Multi-site office network interconnection-Solution

Recently, the company needs to lease IDCs in different cities for large-scale growth, and connect scattered office sites on the network layer.

Most of these solutions use VPN for virtual link interconnection. Similar professional devices or other devices are available in the market, but the company has always adhered to the frugal principle.

The final solution is to connect networks in several cities, connect IDCs without buying any equipment, and directly use routeOS + VMware for more than half a year. It has been normal. The key method is very cost-effective, it can reduce hardware costs during the company's rapid expansion.

Headquarters logic diagram:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/160TW193-0.jpg "title =" network topology .jpg "alt =" 142504166.jpg"/>

Two lines are used for access. VPN is a virtual access line that uses routeOS for load balancing to separate different requests from different egress. Multiple VPN virtual lines are connected to each IDC and each office location, this routeOS provides the PPTPserver service, which can direct to IDCs in different office locations through address routing. For small office locations, PPTPclient can be directly transferred in to use the headquarters office resources, and medium-sized branch offices can access through ip tunnel, achieve two-way access.

Important:

1. Multi-Exit: 650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/160TRX9-1.jpg "title =" network topology .jpg "alt =" 143934497.jpg"/>

Ether1 is used as the access Intranet port, and e00002 and ether3 are connected to the China Telecom line and China Netcom line respectively.

2. Load routing: 650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/160TV155-2.jpg "title =" network topology .jpg "alt =" 1442220.5.jpg"/>

By marking the original address, you can set the IP route to point to, for example, by default, China Telecom and China Netcom.

3. VPN individuals and companies:

Individual VPNs and company VPNs can be set separately to facilitate travel staff and branch offices:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/160TS451-3.jpg "title =" network topology .jpg "alt =" 144714622.jpg"/>

The creation of routeOS seems to require a server with several NICs to act as the routeOS. In actual deployment, I have adopted the existing VMware and the built-in vswitch, trunk on the same physical line, so that different network segments can be divided. The procedure is as follows:

1. first, you need to mark the port on which the switch is connected to VMware, 650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/160TW217-4.jpg "title =" network topology .jpg "alt =" 145313200.jpg"/> This Is A Huawei switch, of course, we also have the same basic cisco.

2. at this time, your VMware will disconnect the network. Note: When you do the first step, make sure that the VMWARE has the HA function or that all services can be disabled. You need to manually access it, of course, I use DELL Remote card management.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/160TUB4-5.jpg "title =" network topology .jpg "alt =" 151310571.jpg"/>

In this way, you do not need to go to the data center. Configure the management IP address of VMWARE, select the VLAN tag in the VLAN field, and save the configuration. In this way, VMWARE can connect again.

3. Configure the vswitch:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/160TT447-6.jpg "title =" network topology .jpg "alt =" 151624155.jpg"/>

From the ID, we can see that VMWARE with the same port is configured with several different VLANs.

4. After creating a VM, add multiple NICs.

For further high reliability, you can create VMWARE's high reliability, namely, the HA function, to prevent virtual routers from being used as machines due to hardware. This method saves a lot of money than using a variety of specialized equipment. It also facilitates management.

This article is from the "fzhaolei" blog, please be sure to keep this source http://53254.blog.51cto.com/43254/1320877