Tech Support Forum banner
Status
Not open for further replies.

Accessing different subnets through LAN network

3K views 10 replies 4 participants last post by  jamesFFD 
#1 ·
Hello,

We have a small business network running with a couple of servers, around 20 workstations, a load balancing router and a couple of modems/ISP connections.

Pre-requisite questions;

Is this a wired or wireless connection issue?
Wired.

Who is your Internet Service Provider (ISP)?
Virgin Media - 152mb
Plusnet - 20mb

What type of Broadband connection are you using?
ADSL

What is the exact Make and Model of your Modem, Router or Modem/Router Combo
1x TP-Link TL-R470T+ load balancing router
1x Virgin Superhub2
1x Draytek Vigor 120 v2 Modem

Background & setup

Our SBS server acts as DHCP for our network and has an IP of 192.168.1.2. All of our workstations, printers and other servers run through this and have an IP of 192.168.1.x. This is all working fine and has been for years.

Our Load balancing router has the IP of 192.168.1.1 and has two active WAN ports.
WAN1 from the Virgin superhub with an IP of 192.168.0.1 and
WAN2 from the Draytek Vigor 120 modem with an IP of 192.168.2.1

Both internet connections are working throughout the network with no problems.

The question

We can access the Virgin Superhub through a browser with no problems at 192.168.0.1 but we cannot access the Draytek Vigor 120 through a browser at 192.168.2.1 - although a ping through the CMD does work.
I set up a static route through the TP-link router with the following values to try and fix this;

Destination: 192.168.2.0
Subnet Mask: 255.255.255.0
Next Hop: 192.168.1.1
Interface: LAN
Metric:(0-15) 0


But this does not help anything. Infact, enabling it causes the ping to timeout. Is this not correct? Is there a way we can access the modem?
Why can we access the Virgin Superhub on a different subnet but not the Draytek modem on (another) different subnet?
 
See less See more
#2 ·
More likely a load balancer issue. The two connections are not equal, so it's obviously (or at least I'd be surprised) not load balancing equally across both links. Which means one path is preferred.

What are the ping times to each modem? Are they roughly equal or is one higher than the other?
 
#4 ·
Here you go, there seems to be a slight increase in one of the pings to the modem but mostly around 1ms.

Pinging 192.168.2.1 with 32 bytes of data:
Reply from 192.168.2.1: bytes=32 time=1ms TTL=63
Reply from 192.168.2.1: bytes=32 time<1ms TTL=63
Reply from 192.168.2.1: bytes=32 time=78ms TTL=63
Reply from 192.168.2.1: bytes=32 time=1ms TTL=63

Ping statistics for 192.168.2.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 78ms, Average = 20ms

>ping 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=1ms TTL=63
Reply from 192.168.0.1: bytes=32 time<1ms TTL=63
Reply from 192.168.0.1: bytes=32 time<1ms TTL=63
Reply from 192.168.0.1: bytes=32 time=1ms TTL=63

Ping statistics for 192.168.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
 
#5 ·
Those actually look good. At those times, everything should be staying local as it should. And the fact that ping is working, typically is a good indication the network path is good.

Is the modem reachable with the load balancer removed? That will at least confirm a load balancer config issue.
 
#6 ·
Could you confirm what you mean by "with the load balancer removed"?

We initially plugged it in to a local PC to set up it's static IP, turn it's DHCP off and generally set it up. We have also accessed it's config through a browser with a lead directly in to it.

If we removed the load balancer then no, we couldn't reach it because it wouldn't be plugged in to anything :smile:
 
#7 ·
A simple network diagram would help us to see how you have everything physically connected. If you are the network administrator, did you personally design this network??:confused:

If the answer is yes to the former, but no to the latter, you should attempt to do this. If you are inexperienced at doing so, I would urge you to hire a licensed Network Engineer to do this for you. Think of it like you are trying to add on an addition to your office building, but you do not have blueprints for that building. Just about NO contractor would touch that job without blueprints.:nono: It works the same way for a small office network (LAN) of 20 or 20,000 it doesn't matter.

You also haven't mentioned the hardware characteristics of each of your servers, how many servers, how many print servers, and the interconnection entry points. And you haven't mentioned the server software each server is running. Are all servers for instance Windows Servers? If so, are they all running the same version; for example: Windows Server 2003, Windows Server 2008, Windows Server 2013, etc.? Are any of the servers running Linux? Which versions? Linux Apache? Linux Ubuntu? Which hardware PCs are running which server software? :confused:

As a licensed Network Engineer I have worked on networks in excess of 75,000 interconnected computers via LAN-WAN, and if you are in charge of this network, you need to have it properly documented. I suggest that if you cannot provide a network diagram with some or most of this information, it is not.

