Network Design questions

Network Design questions

Post by David H. Funt » Thu, 03 Aug 2000 04:00:00



I don't do a lot of multiple server setups, and so I would appreciate some
input on the following plan.

I have two Openserver 5.04 servers in two different cities.

They are connected via PPP over a low bandwitch 38k connection.   My goal is
to keep trafic between cites at a minimun - while allowing full access to
each server, and all print servers on the network.

I am planning to do the following..

(1) Connect both servers with subnet mask of 255.255.0.0

            Server #1 IP is 192.168.1.1   - GATEWAY
            Server #2 IP is 192.168.2.1   - GATEWAY

(2) Each city has a PC LAN.

     City #1 will be in the 192.168.1 network.  The subnet mask on all the
PC's will be 255.255.255.0
     City #2 will be in the 192.168.2 network.  The subnet mask on all the
PC's will be 255.255.255.0

     The PC's will telnet into the UNIX systems, and access Print servers.
I want them to be able to
     access either UNIX system, and any Print server in either city.

(3) All PC's will have the tcpip Gateway defined as the local UNIX server.
i.e.;  The gateway for the 192.168.1 network will be 192.168.1.1.  The
gateway fot the 192.168.2 network will be 192.168.2.1

-------------------------------------------------------

I've tested this, and it seems to work.  However I have these questions.

The servers are part of the 255.255.0.0 subnet mask, and the PC's in each
town are part of the 255.255.255.0 subnet mask which form the local network.
Since each server is the Windows gateway, any requests for the other cities
addresses are routed through the local gateway to the other city  - since
the two servers are part of the same netmask.  However any traffic that is
part of the local network stays local.

Question #1: Is there anything *BAD* about mixing netmasks.

Question #2: does this setup actually acomplish my goal of minimizing
traffic over the 38k PPP connection?

---------------------

Question #3:  Each city has it's own internet router.  The address of each
router is 192.168.1.201 in City #1,  and 192.168.2.201 in City #2.
        I've noticed that I can list the UNIX server as the only gateway on
both LANs if I add the following to the UNIX routing table.

        City #1 UNIX routing table:  route add 0.0.0.0  192.168.1.201
        City #2 UNIX routing table:  route add 0.0.0.0  192.168.2.201

        this seems to cause any "foreign" ip addresses to filter through to
the internet gateway.  The tracert command seems to prove this true.

        Examples:

        tracert microsoft.com  -   first jumps to the local gateway (the
UNIX server), and then it jumps through the internet router, then hops and
skips to the evil empire.

        tracert 192.168.1.201 - from the 192.168.1 network jumps directly to
that address.
        tracert 192.168.2.1 - from the 192.168.1 network first jump to the
192.168.1.1 UNIX GATEWAY, and then hops to the 192.168.2.1 server.

Is there anything wrong with creating a route to the 0.0.0.0 network?  It
looks weird to me, but it seems to works.

--------------------------------------------

thanks, in advance, for your input

--

 
 
 

Network Design questions

Post by Bill Vermilli » Fri, 04 Aug 2000 04:00:00



Quote:>I have two Openserver 5.04 servers in two different cities.
>They are connected via PPP over a low bandwitch 38k connection. My
>goal is to keep trafic between cites at a minimun - while allowing
>full access to each server, and all print servers on the network.
>I am planning to do the following..
>(1) Connect both servers with subnet mask of 255.255.0.0

>            Server #1 IP is 192.168.1.1   - GATEWAY
>            Server #2 IP is 192.168.2.1   - GATEWAY

With a 192.168.1.1 and 2.1 you only need a 255.255.252.0.  If you
had chosen 192.168.0.1 and 192.168.1.1 you could used 255.255.254.0
The former supernets four 256 address blocks while the latter only
two.    

.........

Quote:>-------------------------------------------------------
>I've tested this, and it seems to work. However I have these
>questions.

>The servers are part of the 255.255.0.0 subnet mask, and the PC's
>in each town are part of the 255.255.255.0 subnet mask which form
>the local network. Since each server is the Windows gateway, any
>requests for the other cities addresses are routed through the
>local gateway to the other city - since the two servers are part
>of the same netmask. However any traffic that is part of the local
>network stays local.
>Question #1: Is there anything *BAD* about mixing netmasks.

You don't 'mix' subnets.  You use them to split of combine groups
of addresses into more manageable or routeable hunks.

Quote:>Question #2: does this setup actually acomplish my goal of minimizing
>traffic over the 38k PPP connection?

Not really.  But you mention internet connection below - and didn't
mention here - which router has the internet connection. That make
a difference in how the routing tables should be set up.

