# Routing or bridging? need help

## KamikazeMicrowave

Heres my situation. Sorry if this is painfully obvious since networking isnt my strong point and im still in schooling...

At work some time ago our IT person was not an actual IT guy, but rather someone who knew a little about computers. When he set up the network he used the 199.0.9.X subnet. As you know thats a wide area address. Therefore I'm in the process of changing our computers over to a better subnet, like 192.168.9.X. 

From my understanding I could set up a network bridge that would connect the 199.0.9 network with the new 192.168.9 network correct? Well long story short I tried and ultimately took the network down.   :Razz: 

So either I did it wrong or a bridge wont work in my case and I should route instead. Heres what I did to set up the bridge

```

ifconfig eth0 199.0.9.8

ifconfig eth1 192.168.9.8

brctl addbr bridge0

brctl addif bridge0 eth0

brctl addif bridge0 eth1

ifconfig bridge0 up

```

Now either I did that wrong OR I didnt wait until the forwarding delay was over. Any ideas? BTW, this is the first and only bridge on the network.

----------

## Clansman

Hi,

You need a router and/or some kind of NAT.

Conceptually, a bridge is used to join 2 physical ethernet segments on the same layer 3 segment. i.e.: 2 hubs+1 bridge -> 1 network (192.168.0.0/255.255.255.0). A bridge is a layer 2 router - not layer 3.

You need one of the following:

- a router to allow communications between the 199.0.9.X and 192.168.9.X - This approach implies coexistence of both networks in a way one network sees the other as a different network.

example: 192.168.168.32 wants to communicate with 199.0.9.5: 

192.168.9.32 -> router -> 199.0.9.5 

- a NAT router to transparently (and staticly) translate 199.0.9.X addresses into 192.168.9.X - This approach also implies the coexistence of both networks, but none of the networks has any direct way of knowing that there *is* another network. Hosts with 199.0.9.X ips are accessed by 192.168.0 network with equivalent 192.168.9.X addresses. 

example: 192.168.9.32 wants to communicate with 199.0.9.5 - not possible anymore. host is now 192.168.9.5:

192.168.9.32 -> 192.168.9.5 -> NAT router/translation -> 199.0.9.5

One of these two different solutions may fit your needs.

Cheers,

----------

## KamikazeMicrowave

Ok well heres two other question then. Do these seperate network segments have to be on seperate switches to be able to route between one another? I'm thinking no but I want to be sure. And secondly, do you thinking a pentium 3 500mhz machine with 256megs of ram will suffice as a router on a network with roughly 80-100 clients? The traffic that will go over the router is fairly low bandwith. Its actually just telnet sessions. My boss has just kind of put me in charge of the move while he does other things.

I wrote a script that can change all of my windows clients to a new 192.168.9 address but certain things will take awhile to change over. For example we have a unix server thats acessed by many remote clients. That will either have to stay at its current address of 199.0.9.77 or have a second ip address bound to it, in which case I still have to have things routed to it.

----------

## Clansman

 *KamikazeMicrowave wrote:*   

> Ok well heres two other question then. Do these seperate network segments have to be on seperate switches to be able to route between one another? I'm thinking no but I want to be sure.

 

In general, yes, different switches define different layer2 network segments. Unless you're using vlans, different nodes on the same switch are on the same network segment.

Another alternative that I've just remembered is the coexistence of both layer3 networks on the same layer2; All hosts would have to have 2 ips - one for each network. If it sounds nasty and hackish, that's because it is.

 *Quote:*   

> And secondly, do you thinking a pentium 3 500mhz machine with 256megs of ram will suffice as a router on a network with roughly 80-100 clients? The traffic that will go over the router is fairly low bandwith.

 

Absolutely.

The limit is the BUS bandwidth and not the processing power or memory. I'm not sure what kind of bandwidth a PCI BUS has, but you can find out easily. Try wikipedia for example. 

If you have 4 networks of 100Mbps ethernet layer2, then the bus would need to handle about 800Mbps to route a full load - absolute worst case scenario.

Cheers,

----------

## thepustule

 *Quote:*   

> Another alternative that I've just remembered is the coexistence of both layer3 networks on the same layer2; All hosts would have to have 2 ips - one for each network. If it sounds nasty and hackish, that's because it is.

 

Well, that's not exactly true.  You're right that it is nasty and hackish, but you don't need 2 ips on each machine.  You just need a router that has two IPs on it, and configure the clients on both layer3 networks to use that router as their gateway.  If you do this, you could have any number of Layer3 networks on the same layer2 network and it would work just fine - the router would just need to have an additional IP on it for each layer3 network.  However, you could only provide DHCP for one of the Layer3 networks.

 *Quote:*   

>  *Quote:*   And secondly, do you thinking a pentium 3 500mhz machine with 256megs of ram will suffice as a router on a network with roughly 80-100 clients? The traffic that will go over the router is fairly low bandwith. 
> 
> Absolutely.
> 
> The limit is the BUS bandwidth and not the processing power or memory. I'm not sure what kind of bandwidth a PCI BUS has, but you can find out easily. Try wikipedia for example. 
> ...

 

I my testing I've found that a PCI machine from that era can handle up to around 250megabit traffic load.  If you need to go higher than that, you need to go to one of the newer technologies, such as 64bit PCI (PCI-X) or PCI-E or hypertransport.

----------

## 1clue

Hang on a minute.

You mention 80-100 clients.  Are these all static addresses or are you using DHCP?  Do you use DNS?  The reason I'm asking is that it MIGHT be a lot easier to set up a DHCP/DNS servers and just change the network over in one big step.  If most of your boxes are just DHCP clients, then you'd need to change a few servers and then change the DHCP configuration, and then reboot all the machines.

