Multiple routers in network and Internet loss
Got called in to look at a very strange network the other day... They were running a business off a (A) Linksys E2500 home wireless router. Now off of this router is one cable going to a (B) Mako dual wan appliance, which then goes to a (C) Cybera appliance which hosts a VPN connection as well as a (D) Cisco RV042 router. Now the other cable off the original router goes to another (E) E2500 Linksys router which only has a laptop and provides wireless to a printer and cell phones for employees.
Now router (A) is controlling PPPoE from a bridged DSL modem. Router (A) IP is 192.168.1.1 and servicing everything via DHCP (This will change in near future). Router (E) acting as an access point is also LAN IP of 192.168.1.1 and handing out DHCP. The laptop connected to (E) also has a secondary NIC via USB that connects to some point in the other side of the network. The Mako fails over to secondary ISP (Cellular) after only a few minutes and generally won't return. I believe either the laptop router (E) is creating the problem. Router (A) is experiencing over 2,000ms latency and over 5% packet loss. So I removed router (A) and reconfigured the DSL modem to handle the PPPoE and this now becomes router (A) in the equation. This router is set to 192.168.0.1 and has around 25ms latency with less than 2% packets loss and everything works great! We are keeping an eye on this for a week or so, before any more changes are made.
Eventually the Mako should be the router and have multiple subnets, and the DSL modem will be a bridge again. Not worried about this part of the story.
My question refers to: "I believe either the laptop router (E) is creating the problem." Please make your argument as to what the problem was.
Now router (A) is controlling PPPoE from a bridged DSL modem. Router (A) IP is 192.168.1.1 and servicing everything via DHCP (This will change in near future). Router (E) acting as an access point is also LAN IP of 192.168.1.1 and handing out DHCP. The laptop connected to (E) also has a secondary NIC via USB that connects to some point in the other side of the network. The Mako fails over to secondary ISP (Cellular) after only a few minutes and generally won't return. I believe either the laptop router (E) is creating the problem. Router (A) is experiencing over 2,000ms latency and over 5% packet loss. So I removed router (A) and reconfigured the DSL modem to handle the PPPoE and this now becomes router (A) in the equation. This router is set to 192.168.0.1 and has around 25ms latency with less than 2% packets loss and everything works great! We are keeping an eye on this for a week or so, before any more changes are made.
Eventually the Mako should be the router and have multiple subnets, and the DSL modem will be a bridge again. Not worried about this part of the story.
My question refers to: "I believe either the laptop router (E) is creating the problem." Please make your argument as to what the problem was.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
One thought ... wherever devices are connected to devices, I would recommend making sure they are hard-coded to the highest common denominator of "<speed>/Full-Duplex" (wherever possible) for the short-term.
The other thought is ... What Wayne88 said ... "Why did they set it up like that?"
The other thought is ... What Wayne88 said ... "Why did they set it up like that?"
"Cybera will be behind that with its VPN (Mandated by their corporate)"
Ok so this must stay and you can accomodate this in different ways (DMZ, port forward, etc.) after the main router.
Sorry Jason, I won't be much help. Not sure where to start.
Ok so this must stay and you can accomodate this in different ways (DMZ, port forward, etc.) after the main router.
Sorry Jason, I won't be much help. Not sure where to start.
Hi Jason,
I fully agree! Get rid of all those junky, residential-grade network devices that are pretty much worthless from a security standpoint. All of them run a 1996 technology...SPI (Stateful Packet Inspection). You need a NGFW (Next-Generation Firewall) to protect the network from today's threats. Go with a SonicWALL TZ300 at minimum and it will handle all of the load that all four units are doing now easily. I say minimum because that is the lowest device that will perform DPI-SSL and has the capabilities of running a virtualized, multi-engine, network sandbox. In order to determine the correct unit you need to perform a sizing analysis. I can help you with that if you like...just send me an email.
Let me know if you have any specific questions!
I fully agree! Get rid of all those junky, residential-grade network devices that are pretty much worthless from a security standpoint. All of them run a 1996 technology...SPI (Stateful Packet Inspection). You need a NGFW (Next-Generation Firewall) to protect the network from today's threats. Go with a SonicWALL TZ300 at minimum and it will handle all of the load that all four units are doing now easily. I say minimum because that is the lowest device that will perform DPI-SSL and has the capabilities of running a virtualized, multi-engine, network sandbox. In order to determine the correct unit you need to perform a sizing analysis. I can help you with that if you like...just send me an email.
Let me know if you have any specific questions!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"Even if Router (E) is configured to be a passthrough (plugging into its LAN ports) it's management port should not conflict with Router (A), which it appears to do. Only one DHCP server should exist, but if because of limitations there has to be more there should only be one per subnet. This can cause conflicts where one DHCP table doesn't talk to the other...double assignments can occur, etc."
I just have a feeling the above environment involved one router (if not more) grabbing DHCP address from another router then there are multiple NATs. I am throwing in the towel.
I just have a feeling the above environment involved one router (if not more) grabbing DHCP address from another router then there are multiple NATs. I am throwing in the towel.
ASKER
Thank you all for the comments. This was really to validate to client that this network was a mess and changes need to be made. Blue Street, you went far above and beyond the call of duty on this one! I hope others see your response for future benefits.
Thank you for the compliments! I'm glad I could help...thanks for the points!
Glad to be a help. Cheers!
ASKER