ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Networking/ISP

    Scheduled Pinned Locked Moved IT Discussion
    17 Posts 5 Posters 502 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jimmy9008
      last edited by

      Hi folks,

      Quite confused here, could you help me understand how this works...

      My ISP provide a fibre line to my office for our Internet. This comes in to my office in to their device sitting in my cabinet (the POP?) by fibre cable. A cable (cat6) comes from their device in to a switch (which is also their device). I then connect my firewall to interface 2 on their switch.

      I connect my WAN on my firewall (89.x.x.x) in to interface 2 on their switch. Traffic then goes from my LAN on the firewall out to the Internet over the existing setup.

      We are looking to put a device in their datacenter and they have said we can use datacenter connect. Which is 'like a private network' from my office to the devices I will put on their site over our existing line. I just don't understand how it works...

      They have said I can use private addresses for this and want the IPs from me, but I still only have the one fibre connection coming in to their kit and just cant grasp what is going on...

      I am guessing they are saying I can connect a device to Interface 3 on their switch (not through my firewall) with an IP like 10.10.10.3, and their datacenter could have another device using 10.10.10.4 at the DC end, and over the fibre they can talk 'private'/point to point over my fibre line...

      In this case, will the one fibre link pass traffic from me to them on this private setup, whist also passing traffic for my public internet access? (Over the one cable)?

      Probably a totally idiot question, but any help to help me understand this?

      Ta,
      J

      1 Reply Last reply Reply Quote 0
      • EddieJenningsE
        EddieJennings
        last edited by

        At first glance this sounds like a site-to-site VPN.

        Something that strikes me as odd is that your ISP is offering colocation services (assuming you're talking about a server being put into "their datacenter.") Generally you'd want to avoid having one vendor provide all of the services you need -- or at least think through the ramifications of it.

        scottalanmillerS 1 Reply Last reply Reply Quote 3
        • J
          Jimmy9008
          last edited by

          We have a few ISPs, we just happen to have a device that we want to host with them off site.

          Can one fibere cable route our Internet traffic to them, whilst also passing 'private' traffic over this line too?

          I guess the switch/cable they have just passes 'data', and their routers at their end will be configured based on the IPs I give to pass 89.x out, and 10.x to my site their end?

          EddieJenningsE scottalanmillerS 2 Replies Last reply Reply Quote 0
          • EddieJenningsE
            EddieJennings @Jimmy9008
            last edited by

            @Jimmy9008 said in Networking/ISP:

            We have a few ISPs, we just happen to have a device that we want to host with them off site.

            Can one fibere cable route our Internet traffic to them, whilst also passing 'private' traffic over this line too?

            I guess the switch/cable they have just passes 'data', and their routers at their end will be configured based on the IPs I give to pass 89.x out, and 10.x to my site their end?

            I'm curious, what device would they be hosting?

            To your networking question, the answer is yes. That's a use-case for a VPN. You'd have your office network's router establish a tunnel to the other end point's router, and traffic passes through that tunnel. The traffic is encrypted and passes over the Internet between each point of the tunnel. There's more detail involved, but that is basically what's going on.

            DashrenderD 1 Reply Last reply Reply Quote 0
            • J
              Jimmy9008
              last edited by

              Its an off site backup NAS. I'll draw a diagram after cooking dinner. Hopefully that will help explain it to me...

              1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch
                last edited by

                This is more like an MPLS than a site to site VPN.

                They will have to tell you were to hook up, but yes, likely on another port.

                Just give them the private IP on your LAN that you want the thing to have.

                EddieJenningsE 1 Reply Last reply Reply Quote 0
                • EddieJenningsE
                  EddieJennings @JaredBusch
                  last edited by

                  @JaredBusch said in Networking/ISP:

                  This is more like an MPLS than a site to site VPN.

                  You're right. Didn't think about MPLS. We have that where I am, but my team never gets to touch it; thus, I don't know what the requisite hardware looks like.

                  1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender @EddieJennings
                    last edited by

                    @EddieJennings said in Networking/ISP:

                    @Jimmy9008 said in Networking/ISP:

                    We have a few ISPs, we just happen to have a device that we want to host with them off site.

                    Can one fibere cable route our Internet traffic to them, whilst also passing 'private' traffic over this line too?

                    I guess the switch/cable they have just passes 'data', and their routers at their end will be configured based on the IPs I give to pass 89.x out, and 10.x to my site their end?

                    I'm curious, what device would they be hosting?

