1 Domain Server - 12 Workstations - 1 Switch - 2 DSL Lines - HOW ?

[24elements]

There isn't much about load balancing in chapter 5.  All you can do is set the max downstream and upstream.  Whoopie do.

[24elements]

Is MRTG a Perl app?

[offroadaaron]

_{What should I adjust it to?  600 kbit down if it's 6 mb down or do a speed test and use the speeds up an down from it?  I'm looking at chapter 5 sc302.}

 

http://www.convertunits.com/from/Kbps/to/Mbps

 

Is MRTG a Perl app?

 

http://oss.oetiker.ch/mrtg/doc/mrtg.en.html

 

 

You can google these things you know.

[MtnDewCodeRedFreak]

Hey BudMan - just a question in general. For a small network like the OP's, you can have DHCP, DNS, AD, file server, web server (like SharePoint, IIS) etc on the same server, right?

 

Or, am I wrong? I'm leaning on the "wrong" though because of the heavy server load so I'm thinking that's probably why many businesses need to have multiple servers (like one for file services, one for email/Exchange, one for DHCP, etc. Please correct me.

 

I plan on getting a network like the OP's, though.

[sc302 Veteran]

There isn't much about load balancing in chapter 5.  All you can do is set the max downstream and upstream.  Whoopie do.

Chapter 5 is dedicated to seeing up a second line. It does talk a little about load balancing, but I think you are limited on choices.

Hey BudMan - just a question in general. For a small network like the OP's, you can have DHCP, DNS, AD, file server, web server (like SharePoint, IIS) etc on the same server, right?

 

Or, am I wrong? I'm leaning on the "wrong" though because of the heavy server load so I'm thinking that's probably why many businesses need to have multiple servers (like one for file services, one for email/Exchange, one for DHCP, etc. Please correct me.

 

I plan on getting a network like the OP's, though.

If you run a sbs server it has it all built in, it runs horrible though. To keep things fast you are best off to separate the iis/share point from the setup. Everything else is fine (dns, dhcp, active directory, file server)

[MtnDewCodeRedFreak]

Chapter 5 is dedicated to seeing up a second line. It does talk a little about load balancing, but I think you are limited on choices.

If you run a sbs server it has it all built in, it runs horrible though. To keep things fast you are best off to separate the iis/share point from the setup. Everything else is fine (dns, dhcp, active directory, file server)

 

Gotcha. Thanks! I agree about the web thing lol.

[+BudMan MVC]

Sharepoint i a hog, and to be honest horrific - not sure why anyone uses it.. But yeah it needs it own server(s) depending on size of your org, etc.  Could it run all on one box without issue - sure, how beefy is the one box?  Dhcp, dns are pretty low resource users.  AD itself again nothing. File not all that cpu heavy - but if your having users move alots of large files all day long then eats up your bandwidth for stuff like sharepoint and web, etc.

 

As to chapter 5..  The big thing there is if you go with IP group vs "auto" ;)  I don't think you read it if all you think you can do is set up or down bandwidth.

 

IP Group (By Users):
Select this option to group traffic on each WAN interface by priority levels or classes of service (CoS). With this feature, you can ensure bandwidth and higher priority for the specified services and users. All traffic that is not added to the IP Group uses Intelligent Balancer mode. To specify the services and users, click the Edit icon for the WAN interface and then add protocol binding entries for each service, IP address, or range of IP addresses.

 

If your going to go with auto your kind of done - if you don't go auto then you have lots of stuff to do ;)  Did you setup your service detection, what do you pay for from your isp for bandwidth?  Do you actually see that bandwidth - do you get more than that?  You need this for both lines.

[24elements]

Right now I have bridged the new dsl line and it is connected to port 1 of the dual wan router.  I'm letting the intelligence balancer do load balance.  I have connected a laptop to one of the lan ports on the router and internet access is fine.  Sunday I'm going onsite to set everything up.  I'll bridge the other dsl line and connect it to the second WAN port.  Then cable the router to the switch.  My main concern is this:  All 12 workstations share a folder on the server and must see this folder as they currently do.  If they don't I'll have to back out of the install and figure it out.  sc302, you cleared up this issue in my mind as you said the workstations will seek the router for internet through the switch or the server through the switch for the shared folder access.  Currently the dsl modem is doing dhcp and I'm going to duplicate that dhcp scope on the router.  The server is setup as a Windows 2008 R2 Standard Edition domain controller with Active Directory.  DNS is installed but nothing is setup, like dns zones.  DHCP is not setup on the server as I have let the dsl modem do dhcp.  Keeping in mind the workstations must access the internet and the shared folder on the server.  Will this work or have I forgotten anything?  I like the KISS method.  Both dsl lines, bridged, are cabled to the WAN ports on the router and a LAN port on the router is cabled to the switch.  That's the correct configuration and should work shouldn't it?