Quote:>---------------------
>Question #3: Each city has it's own internet router. The address of
>each router is 192.168.1.201 in City #1, and 192.168.2.201 in City
>#2.
>        I've noticed that I can list the UNIX server as the only
>gateway on both LANs if I add the following to the UNIX routing
>table.
>        City #1 UNIX routing table:  route add 0.0.0.0  192.168.1.201
>        City #2 UNIX routing table:  route add 0.0.0.0  192.168.2.201

You only use the 0.0.0.0 for what is sometimes called the gateway
of last resort.  I'm assuming only one router is connected to the
internet and the other goes through the first.  If so only the
non-connected can have 0.0.0.0 routed to the connected one, but
make sure the connected one has a route to the non-connected one
and with a netmask of 255.255.255.0.   That will make sure that
data only goes to where it is needed and will cut down on your
traffic - which was your stated design goal.

Quote:>        this seems to cause any "foreign" ip addresses to filter
>through to the internet gateway. The tracert command seems to prove
>this true.

I'd suggest reading up a bit on IP routing.  The 0.0.0.0 is used
only when previous routing statements don't match.  It is the 'use
this because I don't know where to got for this' and it sends it
out to the next router upstream.

Quote:>Is there anything wrong with creating a route to the 0.0.0.0
>network? It looks weird to me, but it seems to works.

No - it is needed if you have outside connectivity.  If you only
connect to each city you can dispense with that and make specific
routes so that if someone types an IP number outside the range you
would get a 'network unreachable' or similar message.

--


 
 
 

Network Design questions

Post by David H. Funt » Fri, 04 Aug 2000 04:00:00





> >I have two Openserver 5.04 servers in two different cities.

> >They are connected via PPP over a low bandwitch 38k connection. My
> >goal is to keep trafic between cites at a minimun - while allowing
> >full access to each server, and all print servers on the network.

> >I am planning to do the following..

> >(1) Connect both servers with subnet mask of 255.255.0.0

> >            Server #1 IP is 192.168.1.1   - GATEWAY
> >            Server #2 IP is 192.168.2.1   - GATEWAY

> With a 192.168.1.1 and 2.1 you only need a 255.255.252.0.  If you
> had chosen 192.168.0.1 and 192.168.1.1 you could used 255.255.254.0
> The former supernets four 256 address blocks while the latter only
> two.

Your answer cleared up the subnet mask for me.  Thank you VERY much!!!
I never did understand anything other than 255 or 0 until your example
above.  It makes perfect sence in binary.
Cool

- Show quoted text -

Quote:> .........
> >-------------------------------------------------------

> >I've tested this, and it seems to work. However I have these
> >questions.

> >The servers are part of the 255.255.0.0 subnet mask, and the PC's
> >in each town are part of the 255.255.255.0 subnet mask which form
> >the local network. Since each server is the Windows gateway, any
> >requests for the other cities addresses are routed through the
> >local gateway to the other city - since the two servers are part
> >of the same netmask. However any traffic that is part of the local
> >network stays local.

> >Question #1: Is there anything *BAD* about mixing netmasks.

> You don't 'mix' subnets.  You use them to split of combine groups
> of addresses into more manageable or routeable hunks.

Potato vs Potatoe...
In other words,  A network is broken down into groups that are defined by
subnets,  right?

Quote:

> >Question #2: does this setup actually acomplish my goal of minimizing
> >traffic over the 38k PPP connection?

> Not really.  But you mention internet connection below - and didn't
> mention here - which router has the internet connection. That make
> a difference in how the routing tables should be set up.

> >---------------------

There is one router in each city to the internet (outbound only in both
cities) and one
Dedicated phone line connecting the two systems through modems.
It is the dedicated modem connection that I wish to protect from high
unnessicary use bacause it is only 38k.

BTW: a tracert ran from a windows system shows that the other city is only
being hit when a request is made for that address.   In other words...

tracert from PC 192.168.1.25 for server 192.168.2.1
            first goes to 192.168.1.1
            then jumps to 192.168.2.1

tracert from PC 192.168.1.25 to 192.168.1.1 jump directly to that address.

Question:  Can't I assume that the 38k PPP path is not being used since is
doesn't show up in the traceroute?

- Show quoted text -

Quote:

> >Question #3: Each city has it's own internet router. The address of
> >each router is 192.168.1.201 in City #1, and 192.168.2.201 in City
> >#2.

> >        I've noticed that I can list the UNIX server as the only
> >gateway on both LANs if I add the following to the UNIX routing
> >table.

