4

I have two ethernet networks which are connected by a router (think it is cisco). Trafic from the two networks must not be mixed.

Except from one virtual server (Win2003 based on HyperV) on one LAN which is supposed to see two netcards one from the main Lan which the HyperV cluster is attached to (the default NIC) and another virtual NIC which is the end point for a IP tunnel that is connected to the router in the other end and tunnel all trafic from the secondary LAN to this virtual server.

I looked at VLAN protocol for cisco but it seams to only work if the virtual server is not moved arround on mac addresses.

Is there some software that will allow me to connect the virtual server to the secondary network via some movable ip tunnel?

/Thanks

drAlberT
  • 10,949
  • 7
  • 39
  • 52

4 Answers4

1

The standard behaviour of a router is to forward packets from one LAN to the other. Either it has one of its own network interface in the destination LAN or it knows another router which knows probably how to reach it.

If your traffic must not cross the router limit, you need to use a firewall or router-specific rules to prevent that mix.

All this to say that I don't see where your problem lies. Can you provide further information?

rolaf
  • 568
  • 1
  • 4
  • 8
0

VLAN is related to LAN segmentation in Virtual LANs at ethernet level.

If I understood well you a a GW machine between the two LANs you have to connect. Just add a static route in this machine, making it act as a router for the IP traffic you want to route

drAlberT
  • 10,949
  • 7
  • 39
  • 52
0

VLANS would not accomplish this. As soon as the ethernet frame touches the router, the VLAN tag and the rest of the frame is removed, rebuilt, and recalculated.

IP tunnels can be created via IPSEC (IPv4 or IPv6). First result from a google search: Windows 2003 IPSEC.

VLANs only operate on Layer 2 of the OSI model. What you are asking for, an IP tunnel, operates on Layer 3. Routers live on Layer 3 and switches live on Layer 2.

There are many ways to make IP tunnels, but IPSEC is probably the most common, and easily routed. Consult your ciso documentation for routing of IPSEC.

Joseph Kern
  • 9,899
  • 4
  • 32
  • 56
  • IPSEC introduces a security layer that is superabundant in this case – drAlberT Aug 26 '09 at 14:09
  • What? Superabundant? Do you mean superlative? IPSEC can be used in many different modes. IMHO if you want a tunnel, you probably want to encrypt it as well. Trusted delivery over un-trusted networks. – Joseph Kern Aug 26 '09 at 15:17
  • What is untrusted in this specific case? I think there is the right tool for any issue, applying the well known tool we are familiar with in every circumstance is once of the worst problems of many sysadmins. – drAlberT Aug 27 '09 at 08:05
  • A tunneling protocol (using IP[hence IPSEC]), is the best solution. What do you think he should apply? – Joseph Kern Aug 27 '09 at 12:58
0

use IP-over-DNS! its 70ta1y 1337!

seriously...

If you have windows boxes on either side then look at Routing and Remote Access you can use it to setup a persistent VPN with IPSec or PPTP

Nick Kavadias
  • 10,796
  • 7
  • 37
  • 47