Serving over multiple external IP’s

February 22, 2009

Normal people tend to just rely on 1 single internet connection to do both websurfing and server hosting, and some might even wonder if 2 internet connections is even going to work.

Let me explain why you can’t use 2 external ip’s in a normal 2x modem-router-network configuration.

To make things easy, I’ll give the actors some names in this example;

  • Alice is the person who’s visiting your website
  • Fred is the name of your internal web server
  • Lucy is the name of the first router, and is the default router for outgoing traffic
  • Peter is the name of the second router

When you configure Peter to forward/translate a specific port (eg tcp 80 for http) you supply the internal IP address Fred, and everything just works. Peter copy/pastes Fred’s mac-address into the IP-packet, changes the port number if needed, and sends it to your network. The external source IP address of Alice is still there in the packet, and Fred will use that IP address to send packets back Alice containing your website and other things.

When Fred tries to figure out on how to reach Alice, he figures he should just use the default router that is supplied in his network configuration, so he puts the MAC address of Lucy into a packet along with Alice her IP address and sends it. Lucy has NAT to go onto the big bad internet, so instead of Fred’s IP, she puts her own external IP address into the packet and adds some reference material into her memory so she knows that returning packets will have to go to Fred.

However, when Alice finds out that the external IP address is from Lucy when she wanted to see the website that Peter promised, she hits the panic button and tells Lucy to leave her alone, and tries to talk to Peter again – ignorant of the fact that Lucy was just relaying the same website.

Solution 1

Get a very expensive router that has 2 seperate WAN ports that remembers which way a certain stream of packets was going and sends things back on the same path. Unfortunately I don’t have one of those, so I can’t tell you how that exactly works, nor if it actually does work.

Solution 2

Get a third router and set it up to serve with a not so very logical NAT configuration.

From the example given you can see one occasion where a router does actually remember information about previous packets. Lucy masks her outgoing packets to pretend the packets are coming from her external IP address instead of an internal IP address. And you can abuse this exact mechanism to force webserver Fred to send his packets to the right router.

How that exactly works:

  • outside has an external IP
  • inside has an internal IP
  • NAT masks packets going from the inside to the outside
outside        outside
 Peter          Lucy
inside         inside
   |             |
   |             |
   |        192/168.0.0/24
   |             |
192.168.2.0/16   |
   |             |
   |             |
 inside          |
 Markus          |
outside          |
   |             |
    \            |
      \          |
      192.168.0.10
         Fred

When Alice requests a website via Lucy’s outside IP address, Lucy directly sends it to Fred, and Fred has Lucy has his default router and thus sends it back through that route.

When Alice requests a website via Peter’s outside IP address, Peter wants to send it to Fred, but he can’t find Fred. Markus however tells Peter to just give it to him, and he’ll give it to Fred. Then Markus masks Alice her IP address with his own outside IP address, and sends the packet to Fred. When Fred wants to send something back, he thinks Markus sends the packet, and just sends it to him. But Markus checks his memory and remembers he should send it to Alice. All Markus needs to know now is that he needs to send things through Peter to get to Alice.

The downside

The unfortunate by-product of using a third router is that you can’t connect the 2nd internet connection directly to your local network, because then traffic wouldn’t be masked. So to use the 2nd internet connection as a Backup internet gateway, you’ll have to use a 4th router with a very careful routing scheme to not conflict with the internal nat router. I haven’t tried that out yet, but I have another Cisco 1841 lying here I might give it a go with as soon as I can get my hands on another switch…

Entry Filed under: /roll, Networking, cisco. .

Leave a Comment

Required

Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Trackback this post  |  Subscribe to the comments via RSS Feed

RSS Twitter

 

February 2009
S M T W T F S
« Dec   Mar »
1234567
891011121314
15161718192021
22232425262728

Categories

Blogroll

Meta