If you hired me to straighten this out, I would spend the first 2-3 days documenting your network and hardware devices, and producing a network diagram or map of your devices and software. During this period I would use a device called a LANALYZER or similar to inject signals into each of your various subnets, and then use capture or "sniffer" software to capture the signals and the various routing tables stored on your servers, gateways, dsl modems, and other devices to determine exactly where your signals are going and if the subnets are properly constructed and interconnected together.

After I did all of this, I would probably suggest that you get rid of the load balancing router you have, and switch to a proper high-speed switching router such as Cisco; which is the Cadillac of network backbone architecture and also the backbone of the entire Internet which you may be familiar with. A device such as a 2601 or 3500 Catalyst router would allow you to manage your subnets better, and for load balancing, Cisco has special routers to handle this as well as well as the correct Operating System to manage it all; IOS. :wink:

If you live in the US or even in Europe it's quite likely you will have a Cisco sales office not too far from you. When I took over network administration of a small company's network; this is one of the first steps I took. I brought in a team of Cisco network engineers (CCIE's) to correctly map out our network. This process took several weeks including the "sniffing" activity I mentioned. I actually used mutlipe vendors to do all of this. We had a corporate network of 680 computers, somewhat bigger than yours, but for example in the corporate HQ office where I worked 275 or so of those computers were in use, and we mapped out 6 miles of fiber cable alone! That's separate from the miles and miles of buried copper cable throughout a 180,000 sq.ft. facility. :whistling:

I can also tell you that if the reason you are using 2 different ISPs on your network is for purposes of Fault Tolerance, you don't have the right equipment to manage this.:uhoh: IMO Cisco is the only vendor that has equipment to do load balancing between multiple ISP with varying bandwidth speeds across multiple subnets as well as VPN, Firewall, Intranets, & Extranets. Even if you are not using those additional features, I believe you will spend a whole lot of time and money wasted trying to correct your current network layout.:facepalm: Attempting to run traffic over various subnets using Static IP addresses is "so 90s"; no one does this anymore.:nonono: You should have all your subnets running DHCP on them. You should at the very least employ a minimum of 1 DHCP server (you will have to build it or pay someone to install one for you), and possibly a WINS server as well. If you have lots of Intranet and or Extranet portal traffic, you'll probably need a Proxy Server as well.

If some of this sounds familiar, then you are still in the game; you just need someone with professional network design and installation skills. Based on your descriptions, and they are rather incomplete as I stated, your network is need of a serious upgrade or two.

Post back your additional information, and your network diagram if you have one. If you don't have one and wish to create one yourself, you should consider purchasing Microsoft Visio to do this. Other products will do, that's just what I've used as I've worked in many Microsoft shops and we got a deal on the site license for the software as it works very well.

Best of luck to you,:thumb:
<<<BIGBEARJEDI>>>
 
#8 ·
Wow. How did we go from a simple question of why can't I access one router via the load balancer but can the other to statements like only cisco for load balancing?

All that aside, the questions being asked:
"Is this not correct? Is there a way we can access the modem?"
This setting isn't correct: Destination: 192.168.2.0
That is the network id and is not a valid ip address. It should be 192.168.2.1 which is the static ip of the draytek's lan port.

But you shouldn't need to put a static route in since the load balancer should know its there.

As an experiment I would disconnect the superhub from the load balancer and then see if you can access 192.168.2.1. It could be that the load balancer is only using one wan connection at a time and that is why the other connection is not reachable due to being dormant.
 
#9 ·
Wow. How did we go from a simple question of why can't I access one router via the load balancer but can the other to statements like only cisco for load balancing?
>>>Possibly because I don't understand the exact physical interconnection method employed. And, in several attempts with other Vendors using different speeds of multiple ISPs as in this case, I've never seen it work. Not to say that there aren't other vendors who have solved this problem. I've just never seen it done, so I'm simply suggesting that he look at using a vendor solution that's guaranteed to work. I've seen this solution deployed in multiple data centers from small to large. This is really a catch-all solution, and I'm sorry I mentioned it. I should have just asked for the network diagram. :wink: The lack of having one at all or a diagram that is of poor quality would tell us volumes.:ermm:<<<BBJ>>>

All that aside, the questions being asked:
"Is this not correct? Is there a way we can access the modem?"
This setting isn't correct: Destination: 192.168.2.0
That is the network id and is not a valid ip address. It should be 192.168.2.1 which is the static ip of the draytek's lan port.

