Merging 5 ISPs into 1 for Office!

[EXTRADODO]

Networking is not what I'm good at but somehow I was appointed to deal with anything IT related in office.

Our current problem is that we have a total of 5 different ISPs (1 ISP for each floor) which we need to merge them into 1 network so that

every floor can access to NASs which all are put into the server room.

I don't need them to be under one IP range like 192.168.1.xxx which might caused not enough IP for every devices.

I need a device which would take in 5 of those ISPs and put out 5 different IP ranges (192.168.1.xx ~ 192.168.5.xx~) which can access the NASs (and other stuffs) from every floor.

 

Anything educational is a plus for me.
Thanks in advance.

[Electronics Wizardy]

Can you get rid of some of these connections? Makes much more sense to have 1 or 2 higher sped links here.

 

Yea a router can do this, basically all buiness grade routers with enough ports can do it, pfsense, untangle, sonicwall, fortinet.

 

Id get a networking guy in to help you set this up if you haven't done this type of stuff before.

[EXTRADODO]

1 hour ago, Electronics Wizardy said:

Can you get rid of some of these connections? Makes much more sense to have 1 or 2 higher sped links here.

 

Yea a router can do this, basically all buiness grade routers with enough ports can do it, pfsense, untangle, sonicwall, fortinet.

 

Id get a networking guy in to help you set this up if you haven't done this type of stuff before.

Thanks for the info. I'll start looking for those devices.
I'm sure I gonna need someone with experience to help me with this.

As for your question, I can't get rid of these since we already have this and we have to make use of these no matter what.
We have multiples of these because some floor have some VIP room which they don't want their "speeds" slow down because of other employees.

 

Again, thanks a lot.

[Electronics Wizardy]

1 hour ago, ZWELINHTET said:

As for your question, I can't get rid of these since we already have this and we have to make use of these no matter what.
We have multiples of these because some floor have some VIP room which they don't want their "speeds" slow down because of other employees.

 

You can set priority of connections.

 

And fewer faster connections is almosta lways better here, esp with people who want stuff to load fast. Id much rather have 2x500mb connections than 5x 200mb connections here.

 

 

[EXTRADODO]

45 minutes ago, Electronics Wizardy said:

You can set priority of connections.

 

And fewer faster connections is almosta lways better here, esp with people who want stuff to load fast. Id much rather have 2x500mb connections than 5x 200mb connections here.

 

 

I understand what you are saying. But my situation is that each floor (each teams) wants a different ISPs assigned to them.

I'm not trying for a load balancer. I just want a device that would take 5 (or more) ISP inputs and those connections can access each other networks (NASs / Printers / WebGUI Connections / etc... ).

I'm look into which device can do it with ease but still not found one yet.

[Electronics Wizardy]

3 minutes ago, ZWELINHTET said:

I understand what you are saying. But my situation is that each floor (each teams) wants a different ISPs assigned to them.

I'm not trying for a load balancer. I just want a device that would take 5 (or more) ISP inputs and those connections can access each other networks (NASs / Printers / WebGUI Connections / etc... ).

I'm look into which device can do it with ease but still not found one yet.

Basically all the high end routers can do this, get a router with enough ports and setup routes and your good.

 

But this feels like bad network planning to me, and It would be much better to design the network right here, than add this on.

[EXTRADODO]

24 minutes ago, Electronics Wizardy said:

Basically all the high end routers can do this, get a router with enough ports and setup routes and your good.

 

But this feels like bad network planning to me, and It would be much better to design the network right here, than add this on.

Me being somewhat in charge of this is already a bad planning. But I'm gonna try my best to at least solve our current problem.
We're gonna hire someone professional to make a complete setup for the long run though. So, no worries, I guess.

[LAwLz]

As Electronics Wizardy already said, this is a really, really bad design.

 

Setting this up will be a bit complicated and will require some understanding of things like VLANs and how routing works. You won't be able to find a product that's just plug-n-play.

I saw someone mention Fortigate earlier and that's probably what I'd recommend too. That will give you a good base to further expand the network on later. I am not entirely sure if you can use all ports as "WAN ports" on lower end models like the 60E. If you can, and I might be able to look into this, then I think a 60E and some SD-WAN configuration is what you need, and maybe some switches if you don't have that already.

[EXTRADODO]

On 10/7/2021 at 6:02 PM, LAwLz said:

As Electronics Wizardy already said, this is a really, really bad design.

 

Setting this up will be a bit complicated and will require some understanding of things like VLANs and how routing works. You won't be able to find a product that's just plug-n-play.

I saw someone mention Fortigate earlier and that's probably what I'd recommend too. That will give you a good base to further expand the network on later. I am not entirely sure if you can use all ports as "WAN ports" on lower end models like the 60E. If you can, and I might be able to look into this, then I think a 60E and some SD-WAN configuration is what you need, and maybe some switches if you don't have that already.

