Phase 2

In this section you will see the configuration of all the routers using gns3, according to the following image, which corresponds to Phase 2 of the project.

As can be seen in the previous image, the network topography has been simplified with respect to what is seen in the diagram of phase 2 of the Business Network Planning section.

This is because when simulating two internet providers, it is not possible to do it using only the network that your own home router gives you, therefore, as a replacement for the two ISPs, all the interfaces that can be incorporated into the GNS3 OVA that is being virtualized by Virtualbox .

This means that all the clouds that are seen in the diagram correspond to the ova of gns3 , which consists of three interfaces , one in host mode, another in Nat mode and the last in Bridge mode, using the last two that have output to the internet as if they were two ISPs.

The vlan have also been simplified, because knowing how to configure two, you know how to configure all you want, with this it is easier to understand and simplify the rules that each router will have.

It should also be noted that the Router that is in the vlan network is a Switch being simulated with the RouterOS operating system, so that the image is like that of a router.

Next, the configuration of each of the routers will be shown, for this network topography where they already have the High Availability tools that were explained in the High Availability Tools Configuration document. From there, only the final configuration is shown, without going into details of how to configure them.

Madrid Headquarters Router

Quick Set

It can be seen that the router at the Madrid headquarters only works with two interfaces, a WAN with static ip, and a LAN network.

Nat

This would be the masking rule and the rule that allows navigation of the lan network of the Madrid headquarters with the lan network of the Seville headquarters by the configured VPN.

Routes List

The following image corresponds to the routes created for the wan and for the lan.

IPsec VPN

The following shows the rules configured for the creation of the vpn with the two routers of the Seville headquarters.

The first thing is the Peer (neighbors) .

In the following image we see the Policies for each neighbor, where you can see that one of them is in red , that corresponds to the backup router of the Seville headquarters , so if the VPN connection with the main router is lost from Seville, I would skip the VPN connection with the backup router from Seville.

Finally, you can see in the following image the connection established with the active neighbors where it is seen that the initiator and responder connection has been established with both routers in Seville.

Router Master Sevilla

Now we go to see the configuration of the main router of the Seville headquarters.

Interfaces

The first thing is to see the interfaces it has, where you can see by the name given that it has three interfaces that go through the WAN , the interfaces that go to the respective local networks (DMZ, LAN2, LAN “VLAN”) , because interface goes the vlan 10 and 20 , and created vrrps that go to interfaces whose local network addressing is static.

Dhcp and Dns

The following image shows the dns, and the created dhcp servers, which go to the vlan.

VRRP

The following image shows the vrrp created, where the most important thing apart from the name are the Priority and the VRID .

Interfaces IP

The following image shows the addressing of each interface, vlan and vrrp.

VPN over IPsec

This would be Peer's configuration with the Madrid headquarters.

Next we see the associated Policy.

And finally the Active neighbor.

Nat

In the following image we see the Nat rules created where in the first place is the rule that allows the connection of local networks between the headquarters of Seville and Madrid that go through VPN. Then the masking of the three wan interfaces. And finally the port redirections for the servers.

Firewall

These would be the firewall rules, where there are not many changes with those already created in Phase 1.

Mangle (Marking Rules)

The following image shows the rules created for load balancing by PCC, where although we have three WAN interfaces, only two of these have been used for balancing, which is aimed at the DMZ.

Routes List

In the following image we see all the routes created, where you can see the failover defined by the distance , these are in light blue and in static mode, waiting for the main one to fall and activate the next one defined. You can also see the two interfaces that are being used for load balancing where it says routing mask that refer to which internet provider each goes to. We can also see the corresponding routes for the vlan and vrrp .

Bandwidth

In this image we can see the configuration of the bandwidth which consists of two rules, one defined for the entire LAN2 network and the other that goes first to define a certain equipment within the LAN2 network.

Seville Backup Router

Now we go to the configuration of the backup router of the Seville headquarters, which will have rules very similar to that of the master router, where the biggest difference will be in the ip of the interfaces, and priorities in the vrrp.

Interfaces

The distribution and name of the interfaces are the same as those of the master router, the biggest difference is in the name of the vlan.

Dhcp and DNS

The only visible difference is the name of the vlan.

VRRP

In VRRP, the biggest difference lies in the priority, since it is less, it becomes the backup, while that of the master router, having a higher number, becomes the main one, the VRID and the IP must be identical to those that it was defined on the master router.

Interfaces IP

In the ip of the interfaces is where the greatest difference of both routers can be seen, you can see the red color of the vrrp, this is because they are backup, that is, they are waiting for if the master router falls these would become active.

VPN over IPsec

VPN configuration in the Seville Backup Router.

Peer tab of the Seville Backup Router.

Policies tab of the Seville Backup Router.

Active Peer tab of the Seville Backup Router.

NAT

Nat Rules of the Seville Backup Router

Firewall

Seville Backup Router Firewall Rules

Mangrove

Marking Rules of the Seville Backup Router

Routes List

In the list of routes of the backup router in Seville, you hardly see a difference with the master, but there is a detail and that is that the routes for the vrrp do not appear, this is because they are not active, if the master router were damaged by For some reason, the backup vrrp will be activated and then if the routes of these appear in the backup router.

Bandwidth

Queues Rules of the Seville Backup Router

RouterOS simulated switch

Finally we will see the configuration of the LAN network switch where the vlans are, which has also been simulated using the RouterOS operating system, the image must be that of a router instead of a Switch.

The first image refers to the Quick Set or initial configuration, where the highlight here is where Mode says that the Bridge option is active instead of the router as in all other configured routers. It can also be seen that its addressing is dynamic and does not require DNS .

The following image refers to the different Bridges that have been created on the Switch. Unlike Phase 1 where the same router created the vlan, gave it addressing and distributed them by ports. In this phase it has been configured in a more real way, where the master and backup routers have created the vlan, they give it an address by Dhcp Server and define why interface they leave, and the switch by trunk link receives those vlan, which also They are created on the Switch, but it also has bridges created to later define which port each vlan will go through.

In the following image you can see the assignment of each interface with its bridge, where we can see the following:

• The two WAN interfaces are in the same Bridge, this will be to later define it in a Backup Route.

• You can see the vlan defined in the master router and the backup, which belong to the same Bridge with the distribution of interfaces, with this we ensure that if the master router falls, the vlan defined in the backup router which will have the same address as in the mater they will take their place.

• Finally you can see a distribution of interfaces for each vlan through the Bridges.

The following image shows the interfaces of the Switch.

• Where we can see the Bridges created.

• The Vlan created and linked, each one to the interface that corresponds to the connected router that provides the addressing.

• And you can also see the interfaces that are in slave mode (slave) with the letter S , waiting for a device to connect, and which are running defined by the letter R.

Finally we see the routes created on the Switch, where you can see two curiosities:

• The Failover created in the Bridge_Lan , and with a different gateway, each corresponding to the master router and the other to the backup, as both interfaces are linked to that bridge, when one of them falls, the one that is waiting will be activated.

• We can also see that the routes of the vlan do not appear, that is because they are in the list of routes of both routers.