The key here is to design your new network appropriately and plan everything out.  The WINS server will keep track of everyone's name, and you can (and should) set up WINS through DHCP anyway.  Same with DNS and such.  We did this not too long ago.  We also broke the network up into VLANs to avoid virus overload from The Dark Side, and for other security concerns.  Not sure if that's necessary, but it depends on how fast your company is growing.

It just seems that if your goal is to switch everyone over to a private network scheme, then making a bridge might be just putting a patch over an existing problem.

----------

## thepustule

 *KamikazeMicrowave wrote:*   

> So either I did it wrong or a bridge wont work in my case and I should route instead.

 

The short answer:

Bridging:  Bridging connects two networks at layer2 and basically makes them "one network" (yes, this is a simplification).  So, basically your bridge would connect your 199.0.9.xx network to more 199.0.9.xx machines.  Think of the bridge as a simple cable - when you use a bridge it's like just uplinking your two networks.  A bridge doesn't even bother with the difference between 199.0.9.xx and 192.168.9.xx and has no intelligence to figure out how to connect the two, because that is done at a totally different layer (layer3)

Routing:  Routing connects two networks at layer3.  THIS is the method you should use to connect your 199.0.9.xx with 192.168.9.xx.  Your router would have a table where it stores ROUTES from the 199 network to the 192 network.  

The longer answer:

Here is a basic idea of what happens at the various layers, with examples from the TCP/IP world

Layer1 - physical - electrical connections between machines, hubs, switches, copper, or antenna cables

Layer2 - data-link - "MAC Address" - the lowest level of *packet* connections between nodes - traffic reaches as far as you have contiguous copper (or RF or optical) connection, and gets the the correct destination interface

Layer3 - network - "IP address" - traffic can be routed around the world at this level, to any destination host

Layer4 - transport - "IP address with port" - traffic is addressable to the destination port (i.e. the specific destination process or application on the destination host)

Layer5 - session - "TCP or UDP" - the concept of a "connection" that is initiated, maintained, sequenced, and finished, happens at this layer.  Also, connectionless traffic is a specific type of session as well (e.g. UDP)

Layer6 - presentation - "CR/LF transform" - this one is hardly used.  But one example is the DOS-to-UNIX changes to end-of-lines in files sent by the FTP protocol.

Layer7 - application - "FTP, HTTP, SSL, ICQ, Telnet, SSH, etc" - this is the "meat and potatoes" layer, that contains the actual information that you are going through all this layering trouble to get from point A to point B in a reliable manner.

----------

## KamikazeMicrowave

 *1clue wrote:*   

> Hang on a minute.
> 
> You mention 80-100 clients.  Are these all static addresses or are you using DHCP?  Do you use DNS?  The reason I'm asking is that it MIGHT be a lot easier to set up a DHCP/DNS servers and just change the network over in one big step.  If most of your boxes are just DHCP clients, then you'd need to change a few servers and then change the DHCP configuration, and then reboot all the machines.
> 
> The key here is to design your new network appropriately and plan everything out.  The WINS server will keep track of everyone's name, and you can (and should) set up WINS through DHCP anyway.  Same with DNS and such.  We did this not too long ago.  We also broke the network up into VLANs to avoid virus overload from The Dark Side, and for other security concerns.  Not sure if that's necessary, but it depends on how fast your company is growing.
> ...

 

Unfortunantly no, everything is static because of this stupid software we have to run. DNS, WINS and all that have to be "re-done" and for all the computes I have to write a program that will change their address via wmi. THEN I have to change all the ips in our glorious software that our business cannot run without.

----------

## 1clue

What a drag.

Your situation is screaming for something like DHCP.  Our changeover would still be in its infancy without it.

I wonder:  Is it just the static addresses you need, or does it have to be a static configuration?  You can assign addresses using DHCP by MAC address if you want.  Just ping your DHCP server with the original address, copy the name, IP and MAC address from your ARP table and fill it in on the DHCP server.  It's painful, but it gives you centralized control and you don't have to type in all those MAC addresses, or run around to each machine in order to fix anything.

----------

## Clansman

 *thepustule wrote:*   

>  *Quote:*   Another alternative that I've just remembered is the coexistence of both layer3 networks on the same layer2; All hosts would have to have 2 ips - one for each network. If it sounds nasty and hackish, that's because it is. 
> 
> Well, that's not exactly true.  You're right that it is nasty and hackish, but you don't need 2 ips on each machine.  You just need a router that has two IPs on it, and configure the clients on both layer3 networks to use that router as their gateway.  If you do this, you could have any number of Layer3 networks on the same layer2 network and it would work just fine - the router would just need to have an additional IP on it for each layer3 network.  However, you could only provide DHCP for one of the Layer3 networks.

 

You're right. I didn't remember that. But it's still hackish :-p

 *Quote:*   

> I my testing I've found that a PCI machine from that era can handle up to around 250megabit traffic load.  If you need to go higher than that, you need to go to one of the newer technologies, such as 64bit PCI (PCI-X) or PCI-E or hypertransport.

 

Cool! thanks for doing the homework  :Smile:  I've done the math on this once but for a bigger setup with about 8 network segments considering a future investment into gigabit ethernet.

But I totally disagree on using a bridge like you suggest. Not that it won't work, but like the coexistence of several layer3 networks under the same ethernet segment, it's just the wrong concept.

... there are many ways to skin a cat  :Smile: 

Cheers,

----------

