Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to route different traffic via two Internet connections

Posted on 2015-01-04
6
Medium Priority
?
328 Views
Last Modified: 2015-01-06
Hi Experts,

I have a little experience in networking but by no means a networking engineer hence would appreciate your help and advice.

At present, we have four small offices under one business; each having an ADSL2 connection provided by their ISP. I believe that it is an MPLS network at their end.
The connection allows the staff Internet access and also access to a secure web-based database which can only be accessed via this link (in other words, the application cannot be accessed from home or elsewhere) which is a business requirement.

The ISP are responsible for configuring the 'meshing' to allow routing between the sites.

We are hoping to host their servers in our offices and each of the sites would be purchasing a separate business fibre broadband line. It is hoped that we would route all the traffic required for their database traffic through the existing ADSL2 line and all Internet and local server traffic via the new fibre line.

My questions are on the lines off
1) firstly if this is achievable, what try of Cisco switch would I look at purchasing to carry out the routing?
2) would I need any other hardware for both the client office and our office?
3) most importantly, how would I configure the network and traffic separation  on the clients side?

I realise there will be more questions you will need to clarify therefore I will try my upmost to respond as soon as I can.

Thanks all.
0
Comment
Question by:Immun3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 79

Assisted Solution

by:arnold
arnold earned 668 total points
ID: 40531005
The routing table designating the specific destination traffic to go through the adsl2 feed, everything (meaning you will not have a deafult route going out that adsl2 connection.


You would also use weighted routing such that adsl2 connected location will prefer the route via the fiber versus the default route unless the fiber drops,
Using VPns

What equipment do the have? Usually if you have a router that can handle two connections one ADSL2 and one fiber or ....

Ip route x.x.x.x 255.255.255.255 adsl2interface
Ip route 0.0.0.0 0.0.0.0 fiberfeed  10
Ip route 0.0.0.0 0.0.0.0 adsl2interface 100
If you then using the fiber establish an OSPF type of routing update, you would send x.x.x.x  advertisement with a higher preference compared to their default routes or you can create a VIM interface on the adsl2 side that tunnels out this way everyone except people at the location will connect to adsl2 site local IP I.e. 192.168.3.254 translates/forwards packets to x.x.x.x NATing the source.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 40531010
I don't see why you should need to have multiple ISP connections at each site. Accessing the secure, web based database con be done either over a VPN connection, or over the public Internet if you enforce IP restrictions at the web server and/or firewall to only Internet traffic from the public addresses of those remote offices. I would still want the web server to be over SSL/TLS, but that is a way to ensure that access only happens from the offices. You always need to be sure that if VPN access to any site is allowed that VPN users don't have access to the database if that is your requirement. It is a hard thing to enforce, because if someone can get a remote desktop session to their computer they could still access the database, for example.
0
 
LVL 47

Accepted Solution

by:
Craig Beck earned 668 total points
ID: 40531322
You should use a Cisco router to do PBR.  This will let you send database traffic via the MPLS link and internet traffic via the fibre internet link.  It's a simple solution.
0
Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

 

Author Comment

by:Immun3
ID: 40531765
Thanks Guys!
Seems complicated:-(

The small office have to have the ADSL link as part of their establishment contract and the software support company for the database will only allow connections to the web server through this link. They are looking at allowing us to access the database through our own independant lines i am assuming via a VPN connection but this will be in the next 24months.

The ADSL2 line currently comes in on a Cisco 880 series router. Since this is provided by the ISP (Azzurri) we have no access to it. Again, the Virgin fibre broadband comes in on a home/business router but i need to check whether i have access to this in terms of configuration.

Craig your solution with the Cisco router carrying out PBR seems exactly what i would like to achieve. I would be grateful if you could briefly summarise how this works and would you know which router i would need to purchase?

I am assuming i will probably also require a Cisco 3760 series switchto be used as a core? Would i be able able create my VLANs (i.e. database, internet and guest) and then connect both adsl and fibre connections to this switch via cat5e? The router carrying out PBR would then connect into this switch?

Thanks guys for all your assistance!
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 664 total points
ID: 40531841
Any Cisco router, such as a used 800 series should work. You will need to be able to get changes made to it, either yourself or the company that manages it.

I highly doubt that the environment is locked down such that if sent traffic over your own connection that it wouldn't work. Their setup shouldn't know the difference. They just won't support it.

Any Cisco switch, such as the 2960 can do VLANs, and you can do all routing via routers and there is no need to do it at the switch. Routing can be done by a switch, but it tends to be more expensive because you need to license higher feature sets whereas the routers tend to have everything you need.


If you still need to have office to office communication and don't want to use the ADSL, the way to do that is with VPN connections between all of the routers. If you do that, you should be able to just unplug the ADSL connections.

Logically (as opposed to physically) the switch should be plugged into the router you control, and then the two WAN connections need to be plugged into that router. Your router would then route most traffic to the Virgin fibre, but it would have a policy that says that for traffic to/from the database web server send the traffic over the ADSL.
0
 

Author Closing Comment

by:Immun3
ID: 40533227
Thanks for all your input guys, definitely got me on the right track.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This program is used to assist in finding and resolving common problems with wireless connections.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question