Multiple gateways??? Redundant connection suggestions.

Patrick pert at tas-kc.com
Thu Mar 4 23:49:04 CST 2004 

Ok I guess that was confusing. I do not have my own ASN and thus I do 
not have my own Public network. Instead I have 2 public network address 
spaces owned by 2 different ISP's .

+--------+    +-------+
| ISP 1  |    | ISP 2 |
+--------+    +-------+
   |             |
   |             |
+--+-------------+---+
|My DMZ Network 5 PCs|
+---------+----------+
          |
   +------+---+
   |PIX       |
   +-----+----+
         |
      Internal Net

Do I put 2 gateways on my DMZ PC's and the PIX
Do I put a linux box with a nic for each gateway and the DMZ
Do I put 2 IP nets on the same physical net (DMZ both 192.168.1.0 and 
192.168.2.0)
Do I just set 1/2 the systems to ISP 1 and the other to ISP 2

Brian Densmore wrote:

>>-----Original Message-----
>>From:	Patrick
>>Subject:	Multiple gateways??? Redundant connection suggestions.
>>
>>Hi, I am trying to figure out how to deal with multiple net connections. 
>>I do not have my own network, so I have two different networks.
>>
>Ok, that's confusing.
>
>
>>My network is comprised of W2k & Linux
>>I am thinking of  just putting them both on the same private network, 
>>but will I need a psudo gateway i.e. a linux box with 3 nics: one to 
>>each gateway, and a 3rd to the local net? Or put both gateways in under 
>>each systems IP/route settings. Or give each system 2 lan addresses and 
>>two gateways. Or setup 1/2 the pc's on one gateway, and the other on the 
>>2nd gateway.
>>
>>I know both routers (Caymen, and a Netopia 7200) have a RIP setting, but 
>>I am sure that is for the public side not the internal side.
>>
>>Bacicly this if for my DMZ I have 5 pc's/servers and a pix to my 
>>internal net  that will be looking at these two gateways.
>>
>
>Not sure I understand from this what you are wanting to do. But, I'm going to give it a shot 
anyway. This is the way I read it
>
>You have 5 pcs, 2 routers and a pix firewall.
>You have one network on 1 router and 1 network on the other router
>(stop me anytime I get something wrong) and both networks are isolated.
>At least one network is connected to the pix firewall?
>
>You want to connect these two networks and add a third network.
>
>There are so many possible configurations here it's not funny.
>One solution would be to add a nic to each of the two gateways
>thus creating the third network and connecting the two networks.
>This would make two network two hops away from each other and one
>network one hop away from the other two. 
>
>Another would be as you suggested is to add a third gateway with three nics
>connected to both existing gateways and a new switch that connects your third
>network. The advantage to this solution would be the new linux gateway could
>be used to restrict traffic between the existing two networks easier. This way
>your new network would be one hop away from the existing ones and the existing ones would be 2 
hops away from each other (unless they are already connected somehow). 
>
>You might also want to create a master DNS server.
>
>HTH,
>Brian
>

More information about the Kclug mailing list