of the schoolzone internal only features as these may not be accessable from a route via another ISP. This could be resolved by adding in the 10.x.x.x route or whatever it is for the rest of the schoolzone network that is not covered in your local subnet as a static route to the secondary ISPs router and pointing any requests like that back to the SchoolZone router/gateway address. Also have you considered the risks of a student finding the ip of the open internet ip on your network, do you have any internal VLANs implemented to break up you internal network into subnets, if so you could setup ACLs to allow only the admin subnet access to the extra route, this would also simplify the DHCP setup. As another less secure option to mitigate this risk you could (if the router supports it) limit the hosts that it responds to, to only the staticly assigned addresses of the admin staff.

    I did have a quick look and it doesn't look like additional connections are barred in the T&Cs which is good as some similar services do have such a provision in place.
    Last edited by SYNACK; 16th September 2010 at 07:48 AM.

  4. Thanks to SYNACK from:

    earlyriser (17th September 2010)

  5. #4
    earlyriser's Avatar
    Join Date
    Apr 2009
    Location
    New Zealand
    Posts
    62
    Thank Post
    11
    Thanked 5 Times in 5 Posts
    Rep Power
    11
    Thanks for your reply SYNACK

    Quote Originally Posted by SYNACK View Post
    What I would suggest is adding the secondary providers DNS server settings to the end of fowarders list on your DNS servers. I would use the actual ISP server addresses rather than the router as router DNS is notorious for dropping out.
    I've tried this on the DC's (2008 R2) but when I try to add 122.56.252.129 or 210.55.111.1 as forwarders, the DC's can't resolve those addresses

    Quote Originally Posted by SYNACK View Post
    do the admin staff use any of the schoolzone internal only features as these may not be accessable from a route via another ISP.
    They were only using SchoolZone webmail, but have moved them onto our Google Apps Gmail, nothing else from SchoolZone so should be OK. Possibly looking at completely moving away from SchoolZone next year

    Quote Originally Posted by SYNACK View Post
    Also have you considered the risks of a student finding the ip of the open internet ip on your network
    I have thought about this, but I'm fairly confident that we are locked down enough to avoid it. For the moment anyway....

    Quote Originally Posted by SYNACK View Post
    do you have any internal VLANs implemented to break up you internal network into subnets
    We've got a flat network at the moment, but once we get new switching gear from the SNUP3 upgrade, I'll be VLanning like mad

    Quote Originally Posted by SYNACK View Post
    I did have a quick look and it doesn't look like additional connections are barred in the T&Cs which is good as some similar services do have such a provision in place.
    I checked that too, and I spoke to Tim Harper at SchoolZone and there was no problem from their end

  6. #5

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,607
    Thank Post
    845
    Thanked 877 Times in 728 Posts
    Blog Entries
    9
    Rep Power
    325
    Would an additional router between the two internet connection help? You can set your default gateway to the new router and have the two connections behind that and set the new router to round robin out going request? As for DNS, unless you are using the same ISP on both internet connection you may want to use either google dns or opendns for external resolution as these would be beyond both ISP and be accessable from either connection.

  7. Thanks to tmcd35 from:

    earlyriser (17th September 2010)

  8. #6

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,799
    Thank Post
    272
    Thanked 1,134 Times in 1,030 Posts
    Rep Power
    349
    If you can get a smoothwall advanced firewall i believe this does load balancing across multiple internet connections

  9. #7

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,034
    Thank Post
    852
    Thanked 2,662 Times in 2,260 Posts
    Blog Entries
    9
    Rep Power
    766
    Quote Originally Posted by earlyriser View Post
    I've tried this on the DC's (2008 R2) but when I try to add 122.56.252.129 or 210.55.111.1 as forwarders, the DC's can't resolve those addresses

    We've got a flat network at the moment, but once we get new switching gear from the SNUP3 upgrade, I'll be VLanning like mad
    Sounds like you have got it covered, the extra DNS fowarders were just a luxury anyway and are not really needed for operation, DNS traffic to the outside world must be blocked by SchoolZone hence the issues with resolving them. You can get around this if you want to by adding a static route to the server routing table that points those specific ip addresses out via the secondary provider router

    HowTo: Add persistent Static Routes in Windows | ItsyourIP.com
    route -p add 10.10.10.0 mask 255.255.255.0 192.168.1.1 metric 1
    in your scenario you would just do this:
    Code:
    route -p add 122.56.252.129 mask 255.255.255.255 {ip of secondary router} metric 1
    from an administrative command prompt on your DNS server, this will send all traffic to that IP via the secondary link and allow that machine to access that external DNS server via the other link which is useful if schoolzone DNS goes down.

