Static routing needed?
-
I have 2 sites connected via secure private network (mpls)
SITE A's router can talk to SITE B's router or any other site's router as the upstream router has them in their routing tables.
How do I about getting SITE A's LAN talking to SITE B's LAN?
Do I need to set a static route in each and set the gateway to the opposite site's gateway?
for example:SITE A
WAN = 10.1.1.1
LAN = 192.168.1.0/24SITE B
WAN = 10.1.2.1
LAN = 192.168.2.0/24Static Routes:
SITE A
NETWORK = 192.168.2.0/24 (SITE B's LAN)
GATEWAY = 10.1.2.1 (SITE B's WAN)SITE B
NETWORK = 192.168.1.0/24 (SITE A's LAN)
GATEWAY = 10.1.1.1 (SITE A's WAN)Would the above work? Is that the principle of static routing?
Would RIP benefit this setup?
We also need to ensure that each site can directly access anything on the other site without any port forwarding etc eg RDP, VNC to other clients -
The use of RIP or any other routing protocol, ospf, bgp, isis etc depends on your router setup.
Without knowing if your routers are multi-homes and what they are running it's difficult to say but static routes should be fine as long as the router is aware of what lives beyond the remote router. -
i have created an IPSEC tunnel between SITE A & SITE B via the ISP's PE Router and I can successfully talk from SITE A LAN to SITE B LAN and vice versa.
however, i do not want an IPSEC tunnel as this is an MPLS secure LAN but i can't seem to get SITE A's LAN talking to SITE B's LAN.
The ISP's PE router is only aware of the WAN IP's of SITE A & SITE B.
How would you just do this via routing? -
As stated by Gloom, you might be best to setup a routing protocol to do this. Ask if your ISP will peer with you (OSPF or RIP whatever you want to use). This way, depending on the routing protocol configuration, any networks attached to either remote end will be distributed out into the MPLS network.
If your ISP will no peer with you, they will have to setup the routing on the MPLS network to get the traffic routing properly.
HTH
-
The static routes idea looks fine for me… Did it work?
-
no it didn't unless I was doing something wrong.
ROUTER A (LAN) can ping ROUTER C (WAN) via ROUTER B and vice versa.I can't seem to get ROUTER A (LAN) to ping ROUTER C (LAN)
anybody help here? see diagram below.
-
Router A needs to know it has to route C's subnet through B, and the other way around
You need additional static routes on A and C that route the opposite router's LAN subnet through B
-
thanks. so going back to the original post, would this work?
ROUTER B is only aware of ROUTER A WAN (10.1.1.1/32) & ROUTER C WAN (10.1.2.1/32). It is not aware of the LANS
SITE A
WAN = 10.1.1.1
LAN = 192.168.1.0/24SITE C
WAN = 10.1.2.1
LAN = 192.168.2.0/24Static Routes:
SITE A
NETWORK = 192.168.2.0/24 (SITE C's LAN)
GATEWAY = 10.1.2.1 (SITE C's WAN)SITE C
NETWORK = 192.168.1.0/24 (SITE A's LAN)
GATEWAY = 10.1.1.1 (SITE A's WAN)would the above be correct and allow site A to talk to site C via ROUTER B?
is there anything needing added to ROUTER B? -
For the third time in a row, you need to add static routes on B towards A's and C's subnets, otherwise B does not know what to do with that traffic!!
It WILL NOT work the way you are saying
-
For the third time in a row
Ummmmm, that's helpful isn't it??
Just to pull your unhelpful answer up:
1. "For the 3rd time in a row…...". I see 3 replies from you. The 1st stating it looks OK to you, and asking "did it work?" The 2nd stating only about routes on A & C (not B) and the 3rd with a sarcastic reply mentioning static routes on B for the first time!
2. So looking at how you've changed your answers to the above, do you actually know what you are talking about or are you just guessing?So, to any other helpful person out there, do I have to add additional routes into ROUTER B ie ROUTER A & C Lan's as well as the WAN address?
