Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 348
  • Last Modified:

How to route different traffic via two Internet connections

Hi Experts,

I have a little experience in networking but by no means a networking engineer hence would appreciate your help and advice.

At present, we have four small offices under one business; each having an ADSL2 connection provided by their ISP. I believe that it is an MPLS network at their end.
The connection allows the staff Internet access and also access to a secure web-based database which can only be accessed via this link (in other words, the application cannot be accessed from home or elsewhere) which is a business requirement.

The ISP are responsible for configuring the 'meshing' to allow routing between the sites.

We are hoping to host their servers in our offices and each of the sites would be purchasing a separate business fibre broadband line. It is hoped that we would route all the traffic required for their database traffic through the existing ADSL2 line and all Internet and local server traffic via the new fibre line.

My questions are on the lines off
1) firstly if this is achievable, what try of Cisco switch would I look at purchasing to carry out the routing?
2) would I need any other hardware for both the client office and our office?
3) most importantly, how would I configure the network and traffic separation  on the clients side?

I realise there will be more questions you will need to clarify therefore I will try my upmost to respond as soon as I can.

Thanks all.
0
Immun3
Asked:
Immun3
3 Solutions
 
arnoldCommented:
The routing table designating the specific destination traffic to go through the adsl2 feed, everything (meaning you will not have a deafult route going out that adsl2 connection.


You would also use weighted routing such that adsl2 connected location will prefer the route via the fiber versus the default route unless the fiber drops,
Using VPns

What equipment do the have? Usually if you have a router that can handle two connections one ADSL2 and one fiber or ....

Ip route x.x.x.x 255.255.255.255 adsl2interface
Ip route 0.0.0.0 0.0.0.0 fiberfeed  10
Ip route 0.0.0.0 0.0.0.0 adsl2interface 100
If you then using the fiber establish an OSPF type of routing update, you would send x.x.x.x  advertisement with a higher preference compared to their default routes or you can create a VIM interface on the adsl2 side that tunnels out this way everyone except people at the location will connect to adsl2 site local IP I.e. 192.168.3.254 translates/forwards packets to x.x.x.x NATing the source.
0
 
kevinhsiehCommented:
I don't see why you should need to have multiple ISP connections at each site. Accessing the secure, web based database con be done either over a VPN connection, or over the public Internet if you enforce IP restrictions at the web server and/or firewall to only Internet traffic from the public addresses of those remote offices. I would still want the web server to be over SSL/TLS, but that is a way to ensure that access only happens from the offices. You always need to be sure that if VPN access to any site is allowed that VPN users don't have access to the database if that is your requirement. It is a hard thing to enforce, because if someone can get a remote desktop session to their computer they could still access the database, for example.
0
 
Craig BeckCommented:
You should use a Cisco router to do PBR.  This will let you send database traffic via the MPLS link and internet traffic via the fibre internet link.  It's a simple solution.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Immun3Author Commented:
Thanks Guys!
Seems complicated:-(

The small office have to have the ADSL link as part of their establishment contract and the software support company for the database will only allow connections to the web server through this link. They are looking at allowing us to access the database through our own independant lines i am assuming via a VPN connection but this will be in the next 24months.

The ADSL2 line currently comes in on a Cisco 880 series router. Since this is provided by the ISP (Azzurri) we have no access to it. Again, the Virgin fibre broadband comes in on a home/business router but i need to check whether i have access to this in terms of configuration.

Craig your solution with the Cisco router carrying out PBR seems exactly what i would like to achieve. I would be grateful if you could briefly summarise how this works and would you know which router i would need to purchase?

I am assuming i will probably also require a Cisco 3760 series switchto be used as a core? Would i be able able create my VLANs (i.e. database, internet and guest) and then connect both adsl and fibre connections to this switch via cat5e? The router carrying out PBR would then connect into this switch?

Thanks guys for all your assistance!
0
 
kevinhsiehCommented:
Any Cisco router, such as a used 800 series should work. You will need to be able to get changes made to it, either yourself or the company that manages it.

I highly doubt that the environment is locked down such that if sent traffic over your own connection that it wouldn't work. Their setup shouldn't know the difference. They just won't support it.

Any Cisco switch, such as the 2960 can do VLANs, and you can do all routing via routers and there is no need to do it at the switch. Routing can be done by a switch, but it tends to be more expensive because you need to license higher feature sets whereas the routers tend to have everything you need.


If you still need to have office to office communication and don't want to use the ADSL, the way to do that is with VPN connections between all of the routers. If you do that, you should be able to just unplug the ADSL connections.

Logically (as opposed to physically) the switch should be plugged into the router you control, and then the two WAN connections need to be plugged into that router. Your router would then route most traffic to the Virgin fibre, but it would have a policy that says that for traffic to/from the database web server send the traffic over the ADSL.
0
 
Immun3Author Commented:
Thanks for all your input guys, definitely got me on the right track.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now