Solved

How to route different traffic via two Internet connections

Posted on 2015-01-04
6
297 Views
Last Modified: 2015-01-06
Hi Experts,

I have a little experience in networking but by no means a networking engineer hence would appreciate your help and advice.

At present, we have four small offices under one business; each having an ADSL2 connection provided by their ISP. I believe that it is an MPLS network at their end.
The connection allows the staff Internet access and also access to a secure web-based database which can only be accessed via this link (in other words, the application cannot be accessed from home or elsewhere) which is a business requirement.

The ISP are responsible for configuring the 'meshing' to allow routing between the sites.

We are hoping to host their servers in our offices and each of the sites would be purchasing a separate business fibre broadband line. It is hoped that we would route all the traffic required for their database traffic through the existing ADSL2 line and all Internet and local server traffic via the new fibre line.

My questions are on the lines off
1) firstly if this is achievable, what try of Cisco switch would I look at purchasing to carry out the routing?
2) would I need any other hardware for both the client office and our office?
3) most importantly, how would I configure the network and traffic separation  on the clients side?

I realise there will be more questions you will need to clarify therefore I will try my upmost to respond as soon as I can.

Thanks all.
0
Comment
Question by:Immun3
6 Comments
 
LVL 76

Assisted Solution

by:arnold
arnold earned 167 total points
ID: 40531005
The routing table designating the specific destination traffic to go through the adsl2 feed, everything (meaning you will not have a deafult route going out that adsl2 connection.


You would also use weighted routing such that adsl2 connected location will prefer the route via the fiber versus the default route unless the fiber drops,
Using VPns

What equipment do the have? Usually if you have a router that can handle two connections one ADSL2 and one fiber or ....

Ip route x.x.x.x 255.255.255.255 adsl2interface
Ip route 0.0.0.0 0.0.0.0 fiberfeed  10
Ip route 0.0.0.0 0.0.0.0 adsl2interface 100
If you then using the fiber establish an OSPF type of routing update, you would send x.x.x.x  advertisement with a higher preference compared to their default routes or you can create a VIM interface on the adsl2 side that tunnels out this way everyone except people at the location will connect to adsl2 site local IP I.e. 192.168.3.254 translates/forwards packets to x.x.x.x NATing the source.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 40531010
I don't see why you should need to have multiple ISP connections at each site. Accessing the secure, web based database con be done either over a VPN connection, or over the public Internet if you enforce IP restrictions at the web server and/or firewall to only Internet traffic from the public addresses of those remote offices. I would still want the web server to be over SSL/TLS, but that is a way to ensure that access only happens from the offices. You always need to be sure that if VPN access to any site is allowed that VPN users don't have access to the database if that is your requirement. It is a hard thing to enforce, because if someone can get a remote desktop session to their computer they could still access the database, for example.
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 167 total points
ID: 40531322
You should use a Cisco router to do PBR.  This will let you send database traffic via the MPLS link and internet traffic via the fibre internet link.  It's a simple solution.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Immun3
ID: 40531765
Thanks Guys!
Seems complicated:-(

The small office have to have the ADSL link as part of their establishment contract and the software support company for the database will only allow connections to the web server through this link. They are looking at allowing us to access the database through our own independant lines i am assuming via a VPN connection but this will be in the next 24months.

The ADSL2 line currently comes in on a Cisco 880 series router. Since this is provided by the ISP (Azzurri) we have no access to it. Again, the Virgin fibre broadband comes in on a home/business router but i need to check whether i have access to this in terms of configuration.

Craig your solution with the Cisco router carrying out PBR seems exactly what i would like to achieve. I would be grateful if you could briefly summarise how this works and would you know which router i would need to purchase?

I am assuming i will probably also require a Cisco 3760 series switchto be used as a core? Would i be able able create my VLANs (i.e. database, internet and guest) and then connect both adsl and fibre connections to this switch via cat5e? The router carrying out PBR would then connect into this switch?

Thanks guys for all your assistance!
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 166 total points
ID: 40531841
Any Cisco router, such as a used 800 series should work. You will need to be able to get changes made to it, either yourself or the company that manages it.

I highly doubt that the environment is locked down such that if sent traffic over your own connection that it wouldn't work. Their setup shouldn't know the difference. They just won't support it.

Any Cisco switch, such as the 2960 can do VLANs, and you can do all routing via routers and there is no need to do it at the switch. Routing can be done by a switch, but it tends to be more expensive because you need to license higher feature sets whereas the routers tend to have everything you need.


If you still need to have office to office communication and don't want to use the ADSL, the way to do that is with VPN connections between all of the routers. If you do that, you should be able to just unplug the ADSL connections.

Logically (as opposed to physically) the switch should be plugged into the router you control, and then the two WAN connections need to be plugged into that router. Your router would then route most traffic to the Virgin fibre, but it would have a policy that says that for traffic to/from the database web server send the traffic over the ADSL.
0
 

Author Closing Comment

by:Immun3
ID: 40533227
Thanks for all your input guys, definitely got me on the right track.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Nic to NIC 5 47
Use of Training Budget 12 71
How to get the network usage of a file 2008 server? 4 37
RDP Sonicwall 8 32
What do we know about Legacy Video Conferencing? - Full IT support needed! - Complicated systems at outrageous prices! - Intense training required! Highfive believes we need to embrace a new alternative.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now