Search Our Site

Our Newsletter

Our Ramblings

Cisco – Two LAN, Two WAN ISP and NAT

We recently received a request from a rural customer who was tired of their unreliable 1Mbps ADSL line to add a second ADSL line to their network. The line was ordered and installed and we then added a second ADSL wic interface to their router and set to work making it work. Our brief was to make it work so that each LAN was associated with one WAN link and only used that WAN link. This is how we went about it.

Clearly the second interface needed to be associated with a second dialer created to log in and manage the second connection. Furthermore, we needed to add a second DHCP pool. This new config is shown as follows:

DHCP config:-

ip dhcp pool pollux
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.1 
   dns-server 62.6.40.178 62.6.40.162 

As you can see this connection is using BT DNS servers.

Dialer config:-

interface Dialer1
 description btbusiness
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 2
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxx
 ppp chap password xxxxxxx

We then needed to allocate a second default route to the router and this was achieved by means of the following command:-
ip route 0.0.0.0 0.0.0.0 Dialer1

We created an access list to handle the new traffic relating to the new DHCP network as follows:-
access-list 22 permit 192.168.200.0 0.0.0.255

and then we added a new access list to ensure that the traffic on each LAN network remained segregated from the other LAN. This was done as follows:-

access-list 112 deny   ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 112 deny   ip 192.168.1.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 112 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 112 permit ip 192.168.1.0 0.0.0.255 any
access-list 122 deny   ip 192.168.200.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 122 deny   ip 192.168.200.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 122 deny   ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 122 permit ip 192.168.200.0 0.0.0.255 any

Finally we needed to apply route maps to mechanise the access lists, putting them to work maintaining segregation and ensuring correct operation. The following two route maps were configured:-
route-map pollux permit 22
 match ip address 122
 set interface Dialer1
!
route-map castor permit 12
 match ip address 112
 set interface Dialer0

Putting it all together our new configuration was as follows:-

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname xxx-core-router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 512000 debugging
enable secret xxxxxxx
!
no aaa new-model
no network-clock-participate slot 1 
no network-clock-participate wic 0 
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
!
ip dhcp pool pollux
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.1 
   dns-server 62.6.40.178 62.6.40.162 
!
ip dhcp pool castor
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1 
   dns-server 62.6.40.178 62.6.40.162 
!
!
ip flow-cache timeout active 1
ip name-server 212.159.13.49
ip name-server 212.159.13.50
ip name-server 141.1.1.1
!
!
!
archive
 log config
  hidekeys
!
!
! 
!
!
!
interface ATM0/0
 description btbusiness
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no atm ilmi-keepalive
 dsl operating-mode itu-dmt 
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip policy route-map castor
 duplex auto
 speed auto
!
interface ATM0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no atm ilmi-keepalive
 dsl operating-mode itu-dmt 
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 2
 !
!
interface FastEthernet0/1
 ip address 192.168.200.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map pollux
 duplex auto
 speed auto
!
interface Dialer0
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxx
 ppp chap password xxxxxxx
!
interface Dialer1
 description btbusiness
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 2
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxx
 ppp chap password xxxxxxx
!
router rip
 version 2
 network 192.168.1.0
 network 192.168.200.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.88.0 255.255.255.0 192.168.200.2
ip route 212.159.13.49 255.255.255.255 Dialer1
ip route 212.159.13.50 255.255.255.255 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source list 12 interface Dialer0 overload
ip nat inside source list 22 interface Dialer1 overload
ip nat inside source route-map castor interface Dialer1 overload
ip nat inside source route-map pollux interface Dialer0 overload
!
access-list 12 permit 192.168.1.0 0.0.0.255
access-list 22 permit 192.168.200.0 0.0.0.255
access-list 112 deny   ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 112 deny   ip 192.168.1.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 112 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 112 permit ip 192.168.1.0 0.0.0.255 any
access-list 122 deny   ip 192.168.200.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 122 deny   ip 192.168.200.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 122 deny   ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 122 permit ip 192.168.200.0 0.0.0.255 any
route-map pollux permit 22
 match ip address 122
 set interface Dialer1
!
route-map castor permit 12
 match ip address 112
 set interface Dialer0
!
!
!
control-plane
!
!
!
alias exec arp tclsh flash:arp.tcl
alias exec shutnoshut tclsh flash:shutnoshut.tcl
!
line con 0
line aux 0
line vty 0 4
 access-class 12 in
 password xxxxx
 login
 transport input telnet
!
ntp clock-period 17207966
ntp server 85.119.80.233
!
end

 

The network worked beautifully. Another elegant solution from Rustyice Solutions.

