Solved

Adding T-1 to Network

Posted on 2007-03-27
14
562 Views
Last Modified: 2008-11-18
We have just added a T-1 line to a network. The existing infrastructure is hybrid Windows/SO X (Windows/Mac). This multimedia company has an existing cable Internet connection with dynamic IP addressing.

The existing cable I-net connection comes in through the cable-modem to a D-Link router (provided by the ISP) which runs the DCHP services. There is a single Ethernet connection from the D-Link Router to a Dell Power Connect 2224 switch. All network appliances and client machines connect through that switch.

ISSUE: They have an office in London (we are in Chicago). Each office is installing a DigiDelievery Server ( http://www.digidesign.com/index.cfm?langid=100&navid=38 ). The servers will be dedicated to moving large multi-media files between locations and for distribution to clients later.

We have had a T-1 line installed with a block of 5 static IPs. I have configured the T-1 router and DigiDelivery Server as follows: the T-1 router has the gateway IP. The DigiDelivery Server had the first usable public (static) IP of the scope.

The connection works fine. I can remote from anywhere to the DigiDelivery Server to perform administrative tasks, upload files for distribution, etc.

But what I have ended up with, ostensibly, is 2 separate networks. One exclusively using the T-1 line for data transfer to and from the DigiDelivery Server. The other in utilizing the Cable Internet connection for office and administrative tasks (e-mail, browsing, etc.) of the network.

The problem is that the workstations and Mac audio/video editing stations all store the files that need to be moved back and forth to the DigiDelivery Server. Since I now have 2 networks I can only move those files over the Internet via the Web interface and this is at cable modem upload speeds.

I need to configure the physical and logical topology of these two networks to allow users to move huge files to the Digi server at LAN speeds, while ensuring that the total bandwidth of the T-1 line remains available for DigiDelivery Server and its connection to London.

So… how to join these 2 networks while dedicating the T-1 to the DigiDelivery server while allowing LAN speed data transfer to that server form the clients on the network.

Yes. I want to have my cake and eat it too.

Network Details and Resources: This LAN is currently a workgroup. There is not a dedicated server on the LAN nor are any machines running a server OS. I have been given the OK to purchase a Windows server running SBS 2003 with SharePoint, ISA 2006, etc. I may also request a new gigabit switch if necessary.

I am adding the server to make this network a true domain and to utilize the SharePoint services. Also to have a central point for data storage and backup. All completed files ready for transfer will be stored on the new server.

Q: Will ISA 2006 perform this load-balancing service for me and allow me to dedicate each internet connection for the necessary tasks? Will I also be able to configure failover should either connection go down?

I know there is a way to configure this.

Anyone… Anyone…

Thanks,
-MP
0
Comment
Question by:mojopojo
  • 5
  • 3
  • 3
  • +1
14 Comments
 
LVL 3

Expert Comment

by:Dinga84
ID: 18804058
Using a router, or a windows server with multiple network cards and routing and remote access (can be fround from start, admin tasks) you can route traffic between your networks.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18804406
The answer is no, not a chance.

Firstly ISA is not a load balancing technology; it is one of the best firewall/ layer 7 application gateways in the world but a load balancer it is not, nor is it designed to be.

Secondly, ISA will not see the two different T1 connections as seperate entities. Again, ISA is not a router; it relies on the routing tables supplied by its host server.

I am having a little (read this as large) trouble picturing the topology involved. I am reading this as you have two connections; you want one line to carry data to your other sites at other geographical locations and the cable connection to deal with day to day stuff. Is that about it?
0
 
LVL 3

Expert Comment

by:Dinga84
ID: 18805045
Why not do away with the cable connection and keep the T1?

Otherwise keith is right, you will need to do away with ISA server, which is probobally not a good idea.
0
 
LVL 2

Accepted Solution

by:
camori earned 500 total points
ID: 18805791
I would do it in Hardware, but it requires a decent quality firewall.    The smallest that we carry would be SonicWalls TZ-190  (also cool, because it has a wireless failover).

We have a T-1 line that we use for VPN, VOIP and Mail.    We have a Cable Internet that is setup and used to route Internet browsing and downloads to workstations.    Everyone talks to everyone, it is all in the firewall.   We also have failover, if either of the connections fail, the other can perform the external routing functions.    Incoming failover is a little more complicated, but it can be done with some tricks.

We would not use ISA.   The only value that I see is the ability to control outgoing access to the internet to a group of people.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Pricing and email address removed by administrative comment
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18805979
As an aside, I was not suggesting removing ISA Server, I was stating that it could not do the job 'alone' but needed clarification on the wording/requirements.

For example, the term load-balancing, what does that actually mean in the context of this question?
How is the T1 being terminated within the site? Is this is a point-to-point connection or just another Internet connection but at t1 size?
What connections are at the remote sites? What hardware will be terminating the connections there?
A VPN tunnel(s) across the T1's might be an option but without further info it is not possible to say.
0
 
LVL 2

Expert Comment

by:camori
ID: 18807201
Keith, sorry,   was just trying to help as inconspicuously as possible, which is why I didn’t post pricing or a link to our website..   The configuration in question is possible, but would be difficult to do for someone that has never done it before.

