Network topology conundrum help please



  • Hello All,

    Current Scheme:
    –------------------------------------------------------------------------------------------------------------
    School A  =  smalltown a
    School B  =  smalltown b
    School C  = smalltown  c

    8 mile triangle between the three school buildings which are located in smalltown(s) USA.

    Our school is going to do a  build out of an EBS network EBS = Educational Broadband Spectrum  2.5 ghz

    Current Network Setup:

    Main school A has a pfSense1.2.3-RELASE box that is IPsec VPN to School B which also Has an pfSense1.2.3-RELASE box. School A has two ISP connections which are running in load balance, failover.  -- subnet 172.28.8.x
    School B has two ISP connections as well                                                       -- subnet 192.168.1.x

    School C receives it's internet access via a current wirless connection 2.4 ghz which is simply running in bridge mode from School B
    School C has no router located inside it.  It receives dhcp from School B  -- subnet 192.168.1.x

    Buildout overview:

    School A will be running the "base" 2.5 ghz radio
    School A will have yet another new ISP connection supplied for this EBS connection.
    School(s) B and C will simply be running one of the new 2.5 ghz radios in CPE mode.

    I am sure I will need to drop in an router pfSense1.2.3-RELEASE ,,,at school C to make routes avaliable to workstations.

    Will I be able to run parallel  bridges( current and future setup) between School A, B , & C ?  without taking down the current vpn,,, School, A to School B ,,,and bridge setup,,,,from School B to School C  as it is now?
    I am thinking this will create an loop...some were?

    Anyone have ideas on this?

    Thank You,
    Barry



  • this sounds like the type of project that will need lots of testing and a solid fail back option.

    if you were running your PFS  on vm's, you could leave your current PFS firewalls intact but you would need to overlap your ISP durations if a change is involved.

    then you can test your new configurations during off hours on the new PFS setups and you could always just swap the cables back the current setup
    if needed for fail back.

    I would get A to B solid and reliable and then tackle B to C.

    not sure I answered any of your questions but this sounds like a fun project with lots of opportunity to improve school c's link up.  Good Luck.



  • @brcisna:

    Will I be able to run parallel  bridges( current and future setup) between School A, B , & C ?  without taking down the current vpn,,, School, A to School B ,,,and bridge setup,,,,from School B to School C  as it is now?

    If I understand you correctly then the answer is no. If you bridge A, B, and C together then you now have two DHCP servers active on the same broadcast domain (routers A and B), giving out leases for two different networks. Example LAN host 1 (could be at any of your locations) will get a lease from DHCP server A and get routed that way, LAN host 2 will get a lease from server B and get routed that way. LAN hosts 1 and 2, if they try to talk to each other will do so through the VPN.

    The most obvious way to directly connect locations A, B and C without giving up the existing internet connections and vpn is to place a router at each location. That router will serve as gateway for all local hosts, and you will have a dhcp server on site (pfsense or otherwise).

    It's generally better to route large or outdoor wireless networks rather than bridge anyway. This prevents broadcasts from propagating across every link, and helps to contain or avoid layer 2 issues such as broadcast storms and other DOS conditions.

    Are you planning to keep the wireless connection between B and C, creating a triangle where each location has a direct wireless link to both of the other schools? There are advantages to that, such as load balancing and redundancy.


Log in to reply