Joining two LAN's

[Linux_newb]

Hi there,

I'm currently doing some work at offices where 2 companies operate from with their own LAN and Adsl connections. Company A is running software that needs to be connected to the internet 24/7/365 while Company B has more bandwidth available running nothing more important than e-mail and browsing.

Both companies would like to share a file server and eventually be on 1 Network, sharing their 2 x 4MB Adsl lines - one with Uncapped and one with Capped.

Is there a way to first of all, join both LAN's so that everyone can access the file server etc and then second of all, setup Company A in such a way that IF their internet connection fails, they will automatically continue using Company B's internet connection until it comes back up again.

Now, I can imagine bringing both routers together on a switch and distribute it from the switch to all the computers on the network and change the default gateway when you want the user to go over to the other router, but for some users on the network this is not possible or ideal.

Any suggestions on how I can bring the 2 networks together and at the same time build in some redundancy for Company A?

I'm aware of all the security risks involved when it comes to 2 companies sharing the same LAN.

Any advice would be great!

Thanks

 

[ponder]

You are opening a can of worms here if you ask me.

 

[PallBearer]

give them all the same IP
cancel the capped account and get them to share the costs of the uncapped account.

Alternativly, Server with two NIC's for the 2 networks, you'll have to have a router that will route failed internet attempts to the uncapped path or maybe get ISA or a proxy installed on the server.

 

[Conradl]

What server software do you have? You could simply connect the switches from company A and B, and put them both on the same subnet. It will be difficult to manage though, since each company would require a different gateway. Also, two ADSL connections in not necessarily a good form of redundancy (some types of failure could impact both lines). Best would be to look at another provider for failover, such as Iburst or 3G.

 

[Linux_newb]

I was thinking of putting them on the same IP/Subnet range, but this would mean changing the default gateway - not ideal for the people sitting behind the computer Reason why they cant cancel the capped account is because Uncapped Adsl is still very unreliable with all the Seacom outages. Each pc has a 3G dongle but would be so much easier if it would fall back onto the second network automatically should their own Adsl fail - there is always 3G should both Adsl connections fail.

I see in Windows' TCP/IP Settings, you can configure a set of IP/Subnet Mask/Default Gateway, then there is a tab to give the pc another IP, subnet mask and default gateway, but the second option requires WINS it seams - not a pro with this.

Seems like there is no easy way of doing this :/

 

[Jab]

pfSense apparently can do load balancing with multiple WANs.

 

[Linux_newb]

Thanks for the link Jab, my FreeBSD knowledge is non-existent really :/ I checked out Untangle (.com) and seems like some of the Apps would work.. still looks like a mission though.. How about Mikrotik? Not sure how easy the config is and if it would do the job?

 

[daffy]

Mikrotik would do the job.
The config would be complex, and you might struggle a bit. But I'd recommend it anyway.

 

[syntax]

Mikrotik would do the job.
The config would be complex, and you might struggle a bit. But I'd recommend it anyway.

Indeed, it can do load balancing, sourced based routing, protocol routing etc...
It is also fairly easy to setup...

Why not just have a router/firewall, keep the 2 different subnets? Each subnet uses router/firewall as default gateway,
You will have to pick which side of the network the file share sits, but it doesnt really matter, since routing will take care of the traffic getting to it...

IF this was my setup, I would stick a firewall between the 2 networks, then a microtek router on the perimiter to do the load balancing on the adsl lines..
How much money do u have to spend on this...the microtek is around 2k i think? can double check if u interested...the firewall can be anything from a free setup to a paid for solution...

 

[PallBearer]

each Pc with thier own 3G?!?

rather get a 3g Router and use that has a backup path for the original router. if Path A (ADSL) not working, send over 3G

 

[Grep]

to setup this network is easy, you have loads of options, but that wouldn't worry me. What is your first port of call is do these two networks have domains?

 

[alchamy]

It would be pretty easy to do in pfSense, you could create a failover pool for general browsing uncapped > capped and use policy routing for the applications. You could even maintain physical seperation of the networks that way since you could stick 4Nics in it (or a quad nic) and do this.

WAN > Uncapped ADSL
LAN > Company A
OPT1 > Capped DSL
OPT2 > Company B

Or if you prefer you could obviously place both companies in the same subnet if everyone is happy with the security issues around that.