Chris
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 3

Author Comment

by:mojopojo
ID: 18808043
Thanks everyone. Please, let me clarify:

ISA is not currently installed on the network and it will not be unless it can be of use in this situation specifically.

A Dell Power Edge SBS 2003 Server will be installed to create a domain and centralize access, security, storage, etc.

The T1 line comes in and terminates at a Covad T1 Cisco 1721 Router. That router has the static gateway IP. The Cisco router then connects to the DigiDelivery Server which has the first usable static IP.

The T-1 is NOT a point-to-point connection. In the London office they have only a 2Mbps Internet connection. So the T-1 is just an Internet connection with a fat-pipe. The data moving on this line is large multimedia files (1 to 10GB) and will be moving not only between the London and Chicago appliances but will be accessed and downloaded from the Chicago appliance by other clients all over the world (*Theses users and clients are independent of our infrastructure and have no VPN or point-to -point connections).

The ISP cable Internet connection enters into the office to a cable modem, then to the D-Link router (very basic ISP supplied appliance). From the router the cable I-net connection goes to the Dell Powerconnect 2724 Switch (typo in my initial post - the switch is Dell model 2724). This switch supplies the internet and LAN connection for the entire network.

My mandate was to utilize the T-1 connection to facilitate data transfer between London and Chicago between the DigiDelivery Servers and for client downloads form the Chicago device.

It was thought that keeping the T-1 dedicated to the Digi devices and using the cable Internet connection for general purpose office work (ie. Internet, e-mail, VOIP, etc.) would be a good idea to ensure that neither was bogged down and for failover.

The T-1 will soon also need to handle mutli-point Mac iChat video conferencing sessions while simultaneously running a remote collaboration of Pro Tools between the production department in Chicago and the directors in England.

So the problem again is that I now have 2 independent local networks that I need to merge into one LAN.

The client machines (and eventually the server) need to move data onto the DigiDelivery server at LAN speeds and eventually use the T1 line for the iChat and collaboration sessions.

So is this a task best done with a network appliance, as camori mentioned? It sounds like the configuration he described is nearly identical to what I need. Am I right on with this?

If this IS a job for a network appliance, which is preferable? Brands, models? AND how difficult will this be to configure? I am a Windows Server Tech with 6 years experience. I can find my way around a PIX but routing tables on a hardware appliance are not my specialty. But I am a quick study.

Thanks again everyone.
0
 
LVL 2

Expert Comment

by:camori
ID: 18809765
I will let others weigh in, but we use SonicWall's (www.sonicwall.com) product line.     Internally we use a much bigger product the 3060, but there is a new device called the TZ-190 ( http://www.sonicwall.com/downloads/DS_TZ_190_US_0207.pdf ), that can accomplish much of the same thing.     The TZ-190 includes SonicWall's Enhanced OS, which is much more powerful, but also harder to configure than the basic interface.    I would suggest help doing the first one.

The idea would be to try to use the higher-speed lines for download, and the T-1 for uploading.
0
 
LVL 3

Author Comment

by:mojopojo
ID: 18810293
You believe the 3060 is easier to configure but has the function that I need for this configuration?
I will look over the documentation for both. Thanks.

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18811176
No problem Chris :)

To be honest, ISA is not the tool to use. It would provide the relevant protection systems but will not assit in the delivery mechanisms. However, creating VNS through the ISA to your end sites could well be an option to consider.
Here in the UK we use E1 lines (2Mb) rather than T1's (1.54Mb) and have been looking at the Juniper range which are WAN hardware accelerators. These cache traffic 'traits' and so use algorythms to reduce the actual traffic that passes through for high volume data transfers.

http://www.netfast.com/xq/asp/man_id.12/qx/products_list.htm

0
 
LVL 3

Author Comment

by:mojopojo
ID: 18813523
We are going to scrap the idea of installing ISA in favor of a hardware appliance that can provide security, routing and divide the T1 and Cable Internet lines for their desired use.

On the T1 I have to be able to allocate ports and bandwidth for the DigiDelivery Servers well as iChat sessions while simultaneously running a remote session of Pro Tools via the Source Conect Pro 2.5 plug-in.

I am doing RE on the Juniper site. Looks like the hardware accelerators are a bit over the budget and possibly much more than i need. I work on networks where we have installed Cisco Switches that run upwards of $60K (US) but the budget for this device is closer to $1K to $3K. Otherwise I have to clear the budget again.

So I am out shopping. If anyone has a similar config to what I am doing with a hardware firewall/router that does the job please drop some names.

Thanks Keith.
0
 
LVL 3

Author Comment

by:mojopojo
ID: 18817522
So far I the Sonic TZ 170 SP w/ SonicOS Enhanced looks like my solution in a nut-shell.

I am going over the specifics now but it appears to do everything I need - specifically.

I am sure configuring it is another story, but I'll burn that bridge when I get to it.

I will post and dole out the points when the final decision is made and the device is in hand.

Thanks everyone who added something. If you have any further advice I would love to hear it - on products, configurations, etc.

Thanks again,
-MP
0
 
LVL 3

Author Comment

by:mojopojo
ID: 19017763
Using the SonicWall TZ 170 SP with SonicOS Enhanced and it is working like a charm.

Thanks all.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now