Solved

Two routers on same subnet.  Is there a speed problem?

Posted on 2006-11-29
6
293 Views
Last Modified: 2013-11-30
Hi!  This is a networking performance question.  Here is my current setup:

I have a subnet with approximately 20 workstations and 10 servers.  Two NetScreen 50 (Juniper) routers are on this network.  Router A is used for internet access and remote VPN clients.  Router B is used for LAN-to-LAN VPN with approximately 20 sites with about 10 workstations each.  The default gateway for servers and workstations is Router B.  It means to get to the clients on remote sites, the traffic goes from the server to router B to router A and then to remote site.

My boss is persuaded that adding static routes to each servers for all remote sites to point directly to router A is better then using the routes in the default gateway (router B) because he says the traffic goes from the server to router B then goes back on the switch to router A and then to the remote site.

What would be the best setup?  Should I use static routes on each servers?  Should I use router A as default gateway and route internet and remote vpn clients traffic to router B?  Should I use only one bigger router? Any other idea is welcome.

Thanks,
0
Comment
Question by:Bidonet
  • 2
6 Comments
 
LVL 5

Accepted Solution

by:
skaap2k earned 125 total points
ID: 18043571
I've found in the past, that workstations & servers learn about the topology of the network with regards to having multiple routers & routes on the same subnet, once a device has been routed to a different router on the same subnet, the device & router will learn the MAC address of each other.  They will then communicate directly.

In the past, I have found no reason to add static routes to servers etc for this scenario.

Rgds,
Rob
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 125 total points
ID: 18045182
Would you have a spare router ? The NS-50 you are mentioning are firewalls and not routers. If you had a router then you could do this;
                                                           |-------------------NS-50_A
Internal_Lan--------------------------Router
                                                           |-------------------NS-50_B

On this router, you can add routes in such a way that it goes to different firewalls based on the destination. Again, the internal machines have to go to 2 hops but it would be much better than a firewall taking all the hits and then deciding about whether to send this across or send it to the other firewall.

Alternative solution would be to get a bigger firewall which would allow you to have all connections terminated on the same firewall. I would suggest to have something like ISG1000 (Where in you can even have IDP functionality).

Cheers,
Rajesh
0
 
LVL 3

Expert Comment

by:techtommy
ID: 18045227
Does your netscreen configuration support two untrusted networks?  If so, just route both networks through the one device.
0
 
LVL 3

Expert Comment

by:techtommy
ID: 18045232
The 5GT model works excellent in this scenario for my customer base of around 50 users.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s list some of the technologies that enable smooth teleworking. 
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now