pavement

Network Configuration (Advanced)

From FreeBSDwiki
Revision as of 17:16, 15 September 2007 by 80.73.220.216 (Talk)
Jump to: navigation, search

This page contains examples of advanced network configurations. Many of these may be useful in corporate networked environments where more complex network configurations are used.

Contents

Introduction

Simple Networking

A home network or a small office LAN will typically have one subnet and a single router with which to connect to the internet. This router is referred to as the 'default gateway' since any IP addresses not local to the LAN is sent to it for routing onto the appropriate destination. This setup is fairly straight-forward and most configuration for this type of network can be done from this guide.

Note: the configuration name for the 'default gateway' is 'defaultrouter' within the rc.conf file.

Advanced Networking

In contrast to this simplicity a larger organization will have multiple offices, spanning cities or whole jurisdictions. These offices will each have a LAN that has a different subnet and connect to at least one other office using wide-area network (WAN) links.

A WAN link connects to an office using a router and it is possible for an office to have more then one connecting to it. This is typically within the 'head office' that plays a central role to the other (possibly smaller 'branch' or 'satellite') offices.

Static Routing

In the Simple Networking example above any IP traffic that does not belong to the subnet is sent to the same router address which is known as the default gateway and it is typically attached to an internet connection. In the Advanced Networking example IP traffic that does not belong to the subnet may need to be sent to another subnet via a WAN link instead of the default gateway which would send it to the internet.

This process is called static routing, where a known network subnet can be reached through a specific WAN link.

Each network-attached system is configured with the subnet of another office and the local router address that connects to the WAN for the remote office.

Scenario (example use)

An offshore financial institution operates across four jurisdictions; Cayman Islands, Guernsey, Isle of Man and Jersey.

Guernsey hosts the 'head office' and is central to the other offices and connects to the internet for web and email and hosts the corporate email server. Each office has its own network subnet and a file and print server.

The office subnets are configured as follows: 172.22.20.0/255.255.252.0 in Guernsey 172.22.40.0/255.255.252.0 in Jersey 172.22.60.0/255.255.252.0 in Isle of Man 172.22.80.0/255/255/252/0 in Cayman Islands

The WAN routers for each office are configured as follows: 172.22.20.2 in Guernsey 172.22.40.2 in Jersey 172.22.60.2 in Isle of Man 172.22.80.2 in Cayman Islands In this example the Guernsey router is a single device that connects to the three WAN links. The internet connection is handled by another router (more specifically a firewall) on 172.22.20.1.

If computer on the Guernsey LAN needs to access the file server on the Jersey LAN will need to know how to get from 172.22.20.0 to 172.22.40.0.

This is possible because the computer knows that the Jersey subnet is accessible by sending IP traffic to 172.22.20.2. The Guernsey router knows to forward traffic on that subnet through the Jersey WAN link.

Conversely a network-attached system on the Jersey LAN will know to route IP traffic for another office subnet to 172.22.40.2.

With the correct router and static routing configuration it is possible for every office to connect to each other and to further permit surfing the web using the Guernsey internet connection regardless of which office a user is in.

Configuration (based on the example)

Static routing is configured on FreeBSD by editing rc.conf and rebooting the system.

Using the above example the following configuration would be used within the Guernsey office:

defaultrouter="172.22.20.1"
static_routes="gsyjsy gsyiom gsycmi"
route_gsyjsy="-net 172.22.40.0/22 172.22.20.2"
route_gsyiom="-net 172.22.60.0/22 172.22.20.2"
route_gsycmi="-net 172.22.80.0/22 172.22.20.2"

The /22 ('slash twenty-two') used above is a short-code for the subnet mask 255.255.252.0. A more typical network subnet mask of 255.255.255.0 would use /24 and 255.255.0.0 would use /16, and so on.

And within the Jersey office:

defaultrouter="172.22.40.2"
static_routes="jsygsy jsyiom jsycmi"
route_jsygsy="-net 172.22.20.0/22 172.22.40.2"
route_jsyiom="-net 172.22.60.0/22 172.22.40.2"
route_jsycmi="-net 172.22.80.0/22 172.22.40.2"

You will notice that the default gateway (the 'defaulrouter' parameter) is set to the Jersey WAN router IP and not the Guernsey default gateway IP. This is intended because the WAN router in Guernsey will take responsibility of the forwarding of internet based traffic to the default gateway.

Breakdown (from the example configuration)

defaultrouter

defaultrouter="172.22.40.2"

This parameter is the default gateway and is typically used to indicate the IP address of the router that is responsible for internet traffic. This is used on all network configurations where an internet connection exists.

It is possible to not use it at all however it is unusual in this day and age to not have or need an internet connection.

static_routes

static_routes="jsygsy jsyiom jsycmi"

This parameter is used to list the routes that are needed to connect to other subnets outside the local subnet but not through the default gateway.

The values within the "quote marks" are textual and would normally be a descriptive name for the static route. The example above has jsygsy to indicate the static route between Jersey and Guernsey subnets.

route_name

route_jsygsy="-net 172.22.20.0/22 172.22.40.2"
route_jsyiom="-net 172.22.60.0/22 172.22.40.2"
route_jsycmi="-net 172.22.80.0/22 172.22.40.2"

This parameter is used in conjunction with the static_routes parameter and defines the actual static routes.

The name following the route_ part is free-form text and used as a descriptive name for the route being defined. This name is the part quoted on the 'static_routes="name"' parameter.

Personal tools