[+BudMan MVC]

"DHCP is not setup on the server as I have let the dsl modem do dhcp."

 

This is bad setup..  In AD, your AD should be your dhcp and your dns - since this how AD knows about the IP addresses of its member boxes through dhcp leases and dns registration.  There is NO Point in using other devices for these services when your running AD.

 

Your dhcp scope on your server needs to point to itself for dns for dhcp clients, and point to the routers IP for gateway off the network.

 

"All 12 workstations share a folder on the server and must see this folder as they currently do"

 

What would changing the gateway have to do with this access??  Are all the devices on the same segment 192.168.1.0/24 for example - what your gateway is off this network, be it a dual wan router, a isp provided gateway - a box running pfsense, a soho router running dd-wrt, the gateway off the network has NOTHING to do with access to a box on the same segment - this box could be on or off or whatever it has nothing to do with devices accessing each other off a switch.  Since your server should be both dns and dhcp - your gateway device has nothing to do at all with that nework.. It is a GATEWAY off the network, that is all!

[24elements]

Budman...so you're saying install DHCP on the server.  I don't understand "Your dhcp scope on your server needs to point to itself for dns for dhcp clients, and point to the routers IP for gateway off the network."  You mean on the server nic setup have a static ip, the ip of the router / gateway and have the static ip of the server as the primary dns?

[+BudMan MVC]

Well Yeah your server is going to be static if running dhcp server.  Lets say its IP address is 192.168.1.2, and your new routers lan ip is 192.18.1.1

 

Your dhcp scope on the server could hand out say 192.168.1.100-200

 

The router option in the dhcp scope should point to your "router" 192.168.1.1, and dns should be 192.168.1.2 (the server running dns for your AD)  In the dns server you could either forward to the routers dns forwarder, or your isp, or googledns whatever you want to use for outside dns, or it could do direct from root hints, etc.

[sc302 Veteran]

Server ipv4 static configuration

ip address: 192.168.1.10

subnet: 255.255.255.0

gateway: 192.168.1.1

 

dns primary: 192.168.1.10

dns secondary: there is no secondary, leave this blank

 

dhcp scope on server (disable dhchp on router)

range: 192.168.1.100-192.168.1.254

subnet: 255.255.255.0

router: 192.168.1.1

dns primary server: 192.168.1.10

dns secondary server: there is no secondary server, leave this blank

domain name: fqdn of your AD domain

 

I like to do switches and routers 192.168.1.1-9, servers 10-19, aps 20-49, printers 50-99, Computers 100-254.  Why? because I like to and I can always change the scope a bit to dip into the printers range if needed as there will probably never be that many printers for such a small network.

 

For larger networks, printers have their own subnet, pc's have a supernet, switches have their own subnet, and other devices will exist on their own.  I can then make rules to deny access to different areas or to the internet based on what subnet or supernet they are on.

[24elements]

I'll just be honest Budman.  When it comes to setting up forward lookup zones in dns on the server I have never done that and quite frankly it confuses me.  You said " In the dns server you could either forward to the routers dns forwarder, or your isp, or googledns".  What would be the routers dns forwarder?

 

sc302, I just saw what you posted but do I have to create a forward lookup zone in the servers dns?

[+BudMan MVC]

Well did you setup the router dns?  Normally it gets it from dhcp of your ISP and uses your isp dns.

 

I am not talking about a forward looking zone.. I am talking where your dns running on AD gets its info for non AD queries.

 

So when a clients asks your AD dns for www.neowin.net  - where does it get it, does it forward that request to your isp dns, googledns or does it look it up from roots.

 

 

 

Off the top I am not sure if the rv line runs a default dns forwarder service - most soho routers dhcp point to their local IP address as the dns server for dhcp clients, and then forward these requests to the dns server it got via the wan connection setup, ie whatever the ISP handed out in dhcp or what the admin of the router put in there, etc..

 

You will have to look into what you want to do here - here is where you can run into a problem.  Lets say you point your AD dns to your router IP for dns.. So when client asks AD for www.neowin.net, your AD dns asks your router.  Where you can have problems with dual wan is many isp dns they hand to their clients are only available of your on their network.  So if you are using ISP A as your forwarder, and isp is down you may not be able to get to to isp A dns from isp b connection.

 

You will have to read the manual on details of what the rv line support for dns forwarding service.  Or just let your AD point to say googledns for outside - then does not matter what isp connection it goes through.  Or just let it use root hints, etc.

[sc302 Veteran]

When you create you active directory domain, it creates your forward lookup zone. It also puts in root hint servers and defaults your lookups to use them if your dns server does not know what an address is...ie when a pc queries www.google.com on you local ad dns server. It it's recommended and best practice to use dns forwarders for faster response, however to get you going it isn't required.

