Will this cause a loop?

[Armageus]

Just need a sanity check before I plug a cable in, but bear with me as this will take a bit of explaining...


Currently the local site is using a 192.168.0.x range, however we have now become part of a larger group and have been allocated another IP Range over an MPLS (172.16.5.x).

The original network (Network A) is plugged into it's own switch and the default gateway is a Router (Router A) on that network range

The MPLS (Network B) has it's own switch and Router (Router B).

In order to provide Internet to the original network as part of the MPLS integration, the MPLS switch is plugged into a WAN port on Router A, with the Gateway being set to Router B's IP Address)

This all works so far, in that PCs on the Network A can access the internet, and also access anything plugged into the MPLS Switch (Network B), albeit in effect via the WAN.


The aim is to readdress all PC's/Servers from Network A, to the IP range required by Network B. To minimise business impact I would like to move parts of the network piece by piece, e.g. all of the PCs first, servers last).

As a shortcut to this, is there any issue to plugging a cable between Switch A and Switch B or will this cause a loop (because of the WAN link)?

Machines on Network A could then be readdressed to the MPLS range using the MPLS Router as a gateway address, but with a secondary IP in Network A's range to maintain local access to the existing servers/PCs that don't initially move.

 

[RoyMi6]

It's funny, was just reading up on this the other day.

It sounds like you know what you're doing but chipping in my two cents - it will depend on the setup of Router A.

My (slowly developing) understanding is that if Router A falls back to unicast flooding when it receives a frame with an unknown destination MAC address then yes, this could cause a loop because of the WAN link between Switch B and Router A.

I think you'll likely benefit for sketching it all out - that's what helps me the most when trying to get an understanding of what's going on and how loops can be created with just a single wrong connection.

EDIT: In fact, you not got STP available on the switches?

 

[Caged]

Can you draw a diagram?

 

[Steveocee]

I think what you are saying is fine as long as there isn't DHCP on both routers. The cable shouldn't be a problem because of the NAT on router A.

Diagram will help but in all honesty, a late night session and you'd probably be moved over fairly easily.

 

[Caged]

Here's a really quick and rough sketch of what I think you're saying:

You want to add the link that is the dotted red line and then readdress your servers to the new subnet, adding a second IP address where required to desktops that need to access things on both networks?

Technically this will work fine, but I would just add the existing subnet to the new router and run two subnets with routing between them during the changeover. Do your switches support VLANS, as that could make it easier (assuming you can't just keep the current setup and physically move devices from one switch to the other due to not having enough ports).

 

[Armageus]

EDIT: In fact, you not got STP available on the switches?

Will double check, although seem to think it was disabled at some point.

I think what you are saying is fine as long as there isn't DHCP on both routers. The cable shouldn't be a problem because of the NAT on router A.

No DHCP on Network A side, DHCP is only on Network B. My thinking was NAT would take care of the cable.

Diagram will help but in all honesty, a late night session and you'd probably be moved over fairly easily.

I wish it was that easy, but it's more or less a 24/7 operation with 90+ PCs, 10 Servers including a Windows based Phone system that the manufacturers say can't be multihomed (or multi IPed), 10+ Printers etc.

Realistically I can have maybe 3 hours one night a couple of nights a week - any more than that and it has business impact. Hence the need to try and have it running side by side, and then just move individual PCs as and when they aren't in use.

Here's a really quick and rough sketch of what I think you're saying:

Thanks for that - have amended to below show Router A plugged into Switch B.

You want to add the link that is the dotted red line and then readdress your servers to the new subnet, adding a second IP address where required to desktops that need to access things on both networks?

Probably go for readdressing the desktop PCs first (and moving their existing IP to a secondary IP), their internet traffic will then go direct via the Router B gateway, whilst the secondary IP should mean they can still see Servers on Network A IP Range.

The servers would likely be done last due to time constraints mentioned, and could then be done cleanly with no secondary IPs (e.g. for the Phone system which can't be dual IPed)

Technically this will work fine, but I would just add the existing subnet to the new router and run two subnets with routing between them during the changeover.