                    To your networking question, the answer is yes. That's a use-case for a VPN. You'd have your office network's router establish a tunnel to the other end point's router, and traffic passes through that tunnel. The traffic is encrypted and passes over the Internet between each point of the tunnel. There's more detail involved, but that is basically what's going on.

                    Hopefully not, I wouldn't expect the internet to be involved in his private IP range at all.

                    As JB mentioned - a second port on the switch could be plugged directly into his LAN network switch - then the vendor does their routing magic and makes it appear either as the same LAN in the DC, or a routed interface that the OP will need to setup a routing rule for.

                    To me the question is - will you send data over this connection encrypted or plain text? This is the type of connection that most huge companies had in the past - Google from one DC to another through AT&T, etc. Google thinking the traffic was not being spied upon, just sent unencrypted data over it - then Edward Snowden showed us that the phone companies were allowing the NSA to tap all of those 'private' lines, and the NSA was reading all that data. So to fix that Google had to start encrypting everythign that goes over those lines to keep the damned NSA and shitty phone companies who don't care about our privacy, out!.

                    EddieJenningsE 1 Reply Last reply Reply Quote 0
                    • EddieJenningsE
                      EddieJennings @Dashrender
                      last edited by

                      @Dashrender said in Networking/ISP:

                      Hopefully not, I wouldn't expect the internet to be involved in his private IP range at all.

                      As JB mentioned - a second port on the switch could be plugged directly into his LAN network switch - then the vendor does their routing magic and makes it appear either as the same LAN in the DC, or a routed interface that the OP will need to setup a routing rule for.

                      Yeah. . . Upon rereading OP and Jared's answer, I realized my dumb moment. Somehow I didn't put it together in my head that the traffic would lever be leaving the ISP's network.

                      1 Reply Last reply Reply Quote 0
                      • J
                        Jimmy9008
                        last edited by

                        Hi folks,

                        As I say, networking isnt my focus but trying to get my head around it. Hopefully this diagram will help... (sorry for how crap it looks!)...

                        So, top = ISPs 'end'. Red dash lines next to the black lines, thats one fibre cable.

                        So, is it possible to connect eth3 on the ISP switch on my site in to my switch (the lower red line), and for the ISP to connect that to their end, (I guess a switch), whilst also connecting my internet line through my firewall traffic?

                        Essentially the top device x.x.3.5 can communicate with x.x.x.3.2 like its on my LAN? At the same time as Internet traffic going through the fibre cable?

                        Really confused and just imagine im going drastically wrong here...

                        ![0_1551300420313_diagram.PNG](Uploading 100%)

                        1 Reply Last reply Reply Quote 0
                        • J
                          Jimmy9008
                          last edited by

                          mynetworkdiag.PNG

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @EddieJennings
                            last edited by

                            @EddieJennings said in Networking/ISP:

                            Something that strikes me as odd is that your ISP is offering colocation services (assuming you're talking about a server being put into "their datacenter.") Generally you'd want to avoid having one vendor provide all of the services you need -- or at least think through the ramifications of it.

                            Rarely something that you want, which means it is what is most commonly offered and pushed.

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Jimmy9008
                              last edited by

                              @Jimmy9008 said in Networking/ISP:

                              Can one fibere cable route our Internet traffic to them, whilst also passing 'private' traffic over this line too?

                              That's the norm. And not just for ISPs, VPNs do this, too.

                              J 1 Reply Last reply Reply Quote 0
                              • J
                                Jimmy9008 @scottalanmiller
                                last edited by

                                @scottalanmiller said in Networking/ISP:

                                @Jimmy9008 said in Networking/ISP:

                                Can one fibere cable route our Internet traffic to them, whilst also passing 'private' traffic over this line too?

                                That's the norm. And not just for ISPs, VPNs do this, too.

                                The gateway out is public IP to the Internet. VPN tunnels between two public IPs, etc... all Internet.

                                What they seem to be saying is that the 89.x.x.x public 'Internet Stuff' can go through that cable, and my 192.168.3.x 'LAN' stuff can also go through that cable, and at the same time I can have Internet served to my Firewall, and 'LAN' to my device... can it work that way?

                                So their switch interface 2 is routing 89.x.x.x traffic, and interface 3 is is extending my LAN on 192.x.x.x (public IPs going on and private)... all through the fibre cable to their DC?

                                DashrenderD 1 Reply Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender @Jimmy9008
                                  last edited by

                                  @Jimmy9008 said in Networking/ISP:

                                  @scottalanmiller said in Networking/ISP:

                                  @Jimmy9008 said in Networking/ISP:

                                  Can one fibere cable route our Internet traffic to them, whilst also passing 'private' traffic over this line too?

