To Dual WAN or not to Dual WAN?

By howard_davis ·
I am trying to figure out for our new building what is best. Small Charter School, approx. 70 computers. Going to have 2 ISP's to separate admin from students (long story, lots of better ways but this is what worked out). Never messed with something like this AT ALL. Assuming I will need two separate networks (at least AD's), but I am trying to figure out foresting. Anyways, do I have to use two separate routers, or can I use a dual port that will separate the traffic, not share but separate. Or should I just share? (One ISP is T1, other is TW Cable 15 down, 2 up)

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

That's a somewhat complex question to answer

by robo_dev In reply to To Dual WAN or not to Dua ...

The simplest solution is to physically separate the two networks, the middle solution is to physically separate the two networks with a router/firewall in between the two, and the trickier yet most elegant solution is to create multiple VLANs.

In general, I do not understand how it makes sense to have two ISPs to keep students apart from teachers, that can be done easily simply with VLANs, and that introduces more problems and cost that it cures, in my opinion.

There are multi-wan routers, which would be the most logical solution for multiple ISP connections, but again, if your goal is to keep students away from teachers, and vice-versa, that's more of a VLAN design issue.

Collapse -

Network Design

by lyle148806 In reply to That's a somewhat complex ...

The separation of the two internal network is a separate issue, either using physical separate networks or VLANs is the way for this, along with firewalls etc.

The two ISP links could provide redundant or load balanced access to the net, but unless your setting up to physically separate networks should not be part of the separation of the students and the teachers

Collapse -

Load Balance

by howard_davis In reply to Network Design

I guess I did not state why the two ISP's. It was not for separating originally. Our current T1 has a 5 year contract (not my choice, signed the month before I started). To increase bandwidth was insane cost. So I added second line, cable with 15 down 2 up, for increased bandwidth (do not need the up speed). After some investigation, I am going with a Radware Load balancer. This comes after the two modems, before firewall. Firewall will act as DHCP (we only have approx. 80 computers). Thanks for the help. (If my idea is a nightmare, other ideas appreciated)

Collapse -


by -Lukin- In reply to Load Balance

Use the t1 for backup connectivity and the cable line as your main. Depending on the router you are using this is fairly simple to set up, as the T1 would just be a fail over in case of an outage with the cable.

Just create seperate vlans for students and teachers as was explained earlier, and the rest can be done through AD/Group policy depending on how you have your AD set up.

Collapse -

re: ideas

by howard_davis In reply to Ideas

Why not use the T1 for load balancing? I would like to use all the bandwidth I can. I currently use AD/GP for separating out everything in regards to the admin/student privileges, with our size really do not need VLAN.

Collapse -

Apples versus Oranges

by robo_dev In reply to re: ideas

First of all, load balancing makes good sense.

Second, note that the 'advertised' throughput of a cable modem may not be all that consistent, as the CMTS (cable modem transmission system) relies on a shared topology to a set group of homes/businesses, so the fine print that says 'up to' 15mbs very much applies.

T1 service tends to be very consistent, and the bandwidth you pay for is the bandwidth you get. Also, depending on the provider, the availability of the CMTS may be inconsistent. In other words, you get what you pay for....

Collapse -

that's why i have two

by howard_davis In reply to Apples versus Oranges

Exactly right on the cable. That is one reason I am keeping the T1. I did find out something. The firewall that I purchased for the new building says it has load balancing. I think I may start with it before purchasing a separate load balancer that costs big $$. Sonicwall NSA 240 is the firewall.

Collapse -

You'll want to dual WAN, but ...

by eugene.haney In reply to To Dual WAN or not to Dua ...

Dual WAN with load balancing = great way to aggregate traffic. Firewall should be able to do that depending on licensing/firmware (check). This is a tricky implementation, if you have a lot of experience with the firewall/router manufacturer then go for it.

Make sure you configure VPN traffic for the dual ISPs for failover.

I agree with most posters here that regardless of the size of the organization you **should** implement VLANs to separate student/teacher traffic.

Collapse -

Firewall has LB

by howard_davis In reply to To Dual WAN or not to Dua ...

Going back over our Sonicwall, realized it has simple LB that should work for our school. 80 computers, max of 40-50 using internet at once should be all that is going out. If it causes too much of a bottleneck, I will look at getting a separate LB.

Collapse -

Hopefully you are using a proxy server or are blocking some ports

by robo_dev In reply to Firewall has LB

As a couple of people doing some Torrent downloads could kill that connection.

A proxy server that does caching can help things tremendously, especially if a whole classroom were going to the same web page, or if a whole bunch of students are looking at online videos.

Related Discussions

Related Forums