Blog /when you think it's too easy and hackish, it isn't

when you think it's too easy and hackish, it isn't

November 10, 2005 04:31 +0000  |  Employment Geek Stuff 0

this post is completely geek-related so if you know nothing about networking or linux, you may want to just skip it.

i've been working for weeks on and off on a problem i just couldn't wrap my brain around. you see, i never went to school for networking (or programming for that matter). everything i know is self-taught. so a lot of the time i find myself doing something i've never done before and often i have no schooling to fall back on, let alone anyone else to ask. my boss expects me to find out how to do the job and get it done -- he doesn't care much how.

the problem? take a block of ips and route the traffic to a few servers by way of a filtering firewall on a new cisco switch. on this same switch, we also have a private lan using unrouteable ips.

now i know how to setup a standard home network. map the one live ip you have to your gateway/firewall and forward ports through to the appropriate 192.168.x.x ips behind. i remember at one point a long time ago that this process (NAT) involved overhead that you shouldn't depend on for high availability situations, but for a home network this is ok. the only problem is that i need to design this network to be able to take a serious slashdotting or massive ad serving campaign. packets have to route and i thought that NAT might not be up to the task.

my (assumed by me without any prior experience) solution was to have the firewall filter all the packets through, but not translate the packets. ie. the firewall would have a routeable ip, the servers would have other routeable ips and the lan machines would have non-routeable ips:

internet -- gateway (12.34.56.78) +- server (12.34.56.79)
                                  |
                                  +- desktops (192.168.0.x)

it's taken me weeks and lots of enquiries with various geeks to find out that this will not work. instead, you have to assign all the routeable ips to the gateway and use NAT:

internet -- gateway (12.34.56.78) +- server (192.168.0.1)
            gateway (12.34.56.79) +- server (192.168.0.2)
                                  |
                                  +- desktops (192.168.0.x)

the sad part? this is how i set it up initially. i didn't know how to do what i thought was The Propper Way so i put together what i thought was a quick hack to make things work. ...it just turns out that my hack was The Right Way all along.

maybe i should have gone to school for this. regardless, i'm chronicling my ignorance here in the hopes that it might help someone else like me one day.

Comments

Post a Comment

Markdown will work here, if you're into that sort of thing.