To setup forwarders, go to your dns server in your administrative tools on your dc. Expand your dns server and you will find a line item called forwarders. Double click on that and put in google dns servers and/or any other dns servers that respond fast for you. Then check off the button to not use root hint servers.

[24elements]

If the dual wan router has 2 dsl lines connected to it and they are in bridge mode what dns will the new router use?

[sc302 Veteran]

Router doesn't need dns. But it will probably get it from the isp's dhcp. You shouldn't care about the router. The router will only need dns if it were to look for updates from a named server instead of ip. Otherwise why would your router try to go out to the internet? You only need to query dns if it is trying to get somewhere.

[24elements]

Let's backup a minute.....This is the current ip configuration on the server and workstations with dhcp on the dsl modem and dns installed on the server but I haven't created any dns forwarders.

 

Server

IP 192.168.1.3

SUBNET 255.255.255.0

GATEWAY 192,168.1.254 (Current single dsl modem address)

PRIMARY DNS 127.0.0.1 (loopback address)

 

All workstations

Obtain an ip automatically

Preferred dns 192.168.1.3 (server ip)

 

Current dsl modem dhcp scope is 192.168.1.1 - 253.

 

The above has worked for over 2 years and don't get me wrong I want to do it right.  But for now I want to keep this configuration and setup the dual wan router doing the dhcp with the identical scope because I don't want to make too many changes when I first put the dual wan router in the configuration.  I understand I need to have the server do dhcp and create a dns forward lookup zone for faster response.  But do you guys think doing ity the way I want to FOR NOW will be ok?

[sc302 Veteran]

Here is the thing in your setup. 

 

Lets assume your AD domain is "domain.lan" and your server has a FQDN of server.domain.lan.   When your computer queries the internet dns server, how is the internet dns server going to respond when your computer asks for the address of server.domain.lan?  It is going to say that it has no clue and you will not be able to connect to any of the shares or resources on server.domain.lan.  When you type in your password into your computer and your computer tries the query domain.lan for the Active Directory, what do you think the internet dns servers are going to respond with?  They are going to say that it has no clue and you will not be able to sign on to your computer with an AD account. 

 

How do I know this, because I have been in a lot of misconfigured networks where sometimes things work and sometimes things don't, randomly without cause because someone screwed up the most basic setup of Active Directory.  You want your network setup right, listen to the way budman and I are trying to get you to setup your network.  You want strange issues that make no sense and you can't figure out how to fix it, do it the way you have been.  Budman and I have been dealing with Active Directory since its inception (Windows 2000), we know a few tricks and how not to do it.  Your setup is how not to do it.

[24elements]

I'm not trying to be stubborn, please believe me.  And I totally know your right.  But why does it work now?

[+BudMan MVC]

I have been dealing with windows since 3.11 in the work place ;) before tcp/ip - remember having to install tcp/ip on windows - before it was ipx or netbui, we didn't even route just bridge between the main office and the remote offices.  Everyone on the same freaking broadcast domain ;)

 

This is the exact thing I was bringing up "what dns will the new router use?"

 

Normally routers don't need dns, have no use for it - what does a router care for looking up anything.  It just forwards packets.  But if your router is going to your dns service for your network, is when it matters so your clients can just point to it, and it will forward to your isp or google, etc.  Most soho routers do not do their own look ups via root hints.  Be cause they are not running full blow dns server - just a forwarder like dnsmasq or something.

 

But with your AD network, it doesn't really matter since everything on your network should point to your AD server for dns, and ONLY that - there should be no other dns servers listed on your clients other than your AD server!!  You can let your AD server use root hints, or configure forwarders to whatever other dns you want.  I like 4.2.2.2 as a pubic dns for example. Or you can use your ISP -- which was my point about the dual wan.  If you point to isp dns as your forwarders you need to make sure it only uses the correct isp connection to talk to that IP.  Or you could have issues reaching that dns..

 

My advice would be just to use root hints, and not worry about what your router has for dns, your not pointing to it anyway.  And your server should be your DHCP server.

 

edit: why does it work now?

 

All workstations

Obtain an ip automatically

Preferred dns 192.168.1.3 (server ip)

 

Your pointing to your AD dns, and its most likely using root hints for stuff like www.neowin.net.  If your clients have anything other than 192.168.1.3 list for dns you could have problems!!  And while dhcp does not have to be hosted by AD.. It makes everything easier and simple -- thought you liked KISS ;)  Now AD if running dhcp can register leases in dns for clients that do not support dns registration and can do the PTR entry, etc.

 

If your running AD, then AD is your dns and your dhcp server - this is the KISS setup and less likely to have issues setup!!

[24elements]

_{If I install dhcp on the server, which it isn't now. AD will see it's there and AD will become my dns server and dhcp server.  I don't understand how AD works with dns and especially dhcp.}

[sc302 Veteran]

The core component to Active