> >        City #1 UNIX routing table:  route add 0.0.0.0  192.168.1.201
> >        City #2 UNIX routing table:  route add 0.0.0.0  192.168.2.201

> You only use the 0.0.0.0 for what is sometimes called the gateway
> of last resort.  I'm assuming only one router is connected to the
> internet and the other goes through the first.  If so only the
> non-connected can have 0.0.0.0 routed to the connected one, but
> make sure the connected one has a route to the non-connected one
> and with a netmask of 255.255.255.0.   That will make sure that
> data only goes to where it is needed and will cut down on your
> traffic - which was your stated design goal.

Each city has their own internet router that is separate from the PPP link.

Regarding the 0.0.0.0 route, how else could I route all external network
requests to the internet router?

a traceroute shows that the desired path IS being followed.

tracert from PC 192.168.1.25 to yahoo.com first jumps to the 192.168.1.1
Server,
        and then passes through the Internet router at 192.168.1.201 into
the internet.

Again, I'm assuming that a traceroute shows all that's happening.

Quote:> >        this seems to cause any "foreign" ip addresses to filter
> >through to the internet gateway. The tracert command seems to prove
> >this true.

> I'd suggest reading up a bit on IP routing.  The 0.0.0.0 is used
> only when previous routing statements don't match.  It is the 'use
> this because I don't know where to got for this' and it sends it
> out to the next router upstream.

That's exactly what I want - send it upstream.

Perhaps my use of the word "router" is incorrect.  My internet "router"
allows multiple users to share one $20/mo Internet dialup account.   It is
designed to be defined as the gateway for the PC's.

So, I guess you could say that routing 0.0.0.0 through my "internet router"
is really causing a gateway (the UNIX server)  to pass foreign requests
through my internet gateway.

I agree with your suggestion that I read up on IP routing.

Perhaps there is an "IP routing for dummies" book?

- Show quoted text -

> >Is there anything wrong with creating a route to the 0.0.0.0
> >network? It looks weird to me, but it seems to works.

> No - it is needed if you have outside connectivity.  If you only
> connect to each city you can dispense with that and make specific
> routes so that if someone types an IP number outside the range you
> would get a 'network unreachable' or similar message.

> --


 
 
 

Network Design questions

Post by Tony Lawrenc » Fri, 04 Aug 2000 04:00:00



> Perhaps there is an "IP routing for dummies" book?

There's "Networking for Dummies"
http://www.amazon.com/exec/obidos/ASIN/0764504983/o/qid=965337422/sr=...

but you might also start with
http://aplawrence.com/Unixart/net101.html
http://aplawrence.com/Unixart/route.html and
http://aplawrence.com/Unixart/cidr.html

--

SCO/Linux articles, help, book reviews, tests,
job listings and more : http://www.pcunix.com

 
 
 

Network Design questions

Post by Bill Vermilli » Sat, 05 Aug 2000 04:00:00







>> >(1) Connect both servers with subnet mask of 255.255.0.0
>> >            Server #1 IP is 192.168.1.1   - GATEWAY
>> >            Server #2 IP is 192.168.2.1   - GATEWAY
>> With a 192.168.1.1 and 2.1 you only need a 255.255.252.0.  If you
>> had chosen 192.168.0.1 and 192.168.1.1 you could used 255.255.254.0
>> The former supernets four 256 address blocks while the latter only
>> two.
>Your answer cleared up the subnet mask for me.  Thank you VERY much!!!
>I never did understand anything other than 255 or 0 until your example
>above.  It makes perfect sence in binary.
>Cool

That's the basic trick to understanding addressing - at least it
was for me - just think in binary and it starts to make sense.

Quote:>> You don't 'mix' subnets.  You use them to split of combine groups
>> of addresses into more manageable or routeable hunks.
>Potato vs Potatoe... In other words, A network is broken down into
>groups that are defined by subnets, right?

Subnets or supernets.  Netmasks are used to be able to handle
groups of IP numbers as a single unit.   The term supernet is
typically used when the 3rd octet is less than 255, thus combing
one or more blocks of what used to be called Class C addresses into
one unit.  

Quote:>> >Question #2: does this setup actually acomplish my goal of
>> >minimizing traffic over the 38k PPP connection?
>> Not really.  But you mention internet connection below - and didn't
>> mention here - which router has the internet connection. That make
>> a difference in how the routing tables should be set up.
>There is one router in each city to the internet (outbound only
>in both cities) and one Dedicated phone line connecting the two
>systems through modems. It is the dedicated modem connection that I
>wish to protect from high unnessicary use bacause it is only 38k.

