[LARTC] How do I collapse this configuration into 1 router.

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Chris,

 : I want the collapse the following configuration into 1 router...
 : My question is how I can collapse this into a single router (Router3),
 : eliminating LAN3, without renumbering LAN 1 or 2 so they don't have
 : duplicate adresses?

Perhaps you have already read Bartek's suggestion.  He prefaces his
suggestion as follows:

  If they don't have duplicate addresses connect them together and leave
  Router3 with SNAT.

If no hosts on your LAN1 and LAN2 use the same IP (same final octet), you
are in a great position--Bartek's solution will serve beautifully.  In
short, he is suggesting host routes to each destination on the interface
to which it is connected.

I'm responding to make a suggestion if there are duplicate addresses on
LAN1 and LAN2.  You'll need to use a two router solution, but you can
configure the second router in a clever way to aid in your transition to a
new and non-clashing IP space.  The benefit is you can slowly readdress
all of the machines in LAN2 (or whichever) to the new IP addressing
scheme.  This makes your router consolidation project a two phase
endeavour.  I'll choose an arbitrary numbering scheme for the new network.

Phase I:

  - consolidate router3 and router1
    - ethA internet
    - ethB 10.0.0.0/8
    - ethC 192.168.1.0/24 (LAN1)
    - ethD 192.168.254.0/24 (router2)
  - configure router2 to NAT 192.168.254.0/24 into LAN2 192.168.1.0/24
    - ethA 192.168.254.0/24
    - ethB (or ethA!) 192.168.1.0/24 (LAN2)

Phase II:

  - renumber machines in LAN2 to use 192.168.254.0/24
  - when renumbering is finished, turn off router2

So, here's a description of phase I:

The best part of this, is that your router2 machine doesn't need to have
multiple interfaces--you can perform the translation on a single media
segment.  Here's an example, assuming that router3 has 192.168.254.1 (our
gateway), and that your duplicate IP addresses (in LAN2) are 192.168.1.17,
192.168.1.18, 192.168.1.44, etc....

router2# ip addr add 192.168.254.254/24 dev eth0
router2# ip addr add 192.168.1.254/24 dev eth0
router2# ip route add default via 192.168.254.1
router2# for hostoctet in 17 18 44 $( seq 50 89 ) ; do
> ip route add nat 192.168.254.$hostoctet via 192.168.1.$hostoctet
> ip rule add nat 192.168.254.$hostoctet from 192.168.1.$hostoctet
# done

Now, the hosts in LAN2 will be accessible from router3's perspective as
192.168.254.$hostoctet, but router2 will be performing NAT to the
192.168.1.0/24 IP configured on the individual machines.

Conditions of this example:

  - all of the LAN2 hosts are connected to the same ethernet as router3's
    ethD interface and router2's interface
  - LAN2 (192.168.1.0/24) must use router2's 192.168.1.X IP as a default
    gateway
  - router3 must not be configured for proxy ARP nor to answer any ARP
    query for 192.168.1.0/24
  - router3 must forward all packets for 192.168.1.0/24 to the "REAL"
    192.168.1.0/24, LAN 1

Finally, you must be very careful about ARP issues.  If you are using
proxy ARP on router3, this will break in strange and wonderful ways, so
you'd be better off making router2 a traditional two-interface router.

and a description of phase II:

This is the easy part.  You visit the machines which need to be
readdressed (at your convenience) and give them IPs in the
192.168.254.0/24 network.  If you give these machines the same final octet
as in the 192.168.1.0/24 network, you'll need to remove the NAT entry on
router2.  Otherwise, it should be an easy and convenient transition.  No
cable swapping, no muss, and no fuss.

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com



[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux