Community discussions

MikroTik App
 
zizobaddy
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Mon Sep 13, 2010 10:13 am
Location: Osogbo
Contact:

Wide Area Networking

Fri Mar 14, 2014 11:27 am

Hi All

Please i am trying to achieve the image below
Ncc Visio.jpg
Site 1: Is in New York for example.
Its the backbone for their network controls all other 3 sites in terms of services and currently use ABC as their ISP (with public IP)
41.xxx.xxx.xx9
Site 2: Is in Atlanta
It serves as a backup to site 1 (123 is The ISP (Public ip is given))
197.xxx.xxx.123
Site 3: Is in California
Its a client site controlled by site 1 (123 is The ISP (Public ip is given))
197.xxx.yyy.206
Site 4: Is in WDC
Its a client site controlled by site 1 (xyz is The ISP (Public ip is given))
170.xxx.xxx.xx3

Please i intend to connect all 3 sites together

I suggest VPN from the mikrotik router please how do i go about this

Is there any better alternative than VPN?

Please assist
You do not have the required permissions to view the files attached to this post.
 
JanezFord
Member Candidate
Member Candidate
Posts: 269
Joined: Wed May 23, 2012 10:58 am

Re: Wide Area Networking

Sat Mar 15, 2014 11:17 am

Hello,

this seem like a normal VPN setup, nothing complicated, but I don't seem to understand what kind of control would you like do with site3 and site4 that would involve site1. All of those 4 sites have their own access to internet, right? ... so each of them has their own firewall and qos to control access and data rates for upload/download applications (real time communications on your image) ....

your steps would be:

1. make sure all of your sites have different local subnets, for example 192.168.10.x for site1, 192.168.20.x for site2, etc
2. configure VPN between all 4 sites (transport mode, not tunnel mode!)
3. make eoip (or gre, ipip, ...) tunnels interconecting all of your 4 sites and assign them addresses on both ends, like 172.16.10.1/30 and 172.16.10.2/30 for one eoip. - each site will have 3 tunnels if you want complete direct interconectivity.
4. set up routing (static or dynamic like ospf) on your tunnels .
5. write your own firewall rules to restrict/control access between sites.
6. write your own qus rules to control datarates between sites.
7. test and improve (MTU settings, QoS priorities, local DNS, ...)

JF.
 
Petzl
Member Candidate
Member Candidate
Posts: 214
Joined: Sun Jun 30, 2013 12:14 pm

Re: Wide Area Networking

Sat Mar 15, 2014 7:31 pm

you can also put a VPN server in a data centre for more performance ....
 
User avatar
radiotek
just joined
Posts: 4
Joined: Fri Jun 20, 2014 5:16 pm

Re: Wide Area Networking

Fri Jun 20, 2014 5:34 pm

Hi

I'm a newbie when it comes to MikroTiks so please be gentle!

I am building a private WAN similar to zizobaddy - initially 3 sites connected over the internet with IPIP tunnels between them.

I have 3 RT2011's connected in my lab - Site A has two tunnels, (1) Site A to Site B, and (2) Site A to Site C - and vice versa, B to A and C to A.

With static routes in place I can ping:

A to B
A to C
B to A
C to A
but not B to C

My questions are:

(1) Do I need to setup a full mesh with another IPIP tunnel from B to C or can I implement dynamic routing to go from B to C via A ?

(2) As the network gets larger static routes will be painful to setup - does OSPF work with IPIP, if not, what alternatives do I have ?


Thanks in advance.

RadioTek
 
zizobaddy
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Mon Sep 13, 2010 10:13 am
Location: Osogbo
Contact:

Re: Wide Area Networking

Sun Jul 06, 2014 8:32 pm

Hi

I will let you know when im done setting up

As for B - C please do this static route

e.g

A = 10.0.0.1/24

B = 11.0.0.1/24

C = 12.0.0.1/24

B
ip route= destination= 12.0.0.0/24 gateway= 10.0.0.1 preferd src= 11.0.0.1

This will work

Who is online

Users browsing this forum: astelsrl, CGGXANNX, en1gm4, eworm, h3x00r, Kanzler and 87 guests