Visibility of two networks

Nicholas Edwardfs
Nicholas Edwardfs used Ask the Experts™
on
We have a Draytek 2860n router with a VADSL connection, all machines are using the subnet 255.255.255.0 on the range 192.168.0.0 - 254. We are moving to a new hosted server for our sales software have had a new leased line installed which connects to the server one end and is connected to a Cisco box at our end, this network is on the range 10.146.50.0 - 254. How can I connect the new leased line to the Draytek router so that all machines on the network can seamlessly access to the hosted server. In another words, I need a machine on our Draytek router LAN to run to the hosted server \\10.134.3.161 through the leased line router IP of 10.146.50.254. Makes sense?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
nociSoftware Engineer
Distinguished Expert 2018

Commented:
Do you have an internal connection between those routers... (Are they in the same room?)... If so some routing statements & filters on the firewall on both should be sufficient.

IF they are far apart (different locations..  etc.) you can also build a VPN tunnel between then using f.e. IPSEC (prefered), or OPenVPN. (And also adjust the filewall filters on both ends).

Author

Commented:
They are in the same room.
Software Engineer
Distinguished Expert 2018
Commented:
You could create a separate VLAN on both systems.
Use a different address on that VLAN (say 192.168.254.1/30 Draytec, 192.168.254.2/30 for Cisco)
Assign a port to that VLAN on both routers.
Run a cable between those ports.

Add a route on draytec:     network 10.146.50.0/24  with gateway: 192.168.254.2
Add a route on Cisco:     network 192.168.0.0/24 with gateway 192.168.254.1
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Well, first of all, one should ask "Why does the Cisco have a LAN  of 10.146.50.0/24 in the first place?
The simplest solution would appear to be that it be the same as your existing LAN such as an address 192.168.0.233 with LAN DCHP turned OFF.
Then, add a route to the Draytek 2860n router that directs packets destined for the hosted server PUBLIC IP address or range to the Cisco on the LAN.  The Cisco will know what to do with those packets.
That is all.....

Slightly more but pretty easy:
Add a router that's in Router mode and not Gateway/NAT mode to the network.
TURN OFF DHCP on this router.  TURN OFF the firewall on this router.
It doesn't have to be much of a router ....
Put the LAN side on 192.168.0.0/24 with some local address and plugged into that LAN.
Put the WAN side on 10.146.50.0/24 with an address local to THAT subnet and plugged into that LAN.,
This will bridge the two subnets.
Next, put a route in the Draytek, pointing to the added router local IP address (i.e. in 192.1658.0.0/24).
Next, put a route in the Cisco, pointing to the added router local IP address (i.e. in 10.146.50.0/24).

Packets destined from the current LAN computers will go to their gateway (the Draytek).
The Draytek will direct those packets to the bridge router.
The bridge router will direct those packets to whatever device is in the destination address - I guess only the Cisco.
The Cisco will send the packets to the hosted server public IP address.
Return packets are similar:
The Cisco will sent the return packets to the bridge router.
The bridge router will direct those packets to whatever device is in the destination address.
(The Draytek won't be involved in this situation).
nociSoftware Engineer
Distinguished Expert 2018

Commented:
@Fred:
When routing back through the same LAN interface the network capacity will be halved, due to U-turn packets.
Better setup would then be to have each system have a specific route to the "intermediate router" for the other side...
Which is a larger maintenance burden.

And if such routes need to be added anyway then why not though a separate interface.

The problem may be with control.. can the routes be setup on the routers,  does the ISP have to do that or can the asker do it  on his own.
noci:  That's an interesting perspective but is actually a comment on network capacity in the limit.  I'd not expect one to reach those levels in a reasonably-configured network with Gigabit links.  Of course, I'm assuming the common Full Duplex interface mode - which, by itself, likely eliminates the concern.  

If there are separate interfaces available then I suppose that might at least provide a cosmetic improvement.  And, perhaps, a real one but that seems elusive to me.

I surely agree that one cannot control a thing for which they don't have control.... But, one has to start somewhere, right?

And, I have to assume that adding a route to any machine is easier to set up and manage than adding a VLAN.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
A VLAN is just "another" interface.


For Draytex a VLAN is added by selecting add a VLAN somehwere on the menu, and assign an interface from the LAN side to it.

on Cisco with
vlan database
   vlan XXX
  exit

interface VLANXXX
   ip address 192.168.254.1 255.255.255.252

and assign it to a port:
interface ethernet PPPP
    switchport mode access
    switchport access  vlan XXX
noci:  I know this is a bit picky:  I would caution that saying "a VLAN is another interface" could be misleading because a VLAN isn't an interface in the physical sense.  A VLAN may *use* a physical interface.

While one may assign a physical port to an individual VLAN, it's not necessary - but likely common.
What one must do is to assign a VLAN to physical port(s) in order to make use of the VLAN.
The *port* is the interface.  The VLAN is a signalling mechanism.
So, it's just as common to see a VLAN assigned to multiple physical interfaces just as it's common to see a VLAN assigned to a single physical interface.

VLANs have a hardware drawback.  A switch configured with VLANs no longer has the property of "all ports are treated the same".  So, someone has to have a physical diagram or list of which port is which.  And, a more casual user can't just "plug in" to such a switch as is often the case.  Not a big deal for technical people who know what's been done.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
Interface is any point where a medium transfers to something else, not just networks. It also is about "user-interface", etc. etc.
A port is an interface (cable-> memory)  but not the other way around..

In the context of this question, (and from the perspective of a router, or OS config) a VLAN is just another interface.
The OS abstractions are also the same as "just" another "ethernet"  in this sense (on Linux, Cisco IOS, OpenVMS, ).
(all the tagging stuff etc. is abstracted away, that is done through declaring them through vconfig, "vlan database" , or "MCR LANCP SET DEV VLAN ..."  all creating an interface abstract in the OS that looks like a regular physical interface.).

Physical  I agree, ... quite different.
And when mapping networks also each VLAN needs to be overlayed on the Physical network.
and besides that capacity needs to be kept in view as well as multiple networks across one connection will compete for bandwidth & latency.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial