Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersSite to Site connection options
martinjward

68 posts

Master Geek


#289606 16-Sep-2021 12:37
Send private message

Hey Guys,

 

 

 

We have a few satelite sites connected to a main site (Auckland CBD) using IPSEC Site 2 Site VPNs, pratically they work quite well...

 


We are looking at joining an additional site that is about 100 meters or so up the road. I would really like the other site to just piggyback off all the existing infrustucture, so ideally I would like to connect the sites via Layer 2 (ie. switching not routing).

 

I had hoped to setup some sort of microwave/airfiber connection, however, the roofs dont seem to have line of sight.

 


Therefore, I have a couple of wonderances/Q's

 

  • Is it normal for business address' to have multiple strands of usuable fiber run to them via the Chorus network?, If so is there anyway we can somehow connect the sites over the "spare fiber"?
  • If we cant do the above are there companies that can do a direct fiber run from one site to another? any suggestions?
  • Is there another option where the sites are connected via a DC/colo?
  • Otherwise I was thinking we could connect both sites with Hyperfibre @ 4 or 8Gbps, unsure of the performance we could get with this solution and it unfortunately doesn't hit the no routing req.

As always your thoughts are much appreciated. :)

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
danfaulknor
939 posts

Ultimate Geek

Trusted
Prodigi

  #2779292 16-Sep-2021 12:43
Send private message

You could definitely use VPLS or VXLAN over Hyperfibre to do what you want and make it Layer 2. This is something we do a lot, even from Auckland to Invercargill.

otherwise DFAS may work patched together but that will probably be more expensive than Hyperfibre. It really depends on what kind of performance you actually need.




they/them

 

Prodigi - Optimised IT Solutions
WebOps/DevOps, Managed IT, Hosting and Internet/WAN.



Dynamic
3869 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2779294 16-Sep-2021 12:45
Send private message

The 'spare fibre' belongs to Chorus.  They would love to rent it to you for a very reasonable fee, via an internet provider.

 

A telco can do a site to site circuit for you via fibre.  This would likely be more expensive than doing a broadband+VPN setup but have better guaranteed bandwidth.  It would have a contract term, and would be a routed solution.

 

You could do a microwave link that literally bounces the signal off another building if the angles are right.  I worked for a company that did this years ago.




“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management.  A great Kiwi company.

martinjward

68 posts

Master Geek


  #2779298 16-Sep-2021 12:59
Send private message

 

 

 

 

You could do a microwave link that literally bounces the signal off another building if the angles are right.  I worked for a company that did this years ago.

 

 

 

 

Well that's an interesting thought.... I really need to get to the site to see what's possible in those terms.



hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #2779301 16-Sep-2021 13:02
Send private message

Fun option, Stick an ARM based Mikrotik at each site, Run ROS v7 and run zeroteir on a bridge.

 

It will do full Layer 2 full size (1500) packets and handle it all in software.

 

 

 

Seen some pretty good results of people using exactly this in production already.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 

MadEngineer
4306 posts

Uber Geek

Trusted

  #2779307 16-Sep-2021 13:08
Send private message

Never split the subnet of a busy network over a wireless link.




You're not on Atlantis anymore, Duncan Idaho.

hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #2779309 16-Sep-2021 13:10
Send private message

MadEngineer: Never split the subnet of a busy network over a wireless link.

 

Agreed, I'm quite a fan of doing routed Site to Site configurations (without crossing the Internet) IPSEC tunnels are boring...




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 

martinjward

68 posts

Master Geek


  #2779311 16-Sep-2021 13:12
Send private message

danielfaulknor: You could definitely use VPLS or VXLAN over Hyperfibre to do what you want and make it Layer 2. This is something we do a lot, even from Auckland to Invercargill.

 

Just wondering if you have used this solution and had great performance?

 


otherwise DFAS may work patched together but that will probably be more expensive than Hyperfibre. It really depends on what kind of performance you actually need.

 

Any chance you have worked with a provider for DFAS that you could recommmend?

 

 

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.
BlakJak
1276 posts

Uber Geek

Trusted

  #2779320 16-Sep-2021 13:23
Send private message

 

Any chance you have worked with a provider for DFAS that you could recommmend?

 

 

 

 

Just about every ISP will be able to offer this as retail product, because it's available to them through their wholesale vendors. I'd start with your own ISP and see what they can quote for you.




No signature to see here, move along...

martinjward

68 posts

Master Geek


  #2779328 16-Sep-2021 13:35
Send private message

hio77:

MadEngineer: Never split the subnet of a busy network over a wireless link.


Agreed, I'm quite a fan of doing routed Site to Site configurations (without crossing the Internet) IPSEC tunnels are boring...



This might of been the tempering I needed. What’s the reason for this?

cyril7
9061 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2779331 16-Sep-2021 13:37
Send private message

MadEngineer: Never split the subnet of a busy network over a wireless link.

 

Absolutely, any constrained resource link of that nature should be protected from broadcast traffic from either end.

 

Cyril

ArcticSilver
729 posts

Ultimate Geek


  #2779343 16-Sep-2021 13:58
Send private message

Also don't forget that you can do a layer 2 VPN between the two sites. I would expect this to be the most cost effective option.

martinjward

68 posts

Master Geek


  #2779377 16-Sep-2021 14:33
Send private message

ArcticSilver:

 

Also don't forget that you can do a layer 2 VPN between the two sites. I would expect this to be the most cost effective option.

 

 

Good reminder, thanks, I am just trying to get my, good, better, best so good to understand all options in front of me.

martinjward

68 posts

Master Geek


  #2779858 17-Sep-2021 12:08
Send private message

hio77:

 

Fun option, Stick an ARM based Mikrotik at each site, Run ROS v7 and run zeroteir on a bridge.

 

It will do full Layer 2 full size (1500) packets and handle it all in software.

 

 

 

Seen some pretty good results of people using exactly this in production already.

 

 

 

 

Wow, thanks for pointing this out, could be a great option that I was not aware of!

martinjward

68 posts

Master Geek


  #2780927 20-Sep-2021 11:05
Send private message

  VPLS or VXLAN
 

 

As in verdor specific protocols to create said Layer 2 config? Requiring specific hardware?

 

 

 

 

danfaulknor
939 posts

Ultimate Geek

Trusted
Prodigi

  #2781095 20-Sep-2021 13:25
Send private message

martinjward:

 

  VPLS or VXLAN
 

 

As in verdor specific protocols to create said Layer 2 config? Requiring specific hardware?

 

 

 

 

Both are standards so any modern enterprise network hardware will support it




they/them

 

Prodigi - Optimised IT Solutions
WebOps/DevOps, Managed IT, Hosting and Internet/WAN.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Gen Threat Report Reveals Rise in Crypto, Sextortion and Tech Support Scams
Posted 7-Aug-2025 13:09

Logitech G and McLaren Racing Sign New, Expanded Multi-Year Partnership
Posted 7-Aug-2025 13:00

A Third of New Zealanders Fall for Online Scams Says Trend Micro
Posted 7-Aug-2025 12:43

OPPO Releases Its Most Stylish and Compact Smartwatch Yet, the Watch X2 Mini.
Posted 7-Aug-2025 12:37

Epson Launches New High-End EH-LS9000B Home Theatre Laser Projector
Posted 7-Aug-2025 12:34

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright