dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7275
share rss forum feed

bcade

join:2003-01-31
Washington, DC

How to manage two WAN and two ROUTER connections

I have a home LAN served by two ISPs. I used to have a dual WAN router where I could administer all the computers hooked up to both ISPs but throughput was dismal and managing the router was a nightmare. I now have two ASUS RT-N56U routers which are much faster than the old dual WAN router and easier to manage. Problem is I can't administer both routers through one CAT5 connection as I currently have it set up. Is it possible to set up some sort of subnet of a main LAN that could access one WAN connection but not the other but allow me, the admin, to browse and administer all clients on both LANs? Thanks in advance.


Bink
Villains... knock off all that evil

join:2006-05-14
Castle Rock, CO
kudos:4

How do you have this setup today? Care to post a diagram? If you could have an ideal configuration—don’t worry about subnets and other technicalities—what would you want?



hyphenated

@bellsouth.net
reply to bcade

You could manage one via cat5 and the other wifi from a laptop, or something like that. It's not ideal.


bcade

join:2003-01-31
Washington, DC

1 edit
reply to bcade

Click for full size
Network Diagram
This is the current layout of the network, except that the routers feed into separate switches: the Zyxel pictured and a smaller trendnet 4-port switch. I presume I could segregate the networks with the Zyxel GS1510, which is a managed switch. But that is above my pay grade. BTW I'm using the ASUS routers in wired mode only.

Also, I am not looking for load balancing or fail over. I'm simply looking to restrict some of the devices on my network to one isp and other devices to the second ISP, yet still retain the ability to monitor or access each network client from one PC.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to bcade

Dont quite understand what your looking for but here is a post that describes the two isp two router scenario for optimal results...
»2 Gateways 2 ISPs 2 Routers 1 Network


bcade

join:2003-01-31
Washington, DC

Thanks. I'm reading now. This maybe what I'm looking for. Was the port forwarding issue with 2 routers ever resolved?


HELLFIRE
Premium
join:2009-11-25
kudos:18

1 recommendation

reply to bcade

Dumb question, which make / model of dual wan router were you using originally bcade See Profile?

Having the two Asus routers with different gatways and wired thru a single switch is the fastest way
to get this to work, but not necessarily the most elegant. If you can find a (dual wan) router or
managed switch with HSRP or VRRP capabilities, that'd be the right way to do it, bar none.

Regards



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to bcade

said by bcade:

Thanks. I'm reading now. This maybe what I'm looking for. Was the port forwarding issue with 2 routers ever resolved?

Well its been awhile, but port forwarding capability was as you may have noted, was clarified near the end of the thread (what is possible).
By the way the ASUS N56U is a powerhouse consumer router. They put the switch architecture and nat architecture in hardware units separate from the CPU so its fast and can handle a gazillion connections.

bcade

join:2003-01-31
Washington, DC
reply to HELLFIRE

Was using the Draytek Vigor2950. I still use it at work. But it would not terminate client IP access at certain hours of the day or restrict client to certain LAN routes, as I wanted, plus it was slow and had terrible technical support.



s1deout
Geek4Life
Premium
join:2003-12-10
Troy, OH
kudos:2
reply to bcade

Take a PC and put PFSense on it with 2 NIC's. Better than any off the shelf router you are going to find.

This will let you have all the devices on one network and you can load balance across your ISP's or even specify which gateway traffic goes out.

Just google pfsense and you will find the downloads. Any old PC will work for it for the most part.

I know you said you dont want to load balance but why not take advantadge of it?

Plus if you put in 3 NIC's in the box you can seperate your networks and still see them all from one place.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

Pfsense is cheap and flexible-programmable and successfully used by some very swept up folks here - good support. All you need is tinker time etc. If you want a plugNplay for those requirements a Zyxel USG200 or USG300 will do you fine. Best of all techsupport is free and its in the US (not a call centre). There are many other fine business class routers but they cost way more in the long run.


switchman

join:1999-11-06

2 edits
reply to bcade

I am looking to get an edgerouter in the future. This would probably do exactly what you are looking for. It is based on the "Vyatta " software. Note you will need some knowledge on how to set it up. They just released them and they are hard to get. Current price is $99.

Datasheet: »www.ubnt.com/downloads/datasheet···e_DS.pdf

»www.ubnt.com/download#doc:EdgeRouter:Lite

Wiki: »wiki.ubnt.com/EdgeMAX_Wiki

Discussion here
»forum.ubnt.com/forumdisplay.php?···1a1&f=84


Bink
Villains... knock off all that evil

join:2006-05-14
Castle Rock, CO
kudos:4

1000000pps. Nice.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to bcade

Tres cool switchman those do look interesting.