                                  That's the norm. And not just for ISPs, VPNs do this, too.

                                  The gateway out is public IP to the Internet. VPN tunnels between two public IPs, etc... all Internet.

                                  What they seem to be saying is that the 89.x.x.x public 'Internet Stuff' can go through that cable, and my 192.168.3.x 'LAN' stuff can also go through that cable, and at the same time I can have Internet served to my Firewall, and 'LAN' to my device... can it work that way?

                                  So their switch interface 2 is routing 89.x.x.x traffic, and interface 3 is is extending my LAN on 192.x.x.x (public IPs going on and private)... all through the fibre cable to their DC?

                                  More or less - yes.
                                  They can trunk the single line to act like many lines - think VLANs

                                  J 1 Reply Last reply Reply Quote 0
                                  • J
                                    Jimmy9008 @Dashrender
                                    last edited by

                                    @Dashrender said in Networking/ISP:

                                    @Jimmy9008 said in Networking/ISP:

                                    @scottalanmiller said in Networking/ISP:

                                    @Jimmy9008 said in Networking/ISP:

                                    Can one fibere cable route our Internet traffic to them, whilst also passing 'private' traffic over this line too?

                                    That's the norm. And not just for ISPs, VPNs do this, too.

                                    The gateway out is public IP to the Internet. VPN tunnels between two public IPs, etc... all Internet.

                                    What they seem to be saying is that the 89.x.x.x public 'Internet Stuff' can go through that cable, and my 192.168.3.x 'LAN' stuff can also go through that cable, and at the same time I can have Internet served to my Firewall, and 'LAN' to my device... can it work that way?

                                    So their switch interface 2 is routing 89.x.x.x traffic, and interface 3 is is extending my LAN on 192.x.x.x (public IPs going on and private)... all through the fibre cable to their DC?

                                    More or less - yes.
                                    They can trunk the single line to act like many lines - think VLANs

                                    Ok. I think that makes more sense to me.

                                    So, the ISP switch eth1 is vLAN1, which passes 89.x.x.x to my firewall for my organisations Internet access. eth1 routes out over their eth0 fibre link. Then, vLAN2 is eth2 on their switch, which extends my 192.x.x.x private range to them, again over the eth0.

                                    Ok, I think in that warped way I get it.

                                    So, I can say to them:

                                    "I'm going to plug my device 10.10.10.2 in to your switch at my office on eth3.
                                    Connect my box at your DC. Its set to be 10.10.10.3. Now, make them talk over my fibre line..."

                                    DashrenderD 1 Reply Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender @Jimmy9008
                                      last edited by

                                      @Jimmy9008 said in Networking/ISP:

                                      @Dashrender said in Networking/ISP:

                                      @Jimmy9008 said in Networking/ISP:

                                      @scottalanmiller said in Networking/ISP:

                                      @Jimmy9008 said in Networking/ISP:

                                      Can one fibere cable route our Internet traffic to them, whilst also passing 'private' traffic over this line too?

                                      That's the norm. And not just for ISPs, VPNs do this, too.

                                      The gateway out is public IP to the Internet. VPN tunnels between two public IPs, etc... all Internet.

                                      What they seem to be saying is that the 89.x.x.x public 'Internet Stuff' can go through that cable, and my 192.168.3.x 'LAN' stuff can also go through that cable, and at the same time I can have Internet served to my Firewall, and 'LAN' to my device... can it work that way?

                                      So their switch interface 2 is routing 89.x.x.x traffic, and interface 3 is is extending my LAN on 192.x.x.x (public IPs going on and private)... all through the fibre cable to their DC?

                                      More or less - yes.
                                      They can trunk the single line to act like many lines - think VLANs

                                      Ok. I think that makes more sense to me.

                                      So, the ISP switch eth1 is vLAN1, which passes 89.x.x.x to my firewall for my organisations Internet access. eth1 routes out over their eth0 fibre link. Then, vLAN2 is eth2 on their switch, which extends my 192.x.x.x private range to them, again over the eth0.

                                      Ok, I think in that warped way I get it.

                                      So, I can say to them:

                                      "I'm going to plug my device 10.10.10.2 in to your switch at my office on eth3.
                                      Connect my box at your DC. Its set to be 10.10.10.3. Now, make them talk over my fibre line..."

                                      This assumes it's a straight extension of your network - and not a routed new network.

                                      1 Reply Last reply Reply Quote 0
                                      • 1 / 1
                                      • First post
                                        Last post