pavement

Network Configuration (Advanced)

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
(Simple Networking =)
Line 2: Line 2:
  
 
= Introduction =
 
= Introduction =
== Simple Networking ===
+
== Simple Networking ==
 
A home network or a small office LAN will typically have one subnet and a single router with which to connect to the internet.  This router is referred to as the 'default gateway' since any IP addresses not local to the LAN is sent to it for routing onto the appropriate destination.  This setup is fairly straight-forward and most configuration for this type of network can be done from [[Network Configuration (Simple)|this guide]].
 
A home network or a small office LAN will typically have one subnet and a single router with which to connect to the internet.  This router is referred to as the 'default gateway' since any IP addresses not local to the LAN is sent to it for routing onto the appropriate destination.  This setup is fairly straight-forward and most configuration for this type of network can be done from [[Network Configuration (Simple)|this guide]].
  

Revision as of 15:51, 15 September 2007

This page contains examples of advanced network configurations. Many of these may be useful in corporate networked environments where more complex network configurations are used.

Contents

Introduction

Simple Networking

A home network or a small office LAN will typically have one subnet and a single router with which to connect to the internet. This router is referred to as the 'default gateway' since any IP addresses not local to the LAN is sent to it for routing onto the appropriate destination. This setup is fairly straight-forward and most configuration for this type of network can be done from this guide.

Note: the configuration name for the 'default gateway' is 'defaultrouter' within the rc.conf file.

Advanced Networking

In contrast to this simplicity a larger organization will have multiple offices, spanning cities or whole jurisdictions. These offices will each have a LAN that has a different subnet and connect to at least one other office using wide-area network (WAN) links.

A WAN link connects to an office using a router and it is possible for an office to have more then one connecting to it. This is typically within the 'head office' that plays a central role to the other (possibly smaller 'branch' or 'satellite') offices.

Static Routing

In the Simple Networking example above any IP traffic that does not belong to the subnet is sent to the same router address which is known as the default gateway and it is typically attached to an internet connection. In the Advanced Networking example IP traffic that does not belong to the subnet may need to be sent to another subnet via a WAN link instead of the default gateway which would send it to the internet.

This process is called static routing, where a known network subnet can be reached through a specific WAN link.

Each network-attached system is configured with the subnet of another office and the local router address that connects to the WAN for the remote office.

Example Scenario

An offshore financial institution operates across four jurisdictions; Cayman Islands, Guernsey, Isle of Man and Jersey.

Guernsey hosts the 'head office' and is central to the other offices and connects to the internet for web and email and hosts the corporate email server. Each office has its own network subnet and a file and print server.

The office subnets are configured as follows: 172.22.20.0/255.255.252.0 in Guernsey 172.22.40.0/255.255.252.0 in Jersey 172.22.60.0/255.255.252.0 in Isle of Man 172.22.80.0/255/255/252/0 in Cayman Islands

The WAN routers for each office are configured as follows: 172.22.20.2 in Guernsey 172.22.40.2 in Jersey 172.22.60.2 in Isle of Man 172.22.80.2 in Cayman Islands In this example the Guernsey router is a single device that connects to the three WAN links. The internet connection is handled by another router (more specifically a firewall) on 172.22.20.1.

If computer on the Guernsey LAN needs to access the file server on the Jersey LAN will need to know how to get from 172.22.20.0 to 172.22.40.0.

This is possible because the computer knows that the Jersey subnet is accessible by sending IP traffic to 172.22.20.2. The Guernsey router knows to forward traffic on that subnet through the Jersey WAN link.

Conversely a network-attached system on the Jersey LAN will know to route IP traffic for another office subnet to 172.22.40.2.

With the correct router and static routing configuration it is possible for every office to connect to each other and to further permit surfing the web using the Guernsey internet connection regardless of which office a user is in.

Configuring Static Routing on FreeBSD

Static routing is configured on FreeBSD by editing rc.conf and rebooting the system.

Using the above example the following configuration would be used within the Guernsey office:

defaultrouter="172.22.20.1"
static_routes="gsyjsy gsyiom gsycmi"
route_gsyjsy="-net 172.22.40.0/22 172.22.20.2"
route_gsyiom="-net 172.22.60.0/22 172.22.20.2"
route_gsycmi="-net 172.22.80.0/22 172.22.20.2"

And within the Jersey office:

defaultrouter="172.22.40.2"
static_routes="jsygsy jsyiom jsycmi"
route_jsygsy="-net 172.22.20.0/22 172.22.40.2"
route_jsyiom="-net 172.22.60.0/22 172.22.40.2"
route_jsycmi="-net 172.22.80.0/22 172.22.40.2"

You will notice that the default gateway is set to the WAN router IP and not the Guernsey default gateway IP. This is intended because the WAN router in Guernsey will take responsibility of forwarding internet based traffic onward to the default gateway.

Personal tools