Network Config (was Re: [NBLUG/talk] Changed Network)

Walter Hansen gandalf at sonic.net
Fri Apr 30 14:00:24 PDT 2004


I did think of that, but I personally consider sonic themselves to be very
very reliable and I know they have a better incoming bandwith than most of
their competitiors. The two lines are BroadLink wireless and fast aDSL.

You also have to consider that these are *simple* inexpenisve routers and
not cisco 2500s. All the routers were purchased for less than the cost of
a single cisco router. Yes a single Cisco router could do the same job and
that was a considered option.

Yes I have considered putting servers on the 192.168.100 network but there
is no real need so I have not.

>
>> The idea is to create two seperate networks off the two high speed
>> connections. The two networks should be fairly secure from one
>> another. Traffic from one 192.168.0 cannot see traffic from
>> 192.168.33.
>>
>>      Sonic.net
>>       |     |
>>       |     |
>>       |     |       also forwarding nessicary ports
>>  Balancing Router (nating 192.168.100) gateway to internet
>>      |        |
>>      |        | 192.168.100 network
>>      |    Router2 (in design only-not there yet)
>>      |        \
>>      |         \
>>      |          ---- 192.168.0 network (agin not there yet)
>>      |
>>    Router1 192.168.33 network providing nat DHCP (to non servers) and
>>      |                        port forwarding
>>      |
>>     Switch
>>     | | | \
>>     computers
>
>
> With no offense intended toward Sonic (who I regard as distinctly
> "best-of-breed" among ISP's), whenever I see 2+ links to the outside I
> like to place 'em with different carriers so serious errors on one won't
> take you offline.  What's the technology on those lines?  T1?
>
> For most purposes, I would expect you could eliminate Router1 & Router2
> and place their functions onto the "balancing router" (if it has the
> CPU/RAM capacity to handle all the functionality; NAT-PAT stuff can take
> a lot of power).  The right "ACLs" or other policies should keep the
> networks separate.
>
> If you're feeling the need of security, you've created 2 "DMZ's" with
> this 2-layer design (the two segments between the balancing router" and
> the "RouterN" routers), and could place your "semi-public" servers there
> (I guess the 192.168.100.0/24 net is in use already?  Turning it into a
> DMZ may not be viable).
>
>
> - Steve S.
>
>
>
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk







More information about the talk mailing list