?
Solved

I need advice/clarification on the proper way to set up two routers in a network with multiple public IP addresses, please.

Posted on 2009-02-18
13
Medium Priority
?
376 Views
Last Modified: 2013-11-16
I need advice/clarification on the proper way to set up two routers in a network with multiple public IP addresses, please.

My local network has 5 public IP addresses (123.123.123.1 - 123.123.123.5) and I want to run separate routers for the internal and external networks.

My thinking was this...

On my external 10/100 router, I assign the LAN address 192.168.100.1, and the WAN address 123.123.123.1, with the gateway pointing to the ISP modem.  Then, I use one-to-one NAT for my public servers using 123.123.123.2 - 123.123.123.4.  The public server NIC's would get an internal address in the 192.168.100.x subnet, with the gateway of 192.168.100.1

On my internal gigabit router, I assign the LAN address 192.168.1.1, and the WAN address 123.123.123.5, with the gateway pointing to the ISP modem.  The private network NIC's would then get an internal address in the 192.168.1.x subnet, with the 192.168.1.1 gateway.

Will this work?

Can I use the same public (ISP modem) gateway for the two routers, and just assign each router one of the public IP addresses?

Do I need to configure something special on each router?

Your assistance is truly appreciated!
Thanks very much.
- Joe
0
Comment
Question by:JOE-BULLITT
  • 7
  • 6
13 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 23676263
It sounds like you want:

  NET1 <---> R1 <
                           \
                             > ISP modem
                           /
  NET2 <---> R2 <

If so, this will work, but the questions is what do you think you are accomplishing?

A couple of other questions;

1) What type of Internet connection: xDSL, Cable, dedicated circut (like a T1).
2) What type of Modem does your ISP provide.
3) What type of router do you have?
0
 

Author Comment

by:JOE-BULLITT
ID: 23676783
Thanks very much for the reply.  Your diagram is exactly what I am attempting to do.

I am trying to accomplish this because I want to implement my Linksys RVS4000 Gigabit router into the network, to improve local network traffic, but I need to also include my 3COM Superstack III router because the Linksys does not support multiple public addresses.

I figured that I could run public traffic (webserver, ftp server & mail server) throught the 3COM SuperStack, and then run local traffic (workstations, file servers, local access to mail server) across the Linksys at a much faster speed.  I envisioned the Linksys router would be able to route outgoing Internet traffic from the local clients itself if I just used the ISP's modem gateway.

Our Internet connection is a bonded T-1, using an EdgeMarc 4500T4 router/modem.

The servers all have two NIC's, so I was going to have one on the internal net and the other on the external network.

Maybe I am just doing this wrong, but I thought that if I split up the traffic it would be better.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 23676908
Unless your internal traffic will drive your NIC's to 100% capacity splitting the traffic really buys you nothing.

Bonded T1's have a max. throughput of 3 Mbps a second.  If your server has a 100Mbps NIC and all internet traffic was to/from that single server the Internet traffic would only consume 3% of the NIC's capacity.

Unless I am looking at the wrong model both the RVS4000 and 3COM are gigabit switches.  I don't know how many servers you have, but you could daisy chain the RVS and 3COM like:

    RVS4000 <---> 3COM <---> 4500T4






0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 

Author Comment

by:JOE-BULLITT
ID: 23677204
I suppose I could daisy chain them.  Do you mean something like this:
LOCAL NETWORK (LAN: 192.168.1.0, GATEWAY: 192.168.1.1) -->
RVS4000 (LAN:192.168.1.1, WAN:192.168.2.2, GATEWAY:192.168.2.1) -->
3COM: (LAN:192.168.2.1, WAN: 123.123.123.1, GATEWAY: ISP MODEM/4500T4) -->
4500T4  --> INTERNET

(The SuperStack 3 is pretty old, so it is not a gigabit speed model.)

0
 
LVL 57

Expert Comment

by:giltjr
ID: 23677431
That's one way of doing it.  How many devices do you have?  Do you really need the RVS4000?  There are only 4 "LAN" ports, which means you can only have 4 computers/servers on it and they would be the only 4 devices that could do gigabit speeds.

Which model SuperStack?
0
 

Author Comment

by:JOE-BULLITT
ID: 23684432
Hi again.  I went offline last night, so sorry I didn't get back earlier.

