'Separating' a Network

JRayfield · August 19, 2014, 5:48pm

I have a requirement for an unusual system configuration and I think the RB2011iL will work. I’m new to these routers, so please bear with me.

I have network (10.0.0.x) in building A, for an IP phone system, that is fed from a cable modem through a Netgear router.

A second network (192.168.1.x) exists in building B, for various computers, and is fed from a T1 through a router.

The two physical networks are connected together over a wireless PTP link (Radwin). So, both networks are on the same physical ethernet cabling. Devices on the 10.0.0.x network access the internet through the Netgear router in building A and devices on the 192.168.1.x network access the internet through the router in building B.

This is all fine and works well. The Radwin wireless link is set up on 10.0.0.x network for management access, however, it passes everything through as if it’s just a long ethernet cable (or fiber cable). There are no VLANS on this network.

What I need to do is use the internet connection in building B for a backup to the internet connection in building A.

Using an RB2011iL, set up with dual-WAN failover and located in building A, is the easy part (I think). The WAN-2 port would be set up to ‘see’ the router in building B as a gateway to the second internet connection. I would be double-natting here, but it would give me my backup connection.

The problem is, figuring out how to connect the WAN-2 port to the network and not create a ‘loop’, since the wireless connection carries both networks (10.0.0.x and 192.168.1.x).

So, I’m thinking that I need a way to ‘split’ the two networks at the wireless link, on the building A side.

Port 1 - WAN-1 (Internet Feed from Cable Modem)
Port 2 - WAN-2 (Internet Feed T1 (carried over Wireless Link from building B)
Port 3, 4 - LAN (10.0.0.x)

Port 8 - 10.0.0.x Network
Port 9 - 192.168.1.x Network
Port 10 - Connection to Wireless Link (carries both networks)

This would keep the two networks isolated in building A, so that the WAN-2 port could be connected to Port 6 and be isolated from the 10.0.0.x network in building A.

In effect, the router would need to route traffic for anything on the 10.0.0.x network, to Port 8 and traffic for anything on the 192.168.1.x network, to Port 9.

10.0.0.x >-----------|
|--------> Wireless Link (carries both 10.0.0.x and 192.168.1.x network traffic)
192.168.1.x >-----------|

Is it possible to do this with an RB2011iL?

John Rayfield, Jr.

jarda · August 20, 2014, 7:15am

Hi,
have you seen this?
http://wiki.mikrotik.com/wiki/User/Mutual_internet_backup_between_two_small_ISP

I am running something similar (but on bridge - will change from bridging to routing soon) at one site having two omnitiks in wds mode both routing to their own wans for their own dhcp clients. One router have 1 wan, second have 2 wans. First routes to its wan, if internet is not accessible, it switches routing to the second router. Second router routes to his first wan, then if it fails to the second wan and when no attached wans leads to internet, then it routes to the first router.

This applies for “default routes”, there are also some static routes as some resources of wan networks should be accessible for both parts of networks. And for all this are two omnitiks enough.

Of course, directional ptp bridge between would be better than wds, but there is very small and rare traffic so there would be no return of such investment.

If I understand well, you want to transfer both wans to one place, there decide what to do and part of traffic send back. I do not know what are the possibilities of actual routers you have there, but at worse you can use two mikrotik routers at both sides with link between for mutual backup and site-to-site traffic. And it provides each site autonomy - works even the second site is off. Your idea leads to dependency - one site will not have any internet access when the second is down.

Double natting is not necessary in this case. Natting only on wan ports, all internal ports can be bridged/routed without nat.

JRayfield · August 20, 2014, 8:43pm

That might work. I actually only need the failover in ‘one direction’ right now, but we did intend on setting it up the other ‘direction’, too.

I’ll study over this and may have more questions later.

Thanks!

John Rayfield, Jr.

jarda · August 26, 2014, 11:23am

Share your experience if you succeeded or if you selected another way…

JRayfield · September 2, 2014, 1:52am

After looking over the document referenced, I don’t think that’s exactly what I need. It’s close, but not quite.

Here’s a drawing that shows the current configuration of the system/network.

Basically, I need to get the WAN2 port on the RB2011iL connected to the Internet connection at the Courthouse, through the Wireless Bridge (which also carries traffic from the phones at the Courthouse, back to the 3CX Server and the rest of the phone system at the Sheriff’s Office).
Vernon County 3CX System - Dual Wan Config 08-18-14.pdf (297 KB)

jarda · September 2, 2014, 4:21am

Well, then focus on the vlan functionality. This could be your solution.

JRayfield · September 2, 2014, 12:34pm

I’ve been wondering if using VLANs would be the answer. I’m not real familiar with using VLANS, so I need to read up more on setting them up.

John

StubArea51 · September 2, 2014, 9:52pm

Would definitely look into using VLANs since you have voice traffic that needs to be segregated…also might want to consider routing traffic between the building instead of bridging to avoid L2 loops.

webjou · September 3, 2014, 7:37am

This applies for “default routes”, there are also some static routes as some resources of wan networks should be accessible for both parts of networks. And for all this are two omnitiks enough.

http://www.webjou.com