But you shouldn't need to put a static route in since the load balancer should know its there.
>>>We agree on this one. :iagree: A static route is a band-aid only and should only be used for testing purposes. I believe I mentioned this in my post<<<

As an experiment I would disconnect the superhub from the load balancer and then see if you can access 192.168.2.1. It could be that the load balancer is only using one wan connection at a time and that is why the other connection is not reachable due to being dormant.
>>>If this is the case, then that's certainly a shortcoming of his existing equipment. Cisco can handle multiple ISPs concurrently, or be setup as a fault-tolerant configuration. That's how I've used it. The issue you point out then, is does the Dratek-Vigor modem, the Superhub, or the TP-Link Router have the capability to do either of these? If the multiple-ISP concurrent routing feature is not available in any of the 3 of these devices, then he has an equipment shorcoming issue.:ermm: If one of his 3 devices does have fail-over or software switchover from fast ISP to slow ISP or vice-versa, we would need to know which device is responsible for managing this feature. And was it ever working before? I spent several weeks with this issue at a small company I worked at several years ago, and the Router Company said we didn't know how to follow their instructions to get it to work. :rolleyes: I was replaced on that contract. I found out years later, that the piece of equipment my Boss purchased from them had this capability on their spec sheet, but it DID NOT WORK as advertised.:facepalm: My replacement was able to get it working by replacing that router with a Cisco box. Hence my comments in my previous post. The other vendors who produce these boxes are great at writing specs, but their actual products don't always reflect the capability as advertised. :uhoh:

So, with this discussion meant to answer your question of why I answered with all the information *including that he needed a DHCP server*, the real issue is that he hasn't provided a network diagram. You may be right and he has a bad static route (good catch on that!), however, I'm betting he has more problems than just that. It's very difficult IMO to troubleshoot a network without this item, just following various text-based descriptions of the network and IP addresses and subnets. Also, he mentions an SBS server. What the heak is this? Is it a Company named SBS? What OS is it running? I mentioned that he needs to tell us is this an all Microsoft-server network, or is it Linux, Unix, etc. If he has a multiprotocol network, you agree that he might have routing problems due to using a "hub" *superhub*, instead of a proper Gateway. At this point, we'll wait for OP to try your suggestion, and then answer back results from that, and questions from my Post and hopefully he'll include a network diagram.
<<<Cheers! BBJ>>>
 
#10 ·
jamesFFD's question is simply about why he can access one router via the load balancer but not the other. This has nothing to do with the servers or brand of load balancer. Nor would a diagram add anything to the issue. Its a simple load balancer connected to two routers with two different isp connections.

It is unclear why you are including all the lan side configuration when the issue is beyond the lan and only pertains to load balancer and router connections. The routers don't have to support load balancing nor do they have to be aware of multiple isp connections. Only the load balancer has to know this.
 
#11 ·
Wow there is quite a lot to cover here. I'll do my best. :smile:

Firstly, BIGBEARJEDI;

If you are the network administrator, did you personally design this network??
I am more the junior admin but my managing director designed and implemented the network and has the final say on anything that happens to it. He used to be a field engineer and I defer to him on most things.

If you are inexperienced at doing so, I would urge you to hire a licensed Network Engineer to do this for you.
I would absolutely love to but as the above it is really not down to me and I really can not see my boss spending that much money on it.

IMO Cisco is the only vendor that has equipment to do load balancing between multiple ISP...
Thank you for that input, we are actually looking at a new load balancer as we (quite stupidly, if I do say so myself) only realised recently that our load balancer has a limit of 100mbps as well as one of our switches being 10/100. I will be looking at new equipment today so I will take your advice on board. :smile:

secondly, Wand3r3r;

This setting isn't correct: Destination: 192.168.2.0
That is the network id and is not a valid ip address. It should be 192.168.2.1 which is the static ip of the draytek's lan port.
I realise this but when entering 192.168.2.1 the router auto-changes this to 192.168.2.0.

As an experiment I would disconnect the superhub from the load balancer and then see if you can access 192.168.2.1. It could be that the load balancer is only using one wan connection at a time and that is why the other connection is not reachable due to being dormant.
I will try this if I get a chance.

thirdly, both;

...This has nothing to do with the servers or brand of load balancer...
I tend to agree with Wand3r3r here and I don't really have time to put together a fully documented spec of the inner workings. I would love to and if my only task was the network administration then I would jump on the chance out of pure interest :smile:
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top