[kwlug-disc] Multiple gateways on one subnet

Paul Nijjar paul_nijjar at yahoo.ca
Fri May 22 11:20:01 EDT 2009

I think this e-mail might be even less coherent than my last question,
but here goes: 

We are in the process of setting up two Internet connections for the
organization. To our network this looks like two gateways -- one at
our 43 Queen building and one at 58 Queen. As any of you who have
attended KWLUG meetings know, there is a crummy wireless link that
joins the buildings. Each connection has an IPCop box joining it. 
The machines are all supposed to be on the same subnet, and I really 
don't want to split them up at this point. 

One goal is to use the 43Q gateway as a backup for the 58Q one. 
I sort of have that working by specifying multiple gateways when I
hand out DHCP addresses. I don't think this is an ideal solution -- my
preference would be to have the IPCop route to each other when their
internet connection goes down -- but the solution I have is Good
Enough for now. 

Another goal is to have the clients at 43Q use the 43Q internet as
their primary gateway, and to have the clients at 58Q use the 58Q
internet. I don't know how to get this working nicely: 

  - A different server hands out IP addresses via DHCP. Maybe if I
    fiddle enough I could set up different server pools with different
    default gateways, but then I
    have to go around hardcoding MAC addresses to distinguish 43Q
    computers from 58Q ones. It can be done, but it is brittle. 

  - I could block DHCP packets from flowing across the wireless link,
    and then put a separate DHCP server (with non-overlapping address 
    ranges) on each side. The problem is that I don't really know of a
    good way to do this filtering. The wireless boxes do not come in
    with built-in firewalls so I can block the DHCP ports. 
    I could maybe put another computer or device behind one of the
    wireless devices, but I don't know how to do this without changing
    the subnet (since all the firewall devices I know of are routers). 
    This also adds another point of failure to the system. 

These are the ideas I have so far. Is there another solution I am
missing? If you were in my situation what would you do?

I know that if I was cool I would be asking about load balancing and
stuff, but really I don't care. At this point I would be happy with
simple transparent failover and the ability for my client computers to
use the network connection that is on their side of the street.


- Paul

More information about the kwlug-disc mailing list