Site to Site connection options

Forums › IT Pro and developers › Site to Site connection options

martinjward

68 posts

Master Geek
+1 received by user: 2

#289606 16-Sep-2021 12:37

Hey Guys,

We have a few satelite sites connected to a main site (Auckland CBD) using IPSEC Site 2 Site VPNs, pratically they work quite well...

We are looking at joining an additional site that is about 100 meters or so up the road. I would really like the other site to just piggyback off all the existing infrustucture, so ideally I would like to connect the sites via Layer 2 (ie. switching not routing).

I had hoped to setup some sort of microwave/airfiber connection, however, the roofs dont seem to have line of sight.

Therefore, I have a couple of wonderances/Q's

Is it normal for business address' to have multiple strands of usuable fiber run to them via the Chorus network?, If so is there anyway we can somehow connect the sites over the "spare fiber"?
If we cant do the above are there companies that can do a direct fiber run from one site to another? any suggestions?
Is there another option where the sites are connected via a DC/colo?
Otherwise I was thinking we could connect both sites with Hyperfibre @ 4 or 8Gbps, unsure of the performance we could get with this solution and it unfortunately doesn't hit the no routing req.

As always your thoughts are much appreciated. :)

1 | 2

974 posts

Ultimate Geek
+1 received by user: 533

Trusted

Prodigi

Subscriber

#2779292 16-Sep-2021 12:43

You could definitely use VPLS or VXLAN over Hyperfibre to do what you want and make it Layer 2. This is something we do a lot, even from Auckland to Invercargill.

otherwise DFAS may work patched together but that will probably be more expensive than Hyperfibre. It really depends on what kind of performance you actually need.

they/them

Prodigi - Optimised IT Solutions
WebOps/DevOps, Managed IT, Hosting and Internet/WAN.

Dynamic

4015 posts

Uber Geek
+1 received by user: 1851

ID Verified

Trusted

Lifetime subscriber

#2779294 16-Sep-2021 12:45

The 'spare fibre' belongs to Chorus. They would love to rent it to you for a very reasonable fee, via an internet provider.

A telco can do a site to site circuit for you via fibre. This would likely be more expensive than doing a broadband+VPN setup but have better guaranteed bandwidth. It would have a contract term, and would be a routed solution.

You could do a microwave link that literally bounces the signal off another building if the angles are right. I worked for a company that did this years ago.

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

martinjward

68 posts

Master Geek
+1 received by user: 2

#2779298 16-Sep-2021 12:59

You could do a microwave link that literally bounces the signal off another building if the angles are right. I worked for a company that did this years ago.

Well that's an interesting thought.... I really need to get to the site to see what's possible in those terms.

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#2779301 16-Sep-2021 13:02

Fun option, Stick an ARM based Mikrotik at each site, Run ROS v7 and run zeroteir on a bridge.

It will do full Layer 2 full size (1500) packets and handle it all in software.

Seen some pretty good results of people using exactly this in production already.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

MadEngineer

4591 posts

Uber Geek
+1 received by user: 2570

Trusted

#2779307 16-Sep-2021 13:08

Never split the subnet of a busy network over a wireless link.

You're not on Atlantis anymore, Duncan Idaho.

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#2779309 16-Sep-2021 13:10

MadEngineer: Never split the subnet of a busy network over a wireless link.

Agreed, I'm quite a fan of doing routed Site to Site configurations (without crossing the Internet) IPSEC tunnels are boring...

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

martinjward

68 posts

Master Geek
+1 received by user: 2

#2779311 16-Sep-2021 13:12

danielfaulknor: You could definitely use VPLS or VXLAN over Hyperfibre to do what you want and make it Layer 2. This is something we do a lot, even from Auckland to Invercargill.

Just wondering if you have used this solution and had great performance?

otherwise DFAS may work patched together but that will probably be more expensive than Hyperfibre. It really depends on what kind of performance you actually need.

Any chance you have worked with a provider for DFAS that you could recommmend?

BlakJak

1330 posts

Uber Geek
+1 received by user: 735

Trusted

#2779320 16-Sep-2021 13:23

Any chance you have worked with a provider for DFAS that you could recommmend?

Just about every ISP will be able to offer this as retail product, because it's available to them through their wholesale vendors. I'd start with your own ISP and see what they can quote for you.

No signature to see here, move along...

martinjward

68 posts

Master Geek
+1 received by user: 2

#2779328 16-Sep-2021 13:35

hio77:
MadEngineer: Never split the subnet of a busy network over a wireless link.

Agreed, I'm quite a fan of doing routed Site to Site configurations (without crossing the Internet) IPSEC tunnels are boring...

This might of been the tempering I needed. What’s the reason for this?

cyril7

9075 posts

Uber Geek
+1 received by user: 2499

ID Verified

Trusted

Subscriber

#2779331 16-Sep-2021 13:37

MadEngineer: Never split the subnet of a busy network over a wireless link.

Absolutely, any constrained resource link of that nature should be protected from broadcast traffic from either end.

Cyril

ArcticSilver

731 posts

Ultimate Geek
+1 received by user: 148

#2779343 16-Sep-2021 13:58

Also don't forget that you can do a layer 2 VPN between the two sites. I would expect this to be the most cost effective option.

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

martinjward

68 posts

Master Geek
+1 received by user: 2

#2779377 16-Sep-2021 14:33

ArcticSilver:

Also don't forget that you can do a layer 2 VPN between the two sites. I would expect this to be the most cost effective option.

Good reminder, thanks, I am just trying to get my, good, better, best so good to understand all options in front of me.

martinjward

68 posts

Master Geek
+1 received by user: 2

#2779858 17-Sep-2021 12:08

hio77:

Fun option, Stick an ARM based Mikrotik at each site, Run ROS v7 and run zeroteir on a bridge.

It will do full Layer 2 full size (1500) packets and handle it all in software.

Seen some pretty good results of people using exactly this in production already.

Wow, thanks for pointing this out, could be a great option that I was not aware of!

martinjward

68 posts

Master Geek
+1 received by user: 2

#2780927 20-Sep-2021 11:05

VPLS or VXLAN

As in verdor specific protocols to create said Layer 2 config? Requiring specific hardware?

danfaulknor

974 posts

Ultimate Geek
+1 received by user: 533

Trusted

Prodigi

Subscriber

#2781095 20-Sep-2021 13:25

martinjward:

VPLS or VXLAN

As in verdor specific protocols to create said Layer 2 config? Requiring specific hardware?

Both are standards so any modern enterprise network hardware will support it

they/them

Prodigi - Optimised IT Solutions
WebOps/DevOps, Managed IT, Hosting and Internet/WAN.

1 | 2