Go Premium for a chance to win a PS4. Enter to Win


How to route different traffic via two Internet connections

Posted on 2015-01-04
Medium Priority
Last Modified: 2015-01-06
Hi Experts,

I have a little experience in networking but by no means a networking engineer hence would appreciate your help and advice.

At present, we have four small offices under one business; each having an ADSL2 connection provided by their ISP. I believe that it is an MPLS network at their end.
The connection allows the staff Internet access and also access to a secure web-based database which can only be accessed via this link (in other words, the application cannot be accessed from home or elsewhere) which is a business requirement.

The ISP are responsible for configuring the 'meshing' to allow routing between the sites.

We are hoping to host their servers in our offices and each of the sites would be purchasing a separate business fibre broadband line. It is hoped that we would route all the traffic required for their database traffic through the existing ADSL2 line and all Internet and local server traffic via the new fibre line.

My questions are on the lines off
1) firstly if this is achievable, what try of Cisco switch would I look at purchasing to carry out the routing?
2) would I need any other hardware for both the client office and our office?
3) most importantly, how would I configure the network and traffic separation  on the clients side?

I realise there will be more questions you will need to clarify therefore I will try my upmost to respond as soon as I can.

Thanks all.
Question by:Immun3
LVL 80

Assisted Solution

arnold earned 668 total points
ID: 40531005
The routing table designating the specific destination traffic to go through the adsl2 feed, everything (meaning you will not have a deafult route going out that adsl2 connection.

You would also use weighted routing such that adsl2 connected location will prefer the route via the fiber versus the default route unless the fiber drops,
Using VPns

What equipment do the have? Usually if you have a router that can handle two connections one ADSL2 and one fiber or ....

Ip route x.x.x.x adsl2interface
Ip route fiberfeed  10
Ip route adsl2interface 100
If you then using the fiber establish an OSPF type of routing update, you would send x.x.x.x  advertisement with a higher preference compared to their default routes or you can create a VIM interface on the adsl2 side that tunnels out this way everyone except people at the location will connect to adsl2 site local IP I.e. translates/forwards packets to x.x.x.x NATing the source.
LVL 42

Expert Comment

ID: 40531010
I don't see why you should need to have multiple ISP connections at each site. Accessing the secure, web based database con be done either over a VPN connection, or over the public Internet if you enforce IP restrictions at the web server and/or firewall to only Internet traffic from the public addresses of those remote offices. I would still want the web server to be over SSL/TLS, but that is a way to ensure that access only happens from the offices. You always need to be sure that if VPN access to any site is allowed that VPN users don't have access to the database if that is your requirement. It is a hard thing to enforce, because if someone can get a remote desktop session to their computer they could still access the database, for example.
LVL 47

Accepted Solution

Craig Beck earned 668 total points
ID: 40531322
You should use a Cisco router to do PBR.  This will let you send database traffic via the MPLS link and internet traffic via the fibre internet link.  It's a simple solution.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

ID: 40531765
Thanks Guys!
Seems complicated:-(

The small office have to have the ADSL link as part of their establishment contract and the software support company for the database will only allow connections to the web server through this link. They are looking at allowing us to access the database through our own independant lines i am assuming via a VPN connection but this will be in the next 24months.

The ADSL2 line currently comes in on a Cisco 880 series router. Since this is provided by the ISP (Azzurri) we have no access to it. Again, the Virgin fibre broadband comes in on a home/business router but i need to check whether i have access to this in terms of configuration.

Craig your solution with the Cisco router carrying out PBR seems exactly what i would like to achieve. I would be grateful if you could briefly summarise how this works and would you know which router i would need to purchase?

I am assuming i will probably also require a Cisco 3760 series switchto be used as a core? Would i be able able create my VLANs (i.e. database, internet and guest) and then connect both adsl and fibre connections to this switch via cat5e? The router carrying out PBR would then connect into this switch?

Thanks guys for all your assistance!
LVL 42

Assisted Solution

kevinhsieh earned 664 total points
ID: 40531841
Any Cisco router, such as a used 800 series should work. You will need to be able to get changes made to it, either yourself or the company that manages it.

I highly doubt that the environment is locked down such that if sent traffic over your own connection that it wouldn't work. Their setup shouldn't know the difference. They just won't support it.

Any Cisco switch, such as the 2960 can do VLANs, and you can do all routing via routers and there is no need to do it at the switch. Routing can be done by a switch, but it tends to be more expensive because you need to license higher feature sets whereas the routers tend to have everything you need.

If you still need to have office to office communication and don't want to use the ADSL, the way to do that is with VPN connections between all of the routers. If you do that, you should be able to just unplug the ADSL connections.

Logically (as opposed to physically) the switch should be plugged into the router you control, and then the two WAN connections need to be plugged into that router. Your router would then route most traffic to the Virgin fibre, but it would have a policy that says that for traffic to/from the database web server send the traffic over the ADSL.

Author Closing Comment

ID: 40533227
Thanks for all your input guys, definitely got me on the right track.

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question