ClearToLand

join:2002-12-20
South Plainfield, NJ
Reviews:
·Comcast
·Verizon FiOS
reply to Anav

said by Anav:

Dont quite understand what your looking for but here is a post that describes the two isp two router scenario for optimal results...
»2 Gateways 2 ISPs 2 Routers 1 Network

Good memory Anav!

Although bcade's Managed Switch and Patch Panel are above my skill level, compared to BR1GAND's 2008 diagram, I do recommend connecting ONE LAN Port of each Router to a Switch and leaving the rest unused. My logic is that since I've upgraded my LAN 'backbone' to Gigabit, I want to keep all 'Internal' LAN traffic away from my older 10/100Mbps Router (gave up the DSL) such that only 'External / Internet-Bound' traffic reaches it.

With several legacy 100Mbps devices still in service in 4 rooms (Media Streamers, ReplayTVs, Print Servers), I also run separate 10/100Mbps switches off 1 port of the Gigabit switches so that they can communicate with each other without 'wasting' multiple Gigabit ports.

When both tuners in 2 SiliconDust HDHR3-US units are feeding 4 channels to my Vista HTPC using WMC, ~60Mbps is only consuming ~6% of the available 1Gbps bandwidth according to Task Manager.
--
The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. --George Bernard Shaw (1856 - 1950) LM

ClearToLand

join:2002-12-20
South Plainfield, NJ
Reviews:
·Comcast
·Verizon FiOS
reply to bcade

said by bcade:

I have a home LAN served by two ISPs. I used to have a dual WAN router where I could administer all the computers hooked up to both ISPs... ...Problem is I can't administer both routers through one CAT5 connection as I currently have it set up. Is it possible...

I feel as if I'm missing something here since no one else has else posted my 2008 solution - I assigned the Cable Router to 192.168.0.254 and the DSL Router to 192.168.0.252. The DHCP Server was enabled on the Cable Router and Disabled on the DSL Router. But, I use MAC-to-IP mapping and Manual IP Configuration for all of my devices so I really only need a DHCP Server when I plug in something 'Brand New' that needs an 'Initial IP' so that I can get to its Setup screen and assign it an IP of my choosing.

As I stated in my previous post, I have no experience with Managed Switches and Patch Panels but my solution worked fine with an Unmanaged Switch.

I also have no experience with your Router - 10/100 or 10/100/1000. Even if it's 1Gbps, if you have available ports on the Switch, I'd use them first, just to keep the load on the Router as low as possible.
--
The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. --George Bernard Shaw (1856 - 1950) LM

ClearToLand

join:2002-12-20
South Plainfield, NJ
Reviews:
·Comcast
·Verizon FiOS
reply to bcade

said by bcade:

...Was the port forwarding issue with 2 routers ever resolved?

Both Routers were actually running DD-WRT and had identical Port Forwarding set up for my ReplayTVs. But, only ONE was enabled at a time. And, the Gateways on the ReplayTVs had to changed manually.

If you view your WAN IP as your Street Name, your Port becomes your House Number which cannot be duplicated. With both Routers on one subnet, the Street Name is the same.

IME, the best way to learn how these things work is to start out small, get that working, then gradually add devices.
--
The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. --George Bernard Shaw (1856 - 1950) LM

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to bcade

said by bcade:

But it would not terminate client IP access at certain hours of the day or restrict client to certain LAN routes

Gee... not much to ask of a home piece of network gear, now is that?

There's also a FAQ item about dual wan routers available on the market that you may want to look at.
For that level of control though, you're definately looking into the prosumer / enterprise arena off the
top of my head.

@switchman
Thanks for the pointers to that gear, got a price sheet for that stuff? It just may end up giving Anav's
Zyxel recommendations a run for their money.

Regards

switchman

join:1999-11-06

2 edits

said by HELLFIRE:

@switchman
Thanks for the pointers to that gear, got a price sheet for that stuff? It just may end up giving Anav's
Zyxel recommendations a run for their money.
Regards

The 3 port edgerouter lite that I linked to is $99 USD. No pricing yet on the larger routers they will be releasing later this year.

Go to »www.ubnt.com/purchase an find a reseller that you can purchse them through.

I want two intally, possibly four total, that I can run either openVPN or IPSec over. I also want a high throughput and support IPv6 for future proofing. I hate buying routers after 1 or 2 years use.

I currently have a pair of ASUS RT-N16 running PPTP. There is not enought memory to run open VPN, 4k base memory that DD-WRT has, When you use the newer firmware load with the GUI provisioning screen. I could never get the older firmware version to run open VPN.

I do want to point out these are not targeted as a home router, how many home routers support BGP or OSPF routing. As such, they don't hold you hand to set them up like a consumer based router does. As this is R1 of the software, it appears you still have to set some things up via the command line. I am sure future release sill make it better. You may want to look at the Wiki or donload the documentation from the links I posted above.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

Ha, as soon as you said command line, I think hellfire popped a woody. Seriously, be really interested in all your results with that unit.


