I have a question regarding connecting two or more router and forward traffic between them.
Both of them have their own wan connection and a lan side. I want it to be the cleanest and smartest way.
Method A
2nd router is part of 1st router’s lan … I don’t like this for bidirectional use, will have to src-nat one side and so on
Method B
Conventional method everyone is suggesting: connect the 2 routers over let’s say eth5 which is not part of the lan bridge, give the connection a own ip range and define routes on both sides to route lan traffic. … I’m ok with this but what i don’t like is that there are a number of “dead” ip nets with the only purpose to route traffic. On two routes it’s ok but if you have 3+ then it get’s messy
Method C
A while ago I came across a method which looks like this:
Both Routers have eth1=wan, eth2+3+4=lan, eth5=connection to other router
Router 1:
I like this alot because it’s cleaner and there aren’t any subnets which do nothing other than connecting the routers.
I can’t exactly remember the name of this config, maybe something like unnumbered ip or /32 connection…
Is there another possibility or a smarter way for this and is method C a good way (nobody mentions it but anyway …)?
I would suggest to use Method B.
But the IPs must be in the same network at both sides, ie. one say has .254 and the other .253. Ie. in the same broadcast domain.
3+ routers you would connect together in series (much like the first 2) and in the same one network, not parallel
BUT: of course with 3+ routers you then have to use a cheap unmanaged (dumb) switch to connect the routers to.
Such an 8+ port Gigabit switch costs new about $15, check for example TP-Link TL-SG1008D.
At ebay you can get them even cheaper as used devices.
Just to be clear all the routers are connectable over direct ethernet links (dont need to use WAN connections to link routers).
Each router has its own WAN connection.
Each router has its own DHCP service.
What is the purpose of connecting the routers together,
what are the use cases??
I gather this circumvents the use of IPSEC over the public internet but you still need legal separation between the routers?
(otherwise, you could make one router in charge of everything and have the other two routers just feed in two more wan connections)
Method C is great and mimicks serial point-to-point connection while using ethernet. I guess the reason for not being used much is that one has to (manually) set another address pair (to the same interface) for any additional peer. If one uses usual subnet, then one only needs to add additional routes (which can actually happen automatically if some routing protocol, such as OSPF or BGP, is used).
Method C is nice for another reason: when doing traceroute, it’ll show symmetrical route when run from the other end, other methods of configuring routing will show different IP addresses.
@anav, ever heard of peer networks? The ones with direct connection for traffic between members, the rest of traffic going through own breakouts …
thats completely out of context because you would use this if you want to tunnel over internet. I use this all the time (ipsec over gre/ipip or only ipsec doesn’t matter) but in a specific scenario the wan speed wasn’t nearly sufficient to accomplish certain services so luckily we were able to establish a 200mbps wireless connection between the to sites and so the question arose
I still would prefer using an intermediate unmanaged switch as it simplifies the setup.
Router ports are normally intended to be attached to a switch, to which the end user devices get attached.
But in home environments with just one client one usually connects the end user device directly to the router.
@mkx thank you that anyone knows method C I’m searching the net for hours and sadly I can’t find the name of it …
Here is an example what I use for a customer (Method B and instead a local cable link I use IPIP/Ipsec tunneling which are also interfaces so it works the same way) https://pasteboard.co/JcUjIOr.png
It’s a common method but what I dislike about it is that there are useless tunnel subnets and I don’t want to define or see those nets in my router config.
Sure it’s personal preference but I like this serial point to point thing alot better, also when tracerouting etc the mentioned symetry is a thing!
Sure you can use GRE with Ipsec over WAN (no need to use it on LAN) but you end up with another interface and you have to choose how you wan’t to route traffic over it, see my previous post
Okay what I get out of it is that the eth5 network holds no devices its just a routing path from the subnet on R1 and R2.
Such that users on R1 bridgelan can reach users on R2 bridgelan and vice versa.
Let’s put it this way: usual IP addressing (using normal subnets) such as: address X.Y.Z.W/24 (or whatever subnet mask) network X.Y.Z.0 (or whatever apptopriate network address) sets device an implicit route: packet to any address within network defined by network address and netmask can be sent directly through corresponding interface (don’t try to figure exact mechanizm of delivering packet, that’s not important at this level). There can be awfully lots of implied defaults (such as network address deducted from interface address and netmask), but those might be set explicitly.
Now what does mean setting: address X.Y.Z.W/32 network A.B.C.D?
Yup: packet to any address within “network” A.B.C.D/32 (due to netmask 32 that’s single remote address actually) can be sent directly through corresponding device. Interface’s own L3 address doesn’t matter at this point, it’s important only for reverse traffic.
Re. the third router: on R1 add second IP address such as
/ip address add interface=ether5 address=192.168.1.254/32 network=192.168.3.254
I’m searching the net for hours and sadly I can’t find the name of it …