[OPLINTECH] Second T1 line.

Chad Neeper (list) cneeper at level9networks.com
Thu Aug 30 11:55:22 EDT 2007


The only "problem" I see with that strategy is that any public computers
that are visiting the library's own website (assuming it's hosted on a
library server on the "staff" side) end up using bandwidth from both
routes to/from the Internet. In most cases that will probably be a small
issue unless the public computers are doing catalog searches, in which
case the demand may be slightly higher or at least more frequent.

Actually, now that I think about it, while yours is the ideal scenario,
it may not work out in some cases. Many of the libraries I support use
ILS OPAC software that is not browser based. The OPACs have a need to
directly see the server over a fast network. In that case, having to
route through the Internet is a bad proposition at best! In this case a
firewall solution probably works better. I typically have the public-use
network, the private staff network, the Internet router, and the DMZ all
going to the same firewall. The firewall then handles all of the routing
decisions. Everything is isolated from everything else, but traffic that
needs to move from network to network can still do so in a secured
manner. It seems to work out well and as far as I can tell seems to be a
good network perimeter defense.

Of course, if the firewall fails, NOBODY's happy! :-)

Have a great day,
Chad

Ps. I'm posting this back to the list so Chris and the others can see it.
Pps. Dan's JPG illustrated two completely isolated staff and patron
networks each going to their own Internet router.

-----------------------
Chad Neeper
Senior Systems Engineer

Level 9 Networks
740-548-8070 (voice)
866-214-6607 (fax)

--   Full LAN/WAN consulting services   --
-- Specialized in libraries and schools --



Chad Neeper (list) wrote:
> Can your proxy server route traffic to the two different routers? You
> could route based on individual workstation IP addresses or a range of
> addresses. You could even assign a new subnet to your staff computers
> (ex. 192.168.1.x).
>
> Ideally, you want your staff computers firewalled from your public
> computers anyway, so you could take this opportunity to pay close
> attention to how your network is structured.
>
> -----------------------
> Chad Neeper
> Senior Systems Engineer
>
> Level 9 Networks
> 740-548-8070 (voice)
> 866-214-6607 (fax)
>
> --   Full LAN/WAN consulting services   --
> -- Specialized in libraries and schools --
>
>
>
> Chris Brose wrote:
>   
>> Hello,
>>
>> At the moment we have one building with one network using 192.168.0.x 
>> as the internal IP's for all our workstations.  Internet access is 
>> supplied through the OPLIN router for all workstations within our 
>> library. All Patron workstations hit a Proxy server before going to 
>> out the OPLIN router for filtering purposes.
>>
>> Here is what we want to do.
>>
>>   AT&T has installed a second T1 line and a second router. We want 
>> all Patron workstation traffic going out the AT&T router and all 
>> staff traffic going out through the OPLIN router.  I know the 
>> question is kind of vague but has anyone set this kind of 
>> configuration up, and what is the best solution for this situation?
>>
>> Thank you everyone for any input.
>>
>> Christopher J. Brose
>> Network Administrator
>> Tiffin-Seneca Public Library
>> Voice: 419-447-3751
>> Fax:   419-447-3045
>>
>>
>> _______________________________________________
>> OPLINTECH mailing list
>> OPLINTECH at oplin.org
>> http://mail.oplin.org/mailman/listinfo/oplintech
>>
>>
>>   
>>     
>
>   

-- 

-----------------------
Chad Neeper
Senior Systems Engineer

Level 9 Networks
740-548-8070 (voice)
866-214-6607 (fax)

--   Full LAN/WAN consulting services   --
-- Specialized in libraries and schools --

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.oplin.org/mailman/private/oplintech/attachments/20070830/3a93456b/attachment.html


More information about the OPLINTECH mailing list