Sorry for the late replies. I've been trying to learn as much as I can in these 2~3 days.
What you said about the plug-n-play might be right. It seems there's no easy-to-setup devices that I'm trying to do.

Gonna look for the Fortigate ones though.
Thanks a lot.

[EXTRADODO]

 

On 10/7/2021 at 10:19 PM, anodos said:

What are you trying to accomplish with this? Most multihomed setups are intended as a way to improve reliability through failover, so that if one ISP goes dead you can failover to a different one. But simply plugging in 5 ISPs without failover and sending their connections to different rooms doesn't make much sense since you just have 5 single points of failure now, plus one big one in that the router going down knocks out everybody. You're actually 5 times more likely to have an ISP related failure now (albeit more contained), since the risk is increased with each ISP, whereas with failover you can handle up to 4 ISPs going down simultaneously.

This part...

I just felt a bit of trauma from my past being yelled at by everyone when I was a child.
Thankfully, I can still understand what you wanna says. 

 

 

On 10/7/2021 at 10:19 PM, anodos said:

It's still perfectly doable of course. You'll need a router with at least 10 interfaces, plug in your 5 ISPs to 5 of them, and use the other 5 for your LAN side. Give the LAN interface going each room a different RFC1918 subnet, and set up NAT and forwarding for each of these LAN interface to the corresponding interface for whatever ISP you want them to have. You only need one router: the device that is directly attached to the ISPs. Everything behind that should be switches. If you want your private networks to talk to each other, you can configure the router to do that. If it was me, I'd get a network appliance from Lanner and put pfSense, VyOS, or OpenBSD on it and use that for the router. You could also do it with a commercial router/gateway like a Juniper SRX series or many of its competitors.

This part is what I think I really need right now! Thanks a lot.
I still have a ton to take in but at least I know what I have to do from now.

THANK YOU!!!

[Alex Atkin UK]

2 hours ago, ZWELINHTET said:

This part is what I think I really need right now! Thanks a lot.

I still have a ton to take in but at least I know what I have to do from now.

The problem with doing it that way is that router is going to take all the load of accessing the NAS and all the Internet connections.  Depending on the size of the connection to the NAS you run the risk of the Internet slowing down when the NAS is under heavy load.  It makes absolutely zero sense to use routing to access the NAS when there is a much simpler solution.

 

Considering how I understand the current configuration (each floor is running off its own router with DHCP?), the most obvious solution is to have five network cards in the NAS so that it can physically connect to all five subnets.

 

If for some reason you can't have more than a single network adapter in the NAS (or the implication you had as there being multiple NAS machines), connect the floors switches to the one the NAS is plugged into and configure VLAN tagging accordingly (on each NAS and the switches) so it only sends other floors traffic to the NAS.

That way the network stays as it is and every floor has a direct path to the NAS via its own subnet, not touching the routers at all.

The only other thing you'd have to do is configure the NAS according to which ISP you want IT to use as the default, as it would have access to all five.

[EXTRADODO]

On 10/11/2021 at 6:17 PM, Alex Atkin UK said:

The problem with doing it that way is that router is going to take all the load of accessing the NAS and all the Internet connections.  Depending on the size of the connection to the NAS you run the risk of the Internet slowing down when the NAS is under heavy load.  It makes absolutely zero sense to use routing to access the NAS when there is a much simpler solution.

 

Considering how I understand the current configuration (each floor is running off its own router with DHCP?), the most obvious solution is to have five network cards in the NAS so that it can physically connect to all five subnets.

 

If for some reason you can't have more than a single network adapter in the NAS (or the implication you had as there being multiple NAS machines), connect the floors switches to the one the NAS is plugged into and configure VLAN tagging accordingly (on each NAS and the switches) so it only sends other floors traffic to the NAS.

That way the network stays as it is and every floor has a direct path to the NAS via its own subnet, not touching the routers at all.

The only other thing you'd have to do is configure the NAS according to which ISP you want IT to use as the default, as it would have access to all five.

For the first time in my life, I feel like I'm one of "I can't connect to wifi. Send IT." group.
I can still understand the overall of what you're explaining but it's clear that it is out of what I can do.

 

Luckily, I got permission to use the professional service with somewhat huge budget.

What a relief.

I'm still gonna try what I can do with these information.
Hope I learn a thing or two about network.

[Vishera]

5 hours ago, ZWELINHTET said:

For the first time in my life, I feel like I'm one of "I can't connect to wifi. Send IT." group.
I can still understand the overall of what you're explaining but it's clear that it is out of what I can do.

 

Luckily, I got permission to use the professional service with somewhat huge budget.

What a relief.

I'm still gonna try what I can do with these information.
Hope I learn a thing or two about network.

I think a multi-CDN setup suits you best.

It can reduce latency and provide redundancy.

There are different types for different needs.

Load balancing and Failover are some of the options you have.