HOW CAN WE HELP YOUR BUSINESS?

help-desk-solutionsRustyice’s strength is that it will tailor the service it provides to suit you and your business needs, rather than have a ‘one solution fits all’ mind-set.

Each customer is different. If needed, we can essentially become your internal IT Department, taking full responsibility for administration.  Or if you already have IT Staff, we can provide an external, independent and professional ‘fall back’ situation in times of need or emergency.

Just look at the list of benefits our customers receive as standard:

  • A Bespoke Package That Fits Your Needs
  • Direct Access to Engineers
  • Remote Live Equipment Monitoring
  • Unlimited Support Calls/Remote Access & Site Visits
  • Detailed Site Audit/Documentation & Security
  • Free Help & Advice
  • Free Project Management
  • Free Loan Equipment
  • Free Holiday Cover for IT Staff
  • Detailed Call Logging
  • Discount Installation Charges for New Equipment Purchased
  • 24/7 Cover Available
  • Quarterly Courtesy Visit & Health Check
  • Low Staff Turnover
  • Excellent Client Retention & References

We have a dedicated team of professionals and monitoring systems ‘in house’, which often enable us to see a problem developing, and respond swiftly before you incur difficulties. Of course, you can still call or email us, and your request will go straight to an engineer who will respond swiftly and professionally.

If you need a site visit, do not worry, these are included (unlimited) as standard for our premium support customers.

call-recording-1024x1024Our Call Logging and Proactive Monitoring systems at Rustyice have been developed in house and are a source of pride to the team and the envy of many of our competitors. They have been designed to facilitate a rapid response to problems and queries raised either by you the customer, or triggered by our in-house analysis.

We’d be delighted to visit you and demonstrate these systems, or alternatively welcome you to our office facility in Kilmarnock where you can see our systems in action over a cup of coffee. See what our customers think about our service and response!

Call us now on 01563 701075 or use our online form.

The SaaS Value Proposition

Despite the continuous growth and market adoption for Software as a Service (SaaS) solutions, or perhaps because of it, many SaaS vendors are attempting to alter or advance the SaaS definition to more closely align with their particular solutions. Sales pitches that include terms such as ‘multi-tenant’ versus ‘isolated tenancy’ – or – ‘SaaS’ versus ‘Software + Services’ are just a few of the technical arguments which ultimately cause more confusion than value for IT evaluators and buyers.

To separate claims and hype from substance and benefits, focus on the true definition of SaaS as well as the SaaS value proposition.

SaaS Defined

While SaaS is a broadly defined term for which there is no definitive consensus, the below definition of SaaS enjoys general industry agreement.

SaaS is a software delivery model which provides web-based application access from a central shared services hosting facility over the Internet based on a subscription pricing model.

Key SaaS characteristics include the following:

  • Browser-based access to software applications
  • Pay-as-you-go subscription pricing – akin to rental
  • IT management is performed centrally rather than at each customer’s site
  • Shared services application delivery which generally includes impressive Tier 4 data centers and may consist of a multi-tenant architecture or in some instances a single-tenant (or isolated tenant) architecture
  • Centralized software management and upgrades (which eliminates the need for end-users to download and install software patches and upgrades)

Software as a service characteristics remain relatively constant despite the continual evolution of category naming for this disruptive technology. The change in the delivery, pricing and support model has evolved from its original moniker of ASP (application service provider) to utility computing to on-demand to SaaS and likely will fold into the cloud computing nomenclature and paradigm. Notwithstanding progressive naming escalations, the SaaS business model has consistent, profound and sustained value. According to Nicholas Carr, a former editor of the Harvard Business Review and IT visionary, the SaaS or utility computing model will have similar economic and social impact as was incurred a hundred years ago when companies stopped generating their own power with steam engines and dynamos and plugged into the newly built electric grid.

SaaS Value Proposition

The core tenants of the SaaS value proposition are unchanged regardless of vendor and include the following benefits.