Your rules would look something like this

TCP - LAN Subnet - HTTP - * - HTTP - Failover pool
TCP - LAN Subnet - HTTP/S - * - HTTP/S - Failover pool
TCP - OPT2 Subnet - HTTP - * - HTTP - Failover pool 2
TCP - OPT2 Subnet - HTTP/S - * - HTTP/S - Failover pool 2
rinse repeat for all outbound traffic (ftp, smtp/pop if mail is external etc)

You would then just create a inbound NAT for the application that needs to be accessed something like this;

OPT1 > TCP > PORT(external) > NATIP(internal) > PORT(internal)

You could just route specific traffic to the fileserver regardless of which lan it lives in if needed. I would probably be a complete dictator and stick it in a subnet of its own and filter subnets to the correct shares in addition to normal authentication but thats just me.

I did these two on dual wan in pfsense some time ago but you can see the interface at least even if it does not match your setup.

pfSense Load Balancing (Dual Wan) (newer pool interface)
BSD Dual Wan Router using pfSense (pretty old)

 

[Cube3]

If its a window file server, just make sure it has 2 network cards and set it up as a router.
Disable DHCP on the 2 adsl routers and configure the file server to use DHCP/DNS.
Setup 2x DHCP scopes, one for each subnet .
Via DHCP you could add multiple gateways with a metric, so if the one gateway is unavailable the traffic goes to the other one.

 

[syntax]

If its a window file server, just make sure it has 2 network cards and set it up as a router.
Disable DHCP on the 2 adsl routers and configure the file server to use DHCP/DNS.
Setup 2x DHCP scopes, one for each subnet .
Via DHCP you could add multiple gateways with a metric, so if the one gateway is unavailable the traffic goes to the other one.

Wont the metric just decide routing preference? I dont think it determines if the line is up and working...
That would be similar to saying add two routes on your laptop with different metrics, if the one route is not available, the other route will take precedence....doesnt work, since metric simply means priority route, it has nothing to do with testing the gateway/route/line

 

[Cube3]

Yeah thats true, its not going to really test the line and redirect if the one is not available.

 

[ivusi]

What firewall do you have?

I would do what tauz1 says ie install a firewall to separate the networks, however I am a Cisco boy so here goes for the Cisco ASA/PIX7x config. While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is also the situation where the primary interface takes too long to change status. The way around these limitations is simple; IP SLA
This is where the route is tracked and if REACH-ABILITY is down it will then remove the primary route and the secondary route with the higher metric takes its place. The route will be reinstated when the connectivity is restored.

See: http://www.cisco.com/en/US/products...s_configuration_example09186a00806e880b.shtml

PS - If you do have a Cisco Firewall - I will be happy to help you with the config.
Cheers!

 

[Linux_newb]

Havent had a chance to check out all of these ideas, but sounds great. How is this for an easy solution (is it possible?):

Connect both routers to a switch, which feeds the rest of the network - obviously the default gateways would be different, but if the Capped Adsl's default gateway is 10.0.0.2, I was thinking of changing the Uncapped's default gateway to 10.0.0.3 and setup static IP's for each pc and use the following on each pc:

Preferred DNS Server: 10.0.0.2
Alternate DNS Server: 10.0.0.3

Should 10.0.0.2 run out of cap or their ADSL link goes down, the computer would automatically use 10.0.0.3. Automatic failover if you wish.

Security not a big problem at the moment - would this work?

 

[MidnightWizard]

Cisco

Cisco 877W with Enterprise IOS

FOUR VLANS / Multiple segmented SSIDS

Built in Firewall

Approx R1,500 refurb -- see B&B


Cisco 2950T 24 port 10/100 with two Gig uplink ports
MANAGED switch -- control individual ports ( and all sorts of other things )

Approx R2,500 refurb


The ELEGANT solution

 

[daffy]

Or a RouterBoard 750G
5gbit ports

For R599 Brand new

The easier solution

 

[Linux_newb]

Havent had a chance to check out all of these ideas, but sounds great. How is this for an easy solution (is it possible?):

Connect both routers to a switch, which feeds the rest of the network - obviously the default gateways would be different, but if the Capped Adsl's default gateway is 10.0.0.2, I was thinking of changing the Uncapped's default gateway to 10.0.0.3 and setup static IP's for each pc and use the following on each pc:

Preferred DNS Server: 10.0.0.2
Alternate DNS Server: 10.0.0.3

Should 10.0.0.2 run out of cap or their ADSL link goes down, the computer would automatically use 10.0.0.3. Automatic failover if you wish.

Security not a big problem at the moment - would this work?

Will this not work? Havent worked with routerboard etc yet so don't want to buy something and then struggle with it.. Is there nothing in MS Windows that you can as per my post above?