At the moment, ROUTER A can talk to ROUTER C WAN because ROUTER C WAN is in ROUTER B's routing table albeit it at 10.1.1.1/32. Could I expand the subnet on ROUTER B from 10.1.1.1/32 to 10.1.1.1/24 so that clients could be reached on 10.1.1.0/24 via plain routing rather than NAT?
At the moment, I can't see how ROUTER B would know about ROUTER A's LAN (192.168.1.0/24) or ROUTER C's LAN (192.168.2.0/24) without something being entered into ROUTER B eg A & C's LANs.
-
Ok, reading it again I realize I sounded pretty rough… I'm sorry, I apologize. Anyway your first 2 posts don't mention a "C" router.
As I understand, you have 3 routers sharing subnets in pairs so traffic between A and C needs to be redirected through B. If that's the case, you can get routing working between their LANs by adding following rules (assuming site B WAN is X.X.X.X and its LAN is Y.Y.Y.Y/24)
At site A:
Route Y.Y.Y.Y/24 through X.X.X.X
Route 10.0.2.0/24 through X.X.X.X
Route 192.168.2.0/24 through X.X.X.XAt site B:
Route 192.168.1.0/24 through 10.0.1.0
Route 192.168.2.0/24 through 10.0.2.0At site C:
Route Y.Y.Y.Y/24 through X.X.X.X
Route 10.0.1.0/24 through X.X.X.X
Route 192.168.1.0/24 through X.X.X.XThe idea behind static routes is to define networks that are not reachable via your default gateway. Any traffic not intended for your subnet, will be sent to the network's router. It will send it through its own default gateway, unless a static route is specified to send that traffic through another gateway.
The gateway needs to always be set in the same subnet as the interface address, because it is the direct next hop, traffic needs to get there directly. In your example, site A and site C seem to be in the same subnet, but in that case they would be able to communicate directly, so I assume they are not. So, if you want to route through B, you first need B's interface to share 1 subnet with A and probably another interface sharing a subnet with C. Since A and B are within the same subnet, they can add each other as gateways, same for B and C. The rest is about telling the three routers on which "direction" the destination lies.
Note that traffic from A's LAN towards C's LAN will have 3 hops, that's why you would need routes on the 3 devices.
Still, I haven't fully understand what B is about.
Regards!
EDIT: also, if there is any router involved BETWEEN the sites, that router needs the routes for the LANs as well, otherwise it won't work. Of that's the case, you'll need to do NAT
-
Thank you for your response. It is really appreciated.
You have stated what I actually suspected about ROUTER B in that it would need to know about the LAN subnets of ROUTER A & C which it doesn't have at this time.ROUTER B is actually a PE router on an MPLS network. Somebody (I don't know who) supplied ROUTER A & C internal address to the MPLS network provider who then entered this into ROUTER B's routing table.
Hence why ROUTER A can ping ROUTER C and vice versa because ROUTER B has those in it's routing table.
We don't have any direct control over this although we can phone them up and they will adjust it.Anyway, what was once our internal router address on ROUTER A (10.1.1.1/24) has now become the ROUTERS external address with 10.1.1.1/32 and the same has happened with ROUTER C.
Ultimately, we need ROUTER A's old LAN (10.1.1.0/24) to be able to talk to ROUTER C's old LAN (10.1.2.0/24) but the only way I could get both routers to connect to the MPLS network was to specify the internal address of the routers as the external address of the router and then specify a new internal subnet (192.168../24)What I would prefer to do is to leave the internal LAN's (10.1.*.0/24) as they were and allow them to communicate with each other.
However, I'm unsure as to what to ask the MPLS network provider to do with their PE router to make this work as they will charge us to adjust this.I was thinking that if I asked them to adjust the routing table in their PE Router from 10.1.1.1/32 (our ROUTER A) to 10.1.1.1/24 that all traffic destined for 10.1.1.0/24 would flow to that.
eg from ROUTER A (10.1.1.1/24) > ping 10.1.2.24 (client on ROUTER C's network) that it would go to ROUTER B which would then forward it onto ROUTER C (10.1.2.1/24) and then ROUTER C would route it to the client 10.1.2.24Or am I barking up the wrong tree here? I apologise if I sound stupid here but this sort of routing is all new to me as we've previously used NAT & IPSEC