[LARTC] Redundant link, but with a separate router?

David Wadson wadson@shaw.ca
Mon, 05 Jul 2004 22:09:05 -0400 

    VPN (IP x.x.150.3)      VPN (IP x.x.150.3)
        |                         |
        |                         |
   Cable Link                 DSL Link
  (IP y.y.y.y)               (ppp0 z.z.z.z)
        |                         |
        |                         |
   Netopia R9100            Linux Router
  (IP x.x.125.1)          (eth0 x.x.125.3)
        |                         |
        |                         |
        |                         |
  ------+--------x.x.125.0--------+---------

Currently, our network (x.x.125.0) uses a Netopia R9100 as it's gateway 
and firewall to the Internet. It also provides a critical VPN link to a 
remote site. In order to have a backup/redundant connection, I've added 
a DSL line using a Linux box as a router/firewall instead of purchasing 
another separate router.

What I'd like to do is load balance the two connections but everything 
I've been reading shows a single box functioning as the router with 3 
NICs in it - 1 for the internal network and 2 for the Internet 
connections. But, is it possible to do it with my current setup, using 
the separate Netopia router as the second gateway? Gateway for the 
internal clients would be set to x.x.125.3 (the Linux router)

Most of the client workstations are Mac OS (pre-OS X for now) and Win 
9x/XP. Only a small percentage of the workstations require access to 
the VPN and they don't produce much traffic on it. They could all be 
routed out one link or the other at the same time and it wouldn't have 
much effect on their performance, but if that link goes down, I want 
them to be able to flip over to the working connection relatlively 
seamlessly. Load balancing on the non-VPN Internet traffic would be 
great though, as that load can get rather large.

I suppose I'm complicating things (needlessly?) by considering this 
approach instead of just sticking another NIC into the Linux router. 
But I do like having that Netopia router still in place - if anything 
happened to the Linux router, change the internal IP address on the 
Netopia and it functions as the default gateway with the VPN still in 
place.

Is this concept going to be possible, and assuming that it is, is it 
worthwhile?

Thanks,

Dave Wadson
IT Manager
The Chronicle-Journal