Please help with static route between 2 subnets

[darrenford]

Hello all,

I freely admit ignorance here, and hope that you can help. I kinda expected this to be a common problem, and apologize if its the question that pops up every other week. I did search before posting...

Two local networks:
Net A - 192.168.10.0/255.255.255.0
Net B - 192.168.11.0/255.255.255.0

Net A (192.168.10) gateway (192.168.10.254) is a Netopia R910 (router A)
Net B (192.168.11) gateway (192.168.11.254) is a Linksys BEFVP41 (router B)
Router A & B WAN interfaces have public IP addresss, both plugged into an AT410s T1 router which serves as their gateway.

Devices on Net A need to talk to Net B devices. In addition, Router B maintains a VPN tunnel (several actually) that Net A would like to use, but I'm not even thinking about that part yet.

Router A & B LAN interfaces are connected via switch

static route on router A LAN interface to 192.168.11.0/255.255.255.0, gateway of 192.168.11.254
static route on router B LAN interface to 192.168.10.0/255.255.255.0, gateway of 192.168.10.254


This does not work, not even the routers will ping each other. Can anypoint point me in the right direction? I've read what seems to be volumes of articles on routing, and just don't know what to do to make this work. Apparently I am missing fundamental knowledge.

Any help is appreciated.

 

[cleverhandle]

Router A & B LAN interfaces are connected via switch

static route on router A LAN interface to 192.168.11.0/255.255.255.0, gateway of 192.168.11.254
static route on router B LAN interface to 192.168.10.0/255.255.255.0, gateway of 192.168.10.254

This part doesn't make sense, though I'm not sure I'll explain it well. You're telling router A that it can find net 11 by going through 11.254. But how is it going to find 11.254 if it doesn't have an interface on 11? A's LAN interface is on 10. As far as A is concerned, 11.254 is like any other address from the internet and will be treated as such - it will try to reach it through the default gateway (the AT410s). Patching the LAN sides together isn't going to change that fact.

There may be some way to pass the traffic over the LAN ports, but I don't know if that's possible on that hardware and it would be ugly anyway. What you want is to set static routes on the AT410s. Right now, outgoing Internet traffic from net 11 is being NAT'd to B's public address, which the AT410s knows how to find (it's directly connected). But if a host in net 10 tries to talk to a host in net 11, it's using a 192.168.11.x address, which the AT410s doesn't know how to find. So you want static routes on the AT410s like

static route on AT410s to 192.168.10, gateway (A's WAN IP)
static route on AT410s to 192.168.11, gateway (B's WAN IP)

Then AT410s will receive a packet from a host in net 10, see the 192.168.11.x address, and know that the packet needs to go through router B.

edit: typo

 

[darrenford]

Thanks for the reply cleverhandle.

I'm trying to do this without touching the AR410. It belongs to my ISP and I'm not supposed to dork with it. Technically I probably could without them getting too mad, but I think you see with my lack of networking skills I really shouldn't.

I think both routers allow routing over the LAN interface. The Linksys has a web admin of course, and the static route page forces me to select an interface for the route, either LAN or Internet. The R910 gave me trouble at first, it did not seem to support routing over the LAN, but after a firmware upgrade (to fix another problem), that feature seems to be available (again). The latest firmware on the R910 also included a new feature called "Additional Lan". This "ALAN" is simply the ability to create an interface in another network. For example, I can create an ALAN with an ip of 192.168.11.253, the R910 is then capable of being the gateway to both LANs.

Whats ugly about routing over the LAN interface?

Again, thanks for your help, it is greatly appreciated.

 

[cleverhandle]

Originally posted by: darrenford
I'm trying to do this without touching the AR410. It belongs to my ISP and I'm not supposed to dork with it. Technically I probably could without them getting too mad, but I think you see with my lack of networking skills I really shouldn't.

I figured that might be the case. You might see if you can get them to set the routes for you - it should be a trivial change, and it's certainly a valid need. If you try to accomplish things without touching the AR410, your life is going to be far more complicated and error-prone.

I think both routers allow routing over the LAN interface. The Linksys has a web admin of course, and the static route page forces me to select an interface for the route, either LAN or Internet. The R910 gave me trouble at first, it did not seem to support routing over the LAN, but after a firmware upgrade (to fix another problem), that feature seems to be available (again).

Yes, you can set a static route over the LAN, but not in the way that you're thinking of. Here's an example of what you could do - it may be instructive to compare it to what you're attempting...

Say you have a third network C at 192.168.12.x. And say that this network is not connected to the AT410s, but rather to one of the hosts in network A other than the Netopia (meaning that that host has two NIC's - one on A and one on C). And finally let's say that that host's NIC on A has IP 192.168.10.250. (Draw a diagram if you didn't follow that - it makes everything else a lot more clear.)

Then you would want to set a static route on the Netopia LAN to 192.168.12 through gateway 192.168.10.250. That would tell the Netopia that it can reach 192.168.12 (a subnet which it is not a part of) through host 192.168.10.250 (a host on a subnet which it is a part of). If you didn't do this, the Netopia would instead route traffic destined for 192.168.12 through the default gateway (on it's WAN side), which isn't what you what.

What you're trying to do is tell the Netopia to reach 192.168.11 (a subnet which it is not a part of) through host 192.168.11.254 (a host on a subnet which it is not a part of). Compare that to the above situation.

The latest firmware on the R910 also included a new feature called "Additional Lan". This "ALAN" is simply the ability to create an interface in another network. For example, I can create an ALAN with an ip of 192.168.11.253, the R910 is then capable of being the gateway to both LANs.

Now this could be very helpful, assuming the Netopia is smart enough to route traffic between LAN's and not just from LAN's to the WAN (which seems like a reasonable enough assumption). Then, as you say, you could set the "ALAN" to 192.168.11.253, and simply use that as your gateway on net B. In that case, the Linksys isn't doing any routing at all - you could just as well replace it with a switch.

Which brings us to another possibility - do you really need two subnets? It doesn't sound like you have many hosts. If you just used one subnet and plugged everything into the Netopia, life would be simple.

Whats ugly about routing over the LAN interface?

Well, as the example above tried to show, nothing necessarily. But what you're trying to do is tell your routers to push packets down a wire to a gateway IP that shouldn't logically exist on that wire. I think you can do this on *nix boxen where you can directly manipulate the routing table, but I've never really tried it. And it's ugly anyway - a basic principle of routing is that a gateway IP must always be directly connected to the host that's trying to use it.

Again, thanks for your help, it is greatly appreciated.

No problem. I like routing. It's yummy. Be warned that I'm pretty out of practice, though. I'm assuming from the silence of the real network dogs here that I'm not saying anything too stupid. Only time will tell...

edit: fixed some numbers - C would be 12, not 13