Unfortunately I have no control over Router B (managed by ISP in conjunction with Head Office), and no changes can apparently be made to the core MPLS configuration. Router B doesn't accept any internet bound traffic from Network A's IP range, otherwise I would have added used Switch A to do all the Routing between Subnets, and set the gateway on all devices to Router B,

Do your switches support VLANS, as that could make it easier (assuming you can't just keep the current setup and physically move devices from one switch to the other due to not having enough ports).

The Switches support them, but again Router B doesn't seem to accept anything other than untagged traffic (as I thought about making Router B's switch port a member of 2 VLANs, then put Router A's switch port in a separate VLAN to rest of Switch B's port - hopefully completely segregating WAN/LAN traffic)


Switch A is vastly more capable (3x 3Com 4500G's with 10Gb Interconnects) than Switch B (HP 2620-48), hence the desire to keep everything on that if possible (and ideally remove the 2620)



Thanks for the patience, as this is a fairly complicated set up. Head office are fairly unhelpful with this, as in their eyes it is "just move everything".

 

[lude1962]

So switch A + B are physically close?
How are the servers printers and voip system configured ip wise?

 

[bluebeatle]

This is what I would have done in your situation.

Switch B - Not have used

Switch A - Create new VLAN for Router B with two ports. One for router A and router B. These ports can both be untagged and just be members of the new VLAN only. Connect both routers. When you want to switch a device to the new network you can then change its port on the switch to the new VLAN.

That is unless I am misunderstanding what your trying to do.

 

[Armageus]

So switch A + B are physically close?

Yes, installed in same rack.

How are the servers printers and voip system configured ip wise?

Everything at present is still on the original IP Range 192.168.0.x. Only things at present on the MPLS range (and on Switch B) are things that have no interaction with our local network e.g. new Wireless access points for Internet only use, dedicated Printer that talks to head office app.

Switch B - Not have used

My preference as well, but as usual this got done in a rush.

Switch A - Create new VLAN for Router B with two ports. One for router A and router B. These ports can both be untagged and just be members of the new VLAN only. Connect both routers. When you want to switch a device to the new network you can then change its port on the switch to the new VLAN.

PCs moved into the new VLAN wouldn't be able to talk to network that hadn't moved though?

 

[bluebeatle]

They would be able to talk to the other network via router A (depending on the default router on network B there would need to be an appropriate route to network A). I think I must be missing something. Have to admit to not reading the entire thread.

 

[Armageus]

They would be able to talk to the other network via router A (depending on the default router on network B there would need to be an appropriate route to network A). I think I must be missing something.

Can't change anything on Router B, so would be unable to get it to route back to Network A.

Have to admit to not reading the entire thread.

No disrepect as I welcome any suggestions, but in my head it is quite complex, so would appreciate if you did read up.

 

[bluebeatle]

Sorry my bad I just glanced at the diagram. I understand the situation now. I was missing the NAT on router A.

I think what you propose will work without causing a loop. It is a shame the MPLS can't route your current network. That would have made things a lot easier.

 

[lude1962]

Whats supplying the dhcp for the subnet 172.16.5.x ?

 

[Armageus]

Whats supplying the dhcp for the subnet 172.16.5.x ?

Router B

Although not terribly worried about DHCP, as everything is at present statically addressed.

This is one thing that we are allowed to make changes to, as have already reduced the range via request to ISP.

 

[Caged]

To answer your question, you won't cause a loop.

 

[Illusion]

To answer your question, you won't cause a loop.

This

To cause a loop the WAN and LAN ports on router A would have to be switching or bridging traffic. I suspect due to the terminology you are using to describe them that they aren't and you are doing NAT.

 

[Armageus]

Thanks guys - will give it a go tomorrow and let you know how I get on.

 

[Armageus]

Just plugged a cable between the switches - no issues at all.

Dual IP'ed a PC using the MPLS range as the primary, Old range as secondary, and all good.


Just thought of something though before I go all out changing all the PC's over:

DNS Servers - currently have 2 Windows Servers running DNS, with an Active Directory integrated zone.

Can I for the time being, add a secondary IP address to each of them (on the MPLS range), and just add a reverse lookup zone for the MPLS range?
New PCs can then use MPLS range IP addresses for DNS Servers (rather than having to change them again later)

Is this likely to break anything?