-1

Sorry it was hard to think of a title for this, so hopefully I can explain my situation.

We have hardware (unix servers) on 3 different network subnets. For example:

10.44.1.0 10.44.2.0 10.44.3.0

All on a 255.255.255.0 subnet

There isn't much on each network, generally just a server that people connect in remotely via a VPN.

In 1 server room we have the live server for each network. We want to have a disaster recovery for each server in another part of the building.

The building already has a 1 coms cabinet for for the 2 server rooms. 1 on the ground floor, the other on the 1st floor. The cabinets however have only a few linking connections (cabinet A to cabinet B).

We have tested having all 3 connections going into 1 switch, then a cable connecting from switch to coms cabinet link. The other end has the same setup, to which each network can see the hardware at each end, but they cannot see any of the other networks (which is what we want).

I understand it would be easy for a windows based computer to simply add all 3 network IPs and then be able to access all 3, we have tested and seen it work.

In creating this type of "joined" network, what are we exposed to if this was to be used in a live setup?

Many thanks for your time and hopefully I have been clear in what I mean.

Phil

PhilJ
  • 1
  • Apologies if my terminology is not correct with what I am trying to put across. The basics of what I am trying to understand is, can 3 different networks, each of them split in half between 2 server rooms, be linked by only 1 network cable? The reason is the limited connection ports available between the 2 server rooms. Thanks – PhilJ Jul 16 '14 at 22:56

3 Answers3

5

You should be using routers to communicate between multiple subnets, not a switch. Start there, and the other problems should vanish.

Using VLANs is a good plan if all these logical networks exist on the same cables and switches and aren't physically separate. In that configuration, you'd use a "router on a stick" rather than having a router with a cable coming in from each subnet.

Falcon Momot
  • 25,244
  • 15
  • 63
  • 92
1

I'd suggest using VLANs to actually isolate the networks. Say VLAN 1, 2 and 3 for the corresponding /24's. Your trunk ports (that connect to the interlink between switches) at either end are members of all 3 VLANs, but the ports your servers are connecting to are only members of their respective VLANs.

This will stop device on VLAN1 bringing up an interface with an IP that belongs to VLAN2 and seeing the other devices within the same /24 -- the other machines wouldn't be part of VLAN1, much like the device on VLAN1 isn't a part of VLAN2, without physical access to the networking infrastructure. A VLAN essentially creates a virtually isolated network, as if it were physically isolated.

Hope this helps.

dannosaur
  • 983
  • 5
  • 15
1

Q: can 3 different networks, each of them split in half between 2 server rooms, be linked by only 1 network cable?

A: Of course. The network cable doesn't know or care what Layer 3 network the traffic transiting it belongs to.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • Thanks for your reply. In having this setup, it means all 3 networks need to connect into 1 switch in each server room, so that a 4th network lead then connects the 2 switches. By doing this, apart from what I mentioned before about a Windows computers ability to see all 3 networks if it wanted to, what other concerns would there be for this method of linking the 2 server rooms with 1 lead? – PhilJ Jul 17 '14 at 06:16
  • That all depends. Is there any issue with having traffic for all 3 networks transiting the same physical network? Do they need physical separation? Are there security concerns about someone on one network sniffing the traffic od another network? If so, then you'll want to set up VLAN's on the switches for each network and then configure the switch to switch link as a trunk port to carry traffic for all 2 VLAN's between the switches. – joeqwerty Jul 17 '14 at 13:44
  • Thanks again for your info. The 3 networks if joined like this, would sit separate from the main company network. We have no issues with the 3 of them being on the same physical network as each other. The only concern is if 1 network was to ever get a virus, how easy would it be to find and spread to the other 2? What you mentioned about the VLAN's sounds interesting. VLAN's is not something I have ever setup before. Would it be setup so: PORT1 = VLAN1, PORT1 = VLAN2, PORT3 = VLAN3, PORT4 = VLAN1/3. Then the same at the other end, connecting the 2 switches using PORT4 on both switches? – PhilJ Jul 17 '14 at 23:40