Solved

Complicated routing problem

Posted on 2004-10-14
5
203 Views
Last Modified: 2010-03-17
Hello,

Im stuck trying to think through a routing problem when redesigning our network.  What we have is 2 buildings connected through 2 Cisco 2620 routers and a T-1.  In addition to that each site has a dedicated T-1 to the internet.  Building A is our primary building and has a full class C being routed through the 2620, building B is using NAT to get to the internet through its own T-1 there.  This has worked great for many years now, both buildings can get to the internet and communicate with eachother.

But, we've now purchased a 10meg fiber ethernet hand off to the internet to replace the T-1 at building A.  In order to interface with this we purchase a cisco 3550 switch and have enabled IP routing.  We can route our class C to the internet just fine using the new switch and the new 10 meg line.  The real trouble comes in when we try and connect our two buildings, since the connection between the buildings is a serial connection it wont interface with the 3550.

We decided we would try and setup the 2620 router to maintain routing between the buildings.  Unfortunately i'm having troulbe figuring out how to do that since our class C no longer resides on the 2620 but on the 3550 which means the 3550 and the 2620 cannot directly route traffic between the two networks.  In addition to this we would like to remove the internet T-1 in building B and route all their internet traffic through the building to building T-1 and out our 10meg internet connection.  

Can anyone provide any advice that doesn't involve a really convoluted routing system and doesn't involve subnetting our class C?  If the 2620's could simply act as bridges that would be great, I don't want to invest a whole lot of time in this since in a few months we will have a DS3 in place between the buildings and will be bridging accross that.
0
Comment
Question by:nwalter
  • 2
  • 2
5 Comments
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 300 total points
Comment Utility
I'm assuming you are going to address the machines in building B with your class C addresses, right?

To enable bridging on the 2620's:

BuildingA:

bridge irb
bridge 1 route ip
bridge 1 protocol ieee

interface fastethernetx
no ip address
bridge-group 1

interface serialx
no ip address
bridge-group 1

interface bvi1
ip address x.x.x.1 x.x.x.x <--use an address from your class C

BuildingB:

bridge irb
bridge 1 route ip
bridge 1 protocol ieee

interface fastethernetx
no ip address
bridge-group 1

interface serialx
no ip address
bridge-group 1

interface bvi1
ip address x.x.x.2 x.x.x.x <--use an address from your class C



0
 
LVL 5

Accepted Solution

by:
AutoSponge earned 200 total points
Comment Utility
Bridging is never prefered over routing.  Route if you can.

That being said, I would think that you need to do this:

1.  Leave both 2620's where they are.
2.  Have building A's 2620 NAT for Building B.
3.  Building B's router is just routing 10.x IPs.  The routing table is simple:
    0.0.0.0 -> building A (other 2620)
    10.0.0.0 -> ethernet (hosts)
4.  Building A's 2620 has a routing table like
     0.0.0.0 ->ethernet (3550)
     10.0.0.0 -> serial (building B)
5.  Everyone directly connected to the 3550 will have a public IP, everyone else will have a NAT IP.
6.  The switch will forward all 10.x traffic to the 2620 from INSIDE while everything else hits the Internet.

hope that helps
0
 
LVL 1

Author Comment

by:nwalter
Comment Utility
Thanks autosponge and frederick, i'll be working on it sunday.

A question for you Autosponge,

When we've tried to route internet traffic from the 10 meg connection through the 2620 router we get incredibly high packet loss due to the routers inability to process packets at 10 meg.  I think if we set it up like you suggested packet loss for internet traffic to the other building would be extremely high.  If thats true how would I prevent that?  QOS on the 3550 to limit the port to the 2620 to 1.5meg?

Also, why route instead bridging?  Bridging is done at layer 2 and is basically the same as switching and is easily 100 times faster than routing.  The only real difference is that routing does not forward broadcast packets and bridging does.  It would seem to me that the performance gain from not sending broadcast packets would be lost in the slowness of routing.
0
 
LVL 5

Expert Comment

by:AutoSponge
Comment Utility
Limiting usage on the port at the 3550 I would think is a good strategy to keep clogging that serial to a minimum.  However, if packet loss begins happening, don't immediately blame the small pipe between buildings, you need to assess where the drops are: are they in the output queue on the 2620?  the input at the port?  etc.  Depending on the drops, you may only need some buffer tweaking or memory upgrades to make this a solid connection.  However, if utilization is spiked on the serial to port speed and you start dropping as the buffers overrun then you will have to limit usage.  Match the 2620 and the 3550 to 10/half-duplex if possible.

Aside from the overhead of broadcast traffic, you could end up with stripped down MAC headers floating around in Building A trying to find anyone with a 10.x address.  If you actually add someone with a 10.x address (like you ran out of public space in Building A) then you have a problem with that person trying to send packets locally thinking he's directly connected when he's not.  Not to mention the fact that now the 2620 at building B can't do NAT and building A's 2620 will have to do NAT as well as process everything from the busy LAN in building A and B (unless you have it in a VLAN segment that building A can't see).  This will be a greater strain on the single router while letting B's 2620 just sit there broadcasting everything.

Bridging will work, but the more you move things around, grow, etc the more likely you are to have to change the topology again.  Seeing as how you're going to a DS-3 soon, I wouldn't worry as much about that serial throughput and work toward a cleaner design.
0
 
LVL 1

Author Comment

by:nwalter
Comment Utility
Oops.. I got it backwards the accepted answer was supposed to be  JFrederick29's.

Anyways.  The commands that  JFrederick29 gave were pretty much correct.  Once I got into it I made a few modifications, I decided not to use CRB since I had pleanty of ethernet ports available and was less complicated to setup on one network.  It actually wouldn't let me setup the IRB group with an IP in the same range as the router.  So I ended up going with CRB and not assigning IP's to the itnerfaces on both routers and not including the following commands:

interface bvi1
ip address x.x.x.1 x.x.x.x <--use an address from your class C

bridge 1 route ip

and bridge irb becomes bridge crb.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now