Bink
Villains... knock off all that evil

join:2006-05-14
Castle Rock, CO
kudos:4

1 edit

Can you blame him? One million PPS, CLI AND a hundred bucks?! WIN WIN WIN!



clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7
Reviews:
·TekSavvy DSL
reply to switchman

said by switchman:

I want two intally, possibly four total, that I can run either openVPN or IPSec over. I also want a high throughput and support IPv6 for future proofing.

I placed an order for one of these today. I know they're back-ordered everywhere, so I'm not holding my breath.

On the topic of ipv6 and vpn though, I read today that some of these will not take advantage of the hardware acceleration in the ERL, so one must temper one's expectations. I don't doubt it's going to be another great little tool from the folks at UBNT.

»forum.ubnt.com/showthread.php?t=68185
--
db


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

It would appear these boxes are a work in progress and will take some tweaking. Not a plugNplay solution but more of a fixed pfsense in a box solution but without the flexibility or upgradeability. In others halfway to nowhere. HIgher cost, as much time to fart and fiddle with and at the end of the day...mehhhh

Just my totally wrong impression from reading that link



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

1 recommendation

reply to bcade

Review at Smallnetbuilder....
»www.smallnetbuilder.com/lanwan/l···ter-lite

Recognizing the development state its in, and the work invoived SNB has even put out a get started help article.
»www.smallnetbuilder.com/lanwan/l···ter-lite
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment



clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7
Reviews:
·TekSavvy DSL
reply to Anav

Compared to pfsense, I like that the ERL has hardware accelerated routing, and a Linux base (I have nothing against FreeBSD, but I'm much handier with Linux). At $99 it's also more affordable than anything comparable that you could run pfsense on.

Pfsense on the other hand, appears to have a much more mature UI, such that the command line is unnecessary for most end users. It has more features than the ERL (even given the expanded ERL featureset available through the CLI), and a better user community in my opinion. Best of all, pfsense is entirely free software, while Edgemax is not.

All things considered, I won't be abandoning pfsense any time soon, but I do think the ERL is interesting for some scenarios.
--
db


switchman

join:1999-11-06

said by clarknova:

Best of all, pfsense is entirely free software, while Edgemax is not.

This is not a valid comparison. Edgmax is not a software product it is a hardware solution running software, so not a fair comparison. Show me a $99 piece of hardware that I can place the free pfsence software on with similar specs, then it is a fair comparison.

As far as the other points, I do agree.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to bcade

Well with past experience of certain routers being sold, I really couldnt say with a straight fact that its deplorable edimax is basically developing prototypes or at least beta testing through sales of their product.



clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7
Reviews:
·TekSavvy DSL

said by Anav:

edimax is basically developing prototypes or at least beta testing through sales of their product.

Fairly standard practice in many arenas these days. I respect Ubiquiti for acknowledging the community as an important part of their product development and marketing (which they did in their IPO documents).
--
db


clarknova

join:2010-02-23
Grande Prairie, AB
kudos:7
Reviews:
·TekSavvy DSL
reply to switchman

said by switchman:

This is not a valid comparison.

You're right in that it's not entirely valid. Edgemax is software, ERL is hardware, and neither is particularly useful without the other at present.

pfsense is purely software, and entirely dependent on x86 hardware to provide any kind of end-user satisfaction.

My attempted comparison, if only implied, was between the specific pairing of EM with ERL, versus pfsense with any reasonably available x86 hardware. I think Edgemax vs pfsense is a reasonably fair comparison.

ERL vs the whole family of x86 hardware is a different animal, but still interesting when looking at specific applications. At the low end (cost and footprint), the ERL appears to be a real winner against x86. At the high end, ERL's acceleration functions give it quite an impressive reach, but the ceiling is nevertheless somewhat lower than what x86 can achieve with good software. I expect ER Pro and ER Carrier will address this gap.
--
db

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to bcade

said by switchman:

The 3 port edgerouter lite that I linked to is $99 USD.

said by Anav:

Ha, as soon as you said command line, I think hellfire popped a woody. ;-)

said by Bink:

Can you blame him? One million PPS, CLI AND a hundred bucks?! WIN WIN WIN!

SmallNetBuilder's Throughput Test Results
Ubiquiti ERL
WAN - LAN 822 
LAN - WAN 773 
Total Simultaneous 1307 
Maximum Simultaneous Connections 29354
Firmware Version 1.0.2
 

....can ANY network geek at heart be blamed for popping one at this point?

Sucks that availability's not so good... wonder if I have any spare cash lying around to pick one up myself.

Regards