-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert K Coffman Jr - Info From Data Corporation wrote: | Ok, since CPU asked. | | I didn't want to put this on list, because it isn't a Leaf question per se, | however I'm struggling with what to do with this. | | In the simplest terms possible, I have a 4 subnet network, with each subnet | at a different physical location. Location 1 has the internet connection, | and the "core server" (read:Citrix) for all the other locations. | | Internet connectivity is via a proxy server on the location 1 subnet. I | would like to eliminate the proxy, and replace it with Leaf with no proxy. | The problem is, is that this would give anyone in Location 1 two routes off | their network. The connections to the remote subnets are via T1 and they | all connect to location 1 via a Cisco router which has no free connections. | | Must have goals: eliminate proxy server, provide one route off of the | Location 1 subnet. | Would like goals: Avoid having Leaf as failure point between subnet 1 and | the remote subnets. Avoid purchasing a new Cisco router. | | Unfortunately, it seems that my best option would be to put another adapter | in the Leaf router, and renumber subnet 1, so that everything converges at | leaf on the old subnet 1 address. However, since I'm using old commodity | hardware for that task, and internet connectivity is less important to the | business than the connectivity between the locations, I would love to keep | this from becoming a point of failure. | | Any ideas on what to do here? Or have I exhausted my options and I need to | violate one of my "would like" goals? I don't know Cisco, but I suspect if | I did I could make short work of this problem.
If you want one default route for systems on the location 1 network, everything will need to go through either the Cisco or the LEAF box. You indicate business functions (via the Cisco) are more critical than internet connectivity, ergo: everything goes through the Cisco. Now...how do you get internet traffic to the LEAF box. The easy way is to use an additional network tying the Cisco and LEAF box toghether, but you indicate there are no free interfaces on the Cisco. That leaves a few other choices based on what kind of equipment you have. - - Don't buy a new Cisco, just add a new interface. Depending on your box, this may or may not be possible, and may or may not be affordable. - - "Loop" everything through the Cisco, and use NAT (or similar) to forward internet traffic to the LEAF box which is sitting on the location 1 subnet. ~ This is akward, and can potentially cause problems (ICMP redirect traffic, confused clients, etc) if you don't get everything just right. - - Create a "virtual" second network, preferrably using VLAN. IIRC, you can setup Cisco boxes to support VLAN, and if you have (or can buy) a VLAN capable switch: Presto! You get your second (or third, or fourth, or...) ethernet interface on the Cisco box. - - A less preferrable solution (to me, anyway) would be to create a tunnel between the Cisco and the LEAF box (probably GRE) and route the internet traffic down that. Regardless, since by definition you want everything to go through the Cisco, you'll need to put on your Cisco Admin hat and get familiar with IOS, as you're going to have to do some tweaking to the configuration. Despite the rumors, Cisco boxes *DO NOT* run on voodoo! :) - -- Charles Steinkuehler [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFCwW4TLywbqEHdNFwRAlcDAJ9rnbbYaGOgwbJQH6h6wKtA/xEOvQCgnmMr iS6D2YVD53R5GWZGen6bXHE= =37vO -----END PGP SIGNATURE----- ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