We have about 48 devices on the network, behind a gigabit switch, and my thought was that the gigabit port on the RVS4000 would just link into the switch and allow the fast local network.

The 3COM router is a SuperStack® 3 Firewall (3CR16110-95-US), so I know that is my bottleneck going out to the Internet, but I thought I could improve my local traffic somehow with this configuration.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 23684574
--> so I know that is my bottleneck going out to the Interne

No its not.  That box has 100 Mbps full duplex Ethernet, your Internet connection is only 3.0 Mbps.  That means your LAN connection is 33 times faster than your Internet connection.  The SuperStack should not even come into play for your LAN traffic as the only traffic that should be flowing through it should be traffic going to/from the Internet.

I am assuming right now you have:

    LAN <-- Gigabit SW --> 3COM <--> 4500T4

If so then sticking a RVS4000 in the middle well doing:


  NET1 <---> 3COM <---
                                    \
                                     > ISP modem
                                    /
  NET2 <---> RVS4000 <

Where NET2 is a gigabit switch will do nothing.  You can't go any faster than 3.0 Mbps to/from the Internet.
Sticking the RVS4000 between your LAN and the ISP connection will do nothing for LAN traffic as LAN traffic should never hit the ISP modem.  It should stay all within the switch.

0
 

Author Comment

by:JOE-BULLITT
ID: 23684762
I am confused.
If I implement the RVS4000 I figured I should be able to access the local server at gigabit speed (it has a dual 1000 NIC inside) and that would effectively increase my local access speed ten times from 100MB to 1000MB.
For traffic going out to the Internet the pipe is decreased to 3MB at the dual T-1, but I did not think that would impact my local network.

Presently it looks like this:    LAN <-- Gigabit SW --> 3COM <--> 4500T4
Would it work like this?:        LAN <-- Gigabit SW -->  RVS4000 --> 3COM <--> 4500T4

Maybe I am confused because it is actually the switch directing the local traffic, and not the router?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 23684914
Where are you trying to access the server from and what device is the server connected to?

The only traffic flowing through the router (3COM Firewall) should be traffic going to/from the Internet.

If your desktop and your server are both connected to the Gigabit SW traffic between the two should never leave the Gigabit switch.

I am assuming that your server and your desktop are within the same IP subnet.









0
 

Author Comment

by:JOE-BULLITT
ID: 23685396
The servers and desktops are on the same subnet and they are both connected to the 1000MB switch.

The DC/File/Print servers are all accessed from the local IP subnet, and the mail/ftp/web servers are accessed from the Internet.

It is sounding like the router/firewall is never hit with local traffic, and that the switch does all local routing, which may be the root of my confusion.  So there may be no advantage at all to bringing in a 1000MB router, right?

0
 
LVL 57

Accepted Solution

by:
giltjr earned 2000 total points
ID: 23685752
Well that depends.  When do you plan to upgrade to a OC-3 (155 Mbps) Internet connection?  :)

Right now there is no performance advantage to add the RVS4000 into the mix.

The switch is doing "switching" which is "directing" traffic at the Ethernet (MAC) layer (a.k.a Layer 2).  Devices that are in the same IP subnet are part of the same "LAN" and LAN traffic is not really routed.  Routing happens at the IP layer (layer 3 in the ISO model) and is done when devices are on separate IP networks, and typically if devices are on separate IP networks they are also on seperate "LANs".

The layer 2 vs. layer 3 starts to get fuzzy when you have "layer 3 switches" and VLANs (virtual LANs).

The only reason you might want to add the RVS4000 to the mix is to put in on the "DMZ" interface of the 3COM firewall to isolate your servers that have inbound traffic from the Internet.  This would NOT be for a performance reason, but for a little better security.  By isolating them in a DMZ if they are compromised (if the firewall is setup correctly) your internal LAN could be a little better protected from somebody attempting to hack into your internal network from one of DMZ'ed servers.
0
 

Author Comment

by:JOE-BULLITT
ID: 23687095
Thanks so much for this clarification.
I think I will leave things as is, since it will not help to reconfigure the current setup to add the RVS4000.  Your suggestion about the DMZ is good, and I wll be testing that for sure.
I really appreciate all your assistance.
Cheers!
- Joe
0
 

Author Closing Comment

by:JOE-BULLITT
ID: 31548535
Thanks!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question