|
it
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Multi-WAN loadbalancing & RRAS.I recently joined as sysadmin. Existing setup is as follows:
We have 3 ISP connections and all of them connected directly to the network switch. all clients have 2 gateway IPs in the network config. I read in a magazine that this setup is a unsecured & "not recommended" setup . I am not a expert guy. I need help for the following: 1) why is this a unsecured & "not recommended" setup ? ( I need to convince my seniors, as this setup has been working well for past 5 years.) 2) How can I load balance multiple ISPs ? Can I setup a RRAS with VPN server and install additional 3 NICs and connect all the ISP to the server and on the client side create a dial-up connection to the VPN Server? will this acheive my goal ? Thanks in advance. Hello raj-blr,
If you have multiple ISP connections use multiport router, that way you have one default gateway for the client machines internally. How did you configure the clients with multiple DG's on one NIC? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm Show quoteHide quote > I recently joined as sysadmin. Existing setup is as follows: > > We have 3 ISP connections and all of them connected directly to the > network > switch. all clients have 2 gateway IPs in the network config. > I read in a magazine that this setup is a unsecured & "not > recommended" > setup . > I am not a expert guy. I need help for the following: > 1) why is this a unsecured & "not recommended" setup ? ( I need to > convince > my seniors, as this setup has been working well for past 5 years.) > 2) How can I load balance multiple ISPs ? > Can I setup a RRAS with VPN server and install additional 3 NICs and > connect > all the ISP to the server and on the client side create a dial-up > connection > to the VPN Server? will this acheive my goal ? > Thanks in advance. > It was configured by the previous sys admin.
In the Advanced properties of TCP/IP , there were 2 enteries for the default gateway. Would appreciate if you could help me with my other (refer below) queries too. Show quoteHide quote "Meinolf Weber [MVP-DS]" wrote: > Hello raj-blr, > > If you have multiple ISP connections use multiport router, that way you have > one default gateway for the client machines internally. How did you configure > the clients with multiple DG's on one NIC? > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > I recently joined as sysadmin. Existing setup is as follows: > > > > We have 3 ISP connections and all of them connected directly to the > > network > > switch. all clients have 2 gateway IPs in the network config. > > I read in a magazine that this setup is a unsecured & "not > > recommended" > > setup . > > I am not a expert guy. I need help for the following: > > 1) why is this a unsecured & "not recommended" setup ? ( I need to > > convince > > my seniors, as this setup has been working well for past 5 years.) > > 2) How can I load balance multiple ISPs ? > > Can I setup a RRAS with VPN server and install additional 3 NICs and > > connect > > all the ISP to the server and on the client side create a dial-up > > connection > > to the VPN Server? will this acheive my goal ? > > Thanks in advance. > > > > > > We have 3 ISP connections Why? What purposes are these assumed to be serving?What physical types of connections are these? DSL, cable, T1, what? > and all of them connected directly to the network switch. Without a router?> all clients have 2 gateway IPs in the network config. For any number of reasons. More details about your current setup and the > I read in a magazine that this setup is a unsecured & "not recommended" > setup . reasons it's done that way are needed before making suggestions. > 2) How can I load balance multiple ISPs ? Not without hardware dedicated to the purpose. Even then you may not get what you want. Which is, what, exactly? > Can I setup a RRAS with VPN server and install additional 3 NICs and Where does a VPN suddenly enter into the 'goals'?> connect > all the ISP to the server and on the client side create a dial-up > connection > to the VPN Server? will this acheive my goal ? A lot more detail is necessary before anyone could hope suggest effective solutions. -Bill Kearney Thanks for your reply.