  • Subscription pricing for lower TCO (total cost of ownership)
    • SaaS solutions forego hardware and software procurement, annual maintenance fees and upgrades
    • SaaS enables acquiring only the amount of software needed as opposed to traditional licenses per device
    • SaaS allows subscribers to access business functionality at a lesser cost than paying for licensed applications
    • SaaS reduces or eliminates IT salaries expenses for DBAs, system administrators and support or help desk staff
    • Some software vendors facing eroding market share to the SaaS solutions have attempted to suggest that SaaS TCO is higher due to the recurring subscription model, however, while costs vary by customer, several analyst firms have developed TCO models which demonstrate SaaS TCO is normally lower over the life of the application software
  • Faster implementation (faster time to benefits)
    • With no hardware, platform software or application software to install and configure, SaaS business software implementations are typically performed in 45% to 55% of the time and cost of on-premise CRM or ERP applications
  • Outsourced expertise
    • SaaS operations are managed by outsourced experts for improved product delivery and support; hosting organizations offer expert resources such as data center architects, DBA, security and help desk
    • Offloading IT administration and management allows companies to apply greater time and focus to core competencies
  • Predictable IT expenditures
    • Hosting clients turn otherwise variable costs into predictable monthly payments
    • Fewer over-budget IT project surprises
  • Reduced risk
    • Failure to achieve SaaS implementation success or post production results offers customers the option to terminate their subscriptions
  • Vested partnerships
    • Unlike traditional software licenses which are sold without any money back provisions, SaaS agreements are dependent upon recurring subscription renewals; With SaaS, the hosted vendor has a financially vested interest in the customer’s satisfaction and software success
  • On-demand scalability as business grows
    • With SaaS, there is no need to purchase and maintain hardware in advance in order to be able to support cyclical demands or increased business growth; SaaS offers on-demand scalability
  • SaaS solutions forego a highly depreciable (hardware and software) asset which offers no intrinsic financial value. When performing the buy versus rent scenario, remember that if something appreciates over time you may opt to buy it, however, when something depreciates you often opt to rent it. Information systems only ever depreciate. Use the asset – don’t buy it.

Recognizing the true definition of SaaS and the core tenants of the SaaS value proposition will empower IT evaluators and buyers to bypass vendor injected self serving claims and imposed confusion as well as maintain focus on the business value and benefits realized from the SaaS delivery model.

Our view on SFI charges

This page explains our point of view and the stance we have taken with BT on SFI visits and charges. I don’t doubt that some will disagree with our point of view to some extent. Much of this page is opinion and should be taken as such. I hope it is helpful and I am happy to answer any questions. We don’t dislike BT – we wish to work in partnership with BT. In many areas (especially technical) we work well with BT. However, on occasion, we are at odds with BT and SFI charges is one of those cases. We hope this will eventually be resolved one way or another. We are happy to talk to BT further if they wish.

Please bear in mind that a lot of faults are clear cut and not an issue. The tricky ones are those that are intermittent or show no fault on BT testing.

Why is BT SFI a broken concept?

The best way to explain this is an analogy. Imagine you rent a tumble drier (or if you prefer consider you bought it and it is under warranty). If it breaks a man comes out and fixes it – no charge. Simple.

Now, it would not be that unreasonable for them to say “If we come out and find the tumble drier is fine but the problem was in fact a fault in your washing machine, say not spinning the water out, which is why the tumble drier could not work, we’ll charge a callout fee”. That would not be too bad, though £160 would be a huge call out fee.

Now imagine they say “There is no call out fee, but the service company we use (part of our company) only offer us combined washing machine and tumble drier check visits, so that is all we can offer you”… Not too bad, but there is more: “If they don’t find a fault then there is a charge of £160 for checking the washing machine – no it’s not a call out fee, it’s specifically for the work done on the washing machine”. And no amount of “I did not get the washing machine from you, I don’t want it checked, I just want the tumble drier sorted” helps you.

Well, that is exactly how BT are running SFI. They make SFI a new service which checks wiring and router as well as the broadband service. They have no option for having it without these extra checks. They charge specifically for the activity beyond the NTE (i.e. these extra checks). They only spend 2 hours on the issue so may well not find an intermittant fault (and so will charge). Comments?