    So are you guys one of the mythical 200 schools that has managed to get into the SNUP program for this year? We haven't even heard back from them as yet. You'll have to post about how it all goes as it will be interesting to hear what gets done and how the hardware etc. is. I heard that the switching gear that they are using is AT and it would be really interesting to see what models they end up putting in.

  10. Thanks to SYNACK from:

    earlyriser (17th September 2010)

  11. #8
    earlyriser's Avatar
    Join Date
    Apr 2009
    Location
    New Zealand
    Posts
    62
    Thank Post
    11
    Thanked 5 Times in 5 Posts
    Rep Power
    11
    Quote Originally Posted by SYNACK View Post
    So are you guys one of the mythical 200 schools that has managed to get into the SNUP program for this year? We haven't even heard back from them as yet. You'll have to post about how it all goes as it will be interesting to hear what gets done and how the hardware etc. is. I heard that the switching gear that they are using is AT and it would be really interesting to see what models they end up putting in.
    Yes. Remember back last year when Douglas Harre was on here, talking about the upgrade? I followed up pretty aggressively after that and after a long wait we were notified at the start of August that we were on the next round. I've spent the last month polishing up our site and infrastructure diagrams and they have now gone off to TorqueIP. Other than waiting for them to come back to me, I've got to arrange an electrical audit of the school as part of the process. The upgrade covers new cabling across the whole school (hopefully including fibre in between blocks, of which we have some old multimode that needs to be replaced). It also covers new electrical fittings, on the premise that wherever there is a network outlet, there will be a double plug socket. I have also heard that AT is the switching gear that they will specify, which is a shame as I really wanted to move to ProCurve so I could add it to my HP Management setup. We've got AT switches at the moment but they are all unmanaged. I'm not sure how much choice we will have, if any. I'll keep updates on here about how it all goes. It's a huge job, we are an urban school, in a historic building. I'm glad I'm not doing it

  12. #9

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,034
    Thank Post
    852
    Thanked 2,662 Times in 2,260 Posts
    Blog Entries
    9
    Rep Power
    766
    Yes I do remember that, good to hear that it has payed off for you. I was actually at one of the "Learning Without Limits" MoE presentations just on tuesday where among others Douglas Harre was telling us all about the program which is where I got the stats that I was using in the "Whats it like?" thread over in the NZ General Chat forum here.

    I think that the switches are all one specific model as when we asked about them we were told that all 2500 of them that they brought were the same so they could get a better volume discount. If it is true to their current network recomendations spec then these will be layer 2 managed switches which will be much better for managing of the client level of the network. I am hopeing that they do include a capible core switch to with Layer 3 switching that can provide really fast internal routing otherwise the use of VLANs and the possible speed between them will be limited and require extra hardware. I know what you mean about the hp stuff, it is really nice and is what we are putting in at the moment whenever we get any new switching gear. Depending on the model that they have gone with for the switches I am hopeing for 10GBit/s trunks between catchment areas which would be quite an upgrade from our current 2GB teamed fibre links (we also have old standard multimode at on site).

    From the pictures that they were showing of their network installs the cabeling does look really nice, whether this happens in reality for all of the jobs or just the showcase ones will be of great interest. Our current networks have been wired by combinations of electricians (butchers with network cable) and 'professional cable companies' who have not done work quite up to the standard proposed.

    I totally agree with your sentiment about not having to do it myself, I have dragged network cable around under buildings before and am in no hurry to do it again.

  13. #10

    Join Date
    Sep 2010
    Location
    Southern California
    Posts
    16
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I would split your network, create a VLAN for the "business" side and one for the classrooms and setup routing between. Because they will be on different IP networks, you can DHCP different gateways while still using the same DNS servers.
    Last edited by cbrasga; 17th September 2010 at 06:54 AM.

SHARE:
+ Post New Thread

Similar Threads

  1. Multiple Laptop connections - SLOW!
    By smitho1990 in forum Network and Classroom Management
    Replies: 7
    Last Post: 4th May 2010, 08:41 AM
  2. SIMS Commad Reporter and multiple connections?
    By LosOjos in forum MIS Systems
    Replies: 5
    Last Post: 26th March 2010, 05:34 PM
  3. Best use of multiple ADSL connections
    By dhicks in forum Internet Related/Filtering/Firewall
    Replies: 13
    Last Post: 17th February 2010, 07:38 PM
  4. Disconnect multiple connections
    By neilmc in forum Windows Server 2000/2003
    Replies: 1
    Last Post: 19th January 2010, 10:41 AM
  5. Webmail and multiple connections
    By gshaw in forum Internet Related/Filtering/Firewall
    Replies: 1
    Last Post: 17th September 2009, 09:16 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •