Network Config (was Re: [NBLUG/talk] Changed Network)

Fri Apr 30 13:25:59 PDT 2004

> The idea is to create two seperate networks off the two high speed
> connections. The two networks should be fairly secure from one another.
> Traffic from one 192.168.0 cannot see traffic from 192.168.33.
>
>      Sonic.net
>       |     |
>       |     |
>       |     |       also forwarding nessicary ports
>  Balancing Router (nating 192.168.100) gateway to internet
>      |        |
>      |        | 192.168.100 network
>      |    Router2 (in design only-not there yet)
>      |        \
>      |         \
>      |          ---- 192.168.0 network (agin not there yet)
>      |
>    Router1 192.168.33 network providing nat DHCP (to non servers) and
>      |                        port forwarding
>      |
>     Switch
>     | | | \
>     computers

With no offense intended toward Sonic (who I regard as distinctly
"best-of-breed" among ISP's), whenever I see 2+ links to the outside
I like to place 'em with different carriers so serious errors on one
won't take you offline.  What's the technology on those lines?  T1?

For most purposes, I would expect you could eliminate Router1 & Router2
and place their functions onto the "balancing router" (if it has the
CPU/RAM capacity to handle all the functionality; NAT-PAT stuff can
take a lot of power).  The right "ACLs" or other policies should keep
the networks separate.

If you're feeling the need of security, you've created 2 "DMZ's" with
this 2-layer design (the two segments between the balancing router" and
the "RouterN" routers), and could place your "semi-public" servers
there (I guess the 192.168.100.0/24 net is in use already?  Turning it
into a DMZ may not be viable).

- Steve S.