Up a creek and need some design

[Mark440]

I am literally up the creek right now...and I need all the help I can to fish this out of the tank.

I have two ISP providers. One is providing a single T1 1.5M. They will terminate into their router and provide the standard ethernet handoff. ISP#2 is pulling in two T1 1.5's and binding at their router - and again with the standard ether net handoff.

ISP#1 has been in place for some time now, while ISP#2 is being added.

The "internal" equipment consists of a Procurve 7102 router and a Procurve 2810-24g switch, and an ISS Intrusion Detection System(IDS). The internal network is divided into two VLAN's with zero cross talk allowed.

I've considered trying to create two parallel networks by taking ISP#2 into the IDS - and then on to some Dlinks (unmanaged) for VLAN#2.

The other side would pretty much remain just as it is - of course without the IDS system. I'm ok with that as the router has firewall.

I am wide open to suggestions, concoctions, ideas - whatever. The really bad part is virtually ZERO budget for any additional hardware. (It's a very lng story and the reason I ended up with the task!)

HELP!!!

 

[airdata]

Hey Mark,

How many computers are on the network? What was the reasoning behind adding the new isp?

 

[Mark440]

There are probably 40-50 machines on VLAN2 - either wired or wireless.

Initially - they wanted to up the bandwidth to 4.5 due to the internet access load. But - when they went with a different vendor - well, the original vendor isn't going to allow any binding to their line. And to seal my fate - they signed three year contracts.

Hence - I have these two separate lines for one network - and trying to figure out how to get the most out of all. The parallel scenario is the only thing I can come up with.

I am - by no stretch of the imagination - a network guy. The task fell to me when the previous tech was relieved of his command on the project. Now I am scrambling to figure out a solution.

 

[bobdole369]

http://ftp.hp.com/pub/networking/software/ProCurve-SR-7102dl-Quick-Start-Guide.pdf

What is plugged in where on the 7102?

Where does teh IDS come into play?

Most importantly, what are your primary goals.

 

[Emulex]

get xincom or edimax dual wan router and go to town . $100-200 bux.

you won't aggregate bandwidth but you can some redundancy and failover.

 

[drebo]

Policy-based routing. Route some hosts over the 1.5m link and other hosts over the 3.0m link. If you have servers that were previously accessible from the 1.5mb link that need to remain on those public IPs, then you can route that information out that link, and everything else out the 3.0mb link. Or split it up however else you want.

 

[notposting]

Don't forget to pour salt into the coffee of whoever signed 3 year agreements, especially on the 2nd ISP. At that point you may as well have gone with a "Business Class" (lol) cable connection at a much higher speed and still had the T1 as a emergency backup. The $500+ per month savings would've bought a nice load balancing router at that point.

Lots of salt.

 

[Emulex]

see the edimaxus dual wan router or xincom or hotbrick or every other chinese brand.

they will do the trick and the lowest end models $50-150 used-new handle 75mbps easy without any fancy rules and with nat. in bridged mode probably more.

do not use the cisco smb junk. or cisco routers "CER" it sucks.

these devices use a combo of http (to a CDN or endpoint) and ping to drop route.

also a *bsd router can have multiple default gateways and bind application ports to default ports then ping/http test and if it fails you remove the route for a period of time until the check passes.

you have to bind smtp/ssl to a specific route (which changes when the link goes down) and then you push other traffic like aim/ftp/http to the bigger link.

i've been using a xincom for ages. AD handles dns+dhcp.

http://www.amazon.com/gp/search/104...ded&field-keywords=xincom&Go.x=0&Go.y=0&Go=Go

avoid linksys/d-link/cisco for static route CER - its that bad.

 

[theevilsharpie]

I am wide open to suggestions, concoctions, ideas - whatever. The really bad part is virtually ZERO budget for any additional hardware. (It's a very lng story and the reason I ended up with the task!)

HELP!!!

Based on your posts, I assume that you want to utilize two T1 services provided to you via Ethernet to service two separate VLANs that are not allowed to communicate with each other. If that's correct, you can accomplish this with your current equipment, but the load balancing won't be ideal.

I'm assuming that your ProCurve 7102 router only has two Ethernet interfaces, and that one is used for your WAN connection and one for your LAN. In this case, you'll need to connect your two T1 services into a switch (managed, preferably, but unmanaged will suffice), and then connect one of your router's Ethernet interfaces to this switch. You'll then need to create subinterfaces on that Ethernet interface on your router to establish IP connectivity to your ISP-provided routers.

You can then perform rudimentary load balancing across connections by using the load sharing feature on the ProCurve router. Load sharing evenly distributes traffic across multiple routes. Since one of your T1 providers is bonding two T1 connection, this will present a problem, as your router cannot effectively load balance across connections of unlike speed. Even though you are locked into a contract with your new provider, you may still be able convince them to change the provisioning so that the two T1's are delivered as individual connections than as a single bonded connection.

Bear in mind that even with your current configuration, a single machine will only have 3Mb of bandwidth at any given time. If you split your bonded T1 pair, a single machine will only have 1.5Mb. By load balancing, you will simply be able to allow more machines to download at 3Mb (or 1.5Mb) such that you aggregate throughput is increased to 4.5Mb. If your management is expecting 4.5Mb to be available to any computer, the only way to achieve this is to order another T1 from ISP #2, have them bond all three on their router, and terminate the contract with ISP #1.

Edit: All of the configuration recommendations I gave in my post are covered in the Basic Management and Configuration Guide for your router, which you can find here.

 

[Mark440]

Sharpie,

Your response is right on, and will definitely work to smooth out the problem - at least for the next 3 years.

Many, many thanks for the info and the link.