To do this you should really need just two entried in the route
table on each router.   Route the 192.168.1.1 with a 255.255.255.0
netmask through the 192.168.2.201 port, and do the reverse on the
other end.  Then route 0.0.0.0 through the other exit port from the
router.

Quote:>BTW: a tracert ran from a windows system shows that the other city
>is only being hit when a request is made for that address. In other
>words...
>tracert from PC 192.168.1.25 for server 192.168.2.1
>            first goes to 192.168.1.1
>            then jumps to 192.168.2.1
>tracert from PC 192.168.1.25 to 192.168.1.1 jump directly to that
>address.
>Question: Can't I assume that the 38k PPP path is not being used
>since is doesn't show up in the traceroute?

Yes.

Quote:>Each city has their own internet router that is separate from the
>PPP link.
>Regarding the 0.0.0.0 route, how else could I route all external
>network requests to the internet router?

The 0.0.0.0 is typically used as the gateway of last resort after
all the other routes are examined.  If you have only one exit out
of the router then 0.0.0.0 is perfectly fine.  The fun starts when
you get multiple serial links in/out, multiple ethernets, and some
route going out through such things as terminal servers.

Quote:>a traceroute shows that the desired path IS being followed.
>tracert from PC 192.168.1.25 to yahoo.com first jumps to the
>192.168.1.1 Server, and then passes through the Internet router at
>192.168.1.201 into the internet.
>Again, I'm assuming that a traceroute shows all that's happening.

If traceroute shows the proper path then you are okay.  

Quote:>> I'd suggest reading up a bit on IP routing.  The 0.0.0.0 is used
>> only when previous routing statements don't match.  It is the 'use
>> this because I don't know where to got for this' and it sends it
>> out to the next router upstream.
>That's exactly what I want - send it upstream.

I intepreted your message to indicate that you had two routers
linked by a dial-up plus another connection to the internet.  

Quote:>Perhaps my use of the word "router" is incorrect. My internet
>"router" allows multiple users to share one $20/mo Internet dialup
>account. It is designed to be defined as the gateway for the PC's.

Those can be less than fun.  Sometimes they don't do what is
exepected.  

Quote:>So, I guess you could say that routing 0.0.0.0 through my "internet
>router" is really causing a gateway (the UNIX server) to pass
>foreign requests through my internet gateway.
>I agree with your suggestion that I read up on IP routing.
>Perhaps there is an "IP routing for dummies" book?

I personally distrust anything that says 'for dummies'.   Get the
basic TCP/IP under control - try the O'Reilly book for example -
then work up from there to books on routing if you need to.

Bill
--

 
 
 

1. Network design question.

I am looking on some thoughts from you all on a network design question.

Lets say I have 3 sites all connected together like a triangle via fiber
(figure Cisco routers). At each site there is also an internet
connection on another Cisco router. I am running BGP to the net at each
site under the same AS. Everything is great because if one internet
connection goes down it routes to the other. Yah BGP!

Now the issue.

I need to bring the 3 site internal, ie 10.1.x.x, 10.2.x.x, 10.3.x.x.
Great. Put in an OpenBSD firewall between the internet and the LAN.
However I now loose my BGP failover for outbound and inbound traffic if
one of the sites goes down. What I mean is this..

(site1): internet---router---firewall---lan---router to site2 and site3

(site2): internet---router---firewall---lan---router to site1 and site3

(site3): internet---router---firewall---lan---router to site1 and site2

Draw it out as a triangle if it helps to see it.

On each site the default gateway is the firewall. If the router goes
down to the internet at that site there is no way to get the traffic to
go back throught the firewall (and NAT) then out to the next site and
out that firewall.

So thoughts?

Here is what I have so far.

1. Run iBGP between the external and internal routers through the
OpenBSD firewall. I have NAT issues then with in bound packets. The
biggest issues is how do I tell OpenBSD that the internet router is down
. GateD?

2. Write a script that pings the serial interface on the internet router
from the OpenBSD box. If the ping fails then change the default gw on
the box to the internal ethernet on the OpenBSD box at the next site
(would have to hard code the route to the next site on the OpenBSD box).
My question on this is where does the NAT fall into place. Will the
packet head back off the OpenBSD box to the internal router before it
gets NAT'ed if I change the default route?

2. Need disk diagnostics

3. DNS, firewall/network design question

4. How can I make the serial device driver?

5. Network design question.

6. Anybody got new nvidia XFree 4.0 drivers working with Riva TNT 1?

7. A Network design question...

8. DHCP

9. Network application design question

10. hardware design or digital design

11. Chip Design on Linux with the OCEAN IC design system

12. Network application design