Below are the answers for your queries: > > We have 3 ISP connections I am just 15 days old in this company. The previous sysadmin had suggested > > Why? What purposes are these assumed to be serving? the management as a fail-over solution. > What physical types of connections are these? DSL, cable, T1, what? All three connections are DSL.> > and all of them connected directly to the network switch. The ISP DSL router is directly connected to the LAN Switch.> > Without a router? > > all clients have 2 gateway IPs in the network config. The previous sysadmin is no more reachable.> For any number of reasons. More details about your current setup and the > reasons it's done that way are needed before making suggestions. As for the input I received, All clients have 2 gateway IPs because if one gateway (ISP) fails the traffic will be routed to other gateway (ISP) Show quoteHide quote "Bill Kearney" wrote: > > We have 3 ISP connections > > Why? What purposes are these assumed to be serving? > > What physical types of connections are these? DSL, cable, T1, what? > > > and all of them connected directly to the network switch. > > Without a router? > > > all clients have 2 gateway IPs in the network config. > > I read in a magazine that this setup is a unsecured & "not recommended" > > setup . > > For any number of reasons. More details about your current setup and the > reasons it's done that way are needed before making suggestions. > > > 2) How can I load balance multiple ISPs ? > > Not without hardware dedicated to the purpose. Even then you may not get > what you want. Which is, what, exactly? > > > Can I setup a RRAS with VPN server and install additional 3 NICs and > > connect > > all the ISP to the server and on the client side create a dial-up > > connection > > to the VPN Server? will this acheive my goal ? > > Where does a VPN suddenly enter into the 'goals'? > > A lot more detail is necessary before anyone could hope suggest effective > solutions. > > -Bill Kearney > > The previous sysadmin sounds like an idiot. This presumably being the
reason he's gone? > The ISP DSL router is directly connected to the LAN Switch. One router, from each DSL? Or all three DSL links into the same router?> The previous sysadmin is no more reachable. Which isn't what will happen.> As for the input I received, All clients have 2 gateway IPs because if one > gateway (ISP) fails the traffic will be routed to other gateway (ISP)
Show quote
Hide quote
"raj-blr" <raj-***@discussions.microsoft.com> wrote in message news:BC1FB115-4188-452A-AB7E-7BB94BD79223@microsoft.com... The only way I know of using multiple ISPs, and usually I hear of having two, not three ISPs, is having a router that supports multiple WAN links. On top of that, it won't 'load balance' rather it is for fault tolerance so when one goes down, the other one picks up the connection. It's for backup.>I recently joined as sysadmin. Existing setup is as follows: > > We have 3 ISP connections and all of them connected directly to the network > switch. all clients have 2 gateway IPs in the network config. > I read in a magazine that this setup is a unsecured & "not recommended" > setup . > > I am not a expert guy. I need help for the following: > 1) why is this a unsecured & "not recommended" setup ? ( I need to convince > my seniors, as this setup has been working well for past 5 years.) > 2) How can I load balance multiple ISPs ? > Can I setup a RRAS with VPN server and install additional 3 NICs and connect > all the ISP to the server and on the client side create a dial-up connection > to the VPN Server? will this acheive my goal ? > > Thanks in advance. What is the purpose of load balancing? Increased speeds? I would think it be cheaper to go with one and increase your bandwidth with the connection, if that is the case. As for security, if it is truly load balancing, meaning you never know which line is actually routing any specific internal traffic, then how do you keep track of who's knocking on the door trying to come in? You would have three doors in such a scenario. I've found there's enough to juggle with one door concerning traffic control, packet filtering for inbound/outbound traffic, VPN connectivity, etc. By rights, all and any machine should have one 'default' gateway, literally the doorway out of the building, so to speak. You can have multiple gateways or doorways in a building, and a person, so to speak, can choose which door to exit by, and by the same token you can enter multiple static gateways to other subnets and such with higher metrics on a machine, but there is always only one default gateway to get out of the network. Now for inbound traffic, such as for web servers, etc, there are devices such as BigIP that will allow you to put a farm of webservers behind it, and the outside connections would connect to the outside interface of the BigIP appliance. But for traffic load balancing with multiple ISPs, I have not heard of that. You said in a reply to Meinolf that it was configured by a previous admin. Was it working? Also, what magazine article did you read? Is there a link to it on the web? -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT Microsoft Certified Trainer ace***@mvps.RemoveThisPart.org For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers. "Efficiency is doing things right; effectiveness is doing the right things." - Peter F. Drucker http://twitter.com/acefekay Thanks for your reply.
I have Question, Are there any security risks in connecting the ISP DSL router directly to the LAN switch ? If yes, what are they ? Show quoteHide quote "Ace Fekay [Microsoft Certified Trainer]" wrote: > "raj-blr" <raj-***@discussions.microsoft.com> wrote in message news:BC1FB115-4188-452A-AB7E-7BB94BD79223@microsoft.com... > >I recently joined as sysadmin. Existing setup is as follows: > > > > We have 3 ISP connections and all of them connected directly to the network > > switch. all clients have 2 gateway IPs in the network config. > > I read in a magazine that this setup is a unsecured & "not recommended" > > setup . > > > > I am not a expert guy. I need help for the following: > > 1) why is this a unsecured & "not recommended" setup ? ( I need to convince > > my seniors, as this setup has been working well for past 5 years.) > > 2) How can I load balance multiple ISPs ? > > Can I setup a RRAS with VPN server and install additional 3 NICs and connect > > all the ISP to the server and on the client side create a dial-up connection > > to the VPN Server? will this acheive my goal ? > > > > Thanks in advance. > > > > The only way I know of using multiple ISPs, and usually I hear of having two, not three ISPs, is having a router that supports multiple WAN links. On top of that, it won't 'load balance' rather it is for fault tolerance so when one goes down, the other one picks up the connection. It's for backup. > > What is the purpose of load balancing? Increased speeds? I would think it be cheaper to go with one and increase your bandwidth with the connection, if that is the case. > > As for security, if it is truly load balancing, meaning you never know which line is actually routing any specific internal traffic, then how do you keep track of who's knocking on the door trying to come in? You would have three doors in such a scenario. I've found there's enough to juggle with one door concerning traffic control, packet filtering for inbound/outbound traffic, VPN connectivity, etc. > > By rights, all and any machine should have one 'default' gateway, literally the doorway out of the building, so to speak. You can have multiple gateways or doorways in a building, and a person, so to speak, can choose which door to exit by, and by the same token you can enter multiple static gateways to other subnets and such with higher metrics on a machine, but there is always only one default gateway to get out of the network. > > Now for inbound traffic, such as for web servers, etc, there are devices such as BigIP that will allow you to put a farm of webservers behind it, and the outside connections would connect to the outside interface of the BigIP appliance. But for traffic load balancing with multiple ISPs, I have not heard of that. > > You said in a reply to Meinolf that it was configured by a previous admin. Was it working? > > Also, what magazine article did you read? Is there a link to it on the web? > > -- > Ace > > This posting is provided "AS-IS" with no warranties or guarantees and > confers no rights. > > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT > Microsoft Certified Trainer > ace***@mvps.RemoveThisPart.org > > For urgent issues, you may want to contact Microsoft PSS directly. Please > check http://support.microsoft.com for regional support phone numbers. > > "Efficiency is doing things right; effectiveness is doing the right things." - Peter F. Drucker > http://twitter.com/acefekay > > "raj-blr" <raj***@discussions.microsoft.com> wrote in message news:F881651E-2BE5-40CB-B89B-441137BD72CD@microsoft.com... Well, I wouldn't do it because of decreased security, but you can until you get a good firewall/router, such as Cisco ASA5505. There are other competitive products that will work, as well.> Thanks for your reply. > > I have Question, > > Are there any security risks in connecting the ISP DSL router directly to > the LAN switch ? If yes, what are they ? > Ace Thanks for your support.
Show quoteHide quote "Ace Fekay [Microsoft Certified Trainer]" wrote: > "raj-blr" <raj***@discussions.microsoft.com> wrote in message news:F881651E-2BE5-40CB-B89B-441137BD72CD@microsoft.com... > > Thanks for your reply. > > > > I have Question, > > > > Are there any security risks in connecting the ISP DSL router directly to > > the LAN switch ? If yes, what are they ? > > > > Well, I wouldn't do it because of decreased security, but you can until you get a good firewall/router, such as Cisco ASA5505. There are other competitive products that will work, as well. > > Ace > > > > "raj-blr" <raj***@discussions.microsoft.com> wrote in message You are welcome!news:F6E3CC36-B407-4DFE-82B3-546612F72A78@microsoft.com... > Thanks for your support. Ace Try LinkSYS RV-042 or PEPLink products
Show quoteHide quote "raj-blr" wrote: > I recently joined as sysadmin. Existing setup is as follows: > > We have 3 ISP connections and all of them connected directly to the network > switch. all clients have 2 gateway IPs in the network config. > I read in a magazine that this setup is a unsecured & "not recommended" > setup . > > I am not a expert guy. I need help for the following: > 1) why is this a unsecured & "not recommended" setup ? ( I need to convince > my seniors, as this setup has been working well for past 5 years.) > 2) How can I load balance multiple ISPs ? > Can I setup a RRAS with VPN server and install additional 3 NICs and connect > all the ISP to the server and on the client side create a dial-up connection > to the VPN Server? will this acheive my goal ? > > Thanks in advance.  
Other interesting topics
Routing and Remote Access NAT - I need to modify TTL
Branch Domains slow access using port 445 Dead DC - Slow internet resulting My home PC as a virtual network adaptor. Cable Termination - What Happens If DHCP not serving 2nd scope Public Exchange Server Network diagram IAS Event ID 2: reason code 23: Unknown - Clients cant authticate |
|||||||||||||||||||||||
