Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Two routers on same subnet.  Is there a speed problem?

Posted on 2006-11-29
6
Medium Priority
?
308 Views
Last Modified: 2013-11-30
Hi!  This is a networking performance question.  Here is my current setup:

I have a subnet with approximately 20 workstations and 10 servers.  Two NetScreen 50 (Juniper) routers are on this network.  Router A is used for internet access and remote VPN clients.  Router B is used for LAN-to-LAN VPN with approximately 20 sites with about 10 workstations each.  The default gateway for servers and workstations is Router B.  It means to get to the clients on remote sites, the traffic goes from the server to router B to router A and then to remote site.

My boss is persuaded that adding static routes to each servers for all remote sites to point directly to router A is better then using the routes in the default gateway (router B) because he says the traffic goes from the server to router B then goes back on the switch to router A and then to the remote site.

What would be the best setup?  Should I use static routes on each servers?  Should I use router A as default gateway and route internet and remote vpn clients traffic to router B?  Should I use only one bigger router? Any other idea is welcome.

Thanks,
0
Comment
Question by:Bidonet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 5

Accepted Solution

by:
skaap2k earned 500 total points
ID: 18043571
I've found in the past, that workstations & servers learn about the topology of the network with regards to having multiple routers & routes on the same subnet, once a device has been routed to a different router on the same subnet, the device & router will learn the MAC address of each other.  They will then communicate directly.

In the past, I have found no reason to add static routes to servers etc for this scenario.

Rgds,
Rob
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 500 total points
ID: 18045182
Would you have a spare router ? The NS-50 you are mentioning are firewalls and not routers. If you had a router then you could do this;
                                                           |-------------------NS-50_A
Internal_Lan--------------------------Router
                                                           |-------------------NS-50_B

On this router, you can add routes in such a way that it goes to different firewalls based on the destination. Again, the internal machines have to go to 2 hops but it would be much better than a firewall taking all the hits and then deciding about whether to send this across or send it to the other firewall.

Alternative solution would be to get a bigger firewall which would allow you to have all connections terminated on the same firewall. I would suggest to have something like ISG1000 (Where in you can even have IDP functionality).

Cheers,
Rajesh
0
 
LVL 3

Expert Comment

by:techtommy
ID: 18045227
Does your netscreen configuration support two untrusted networks?  If so, just route both networks through the one device.
0
 
LVL 3

Expert Comment

by:techtommy
ID: 18045232
The 5GT model works excellent in this scenario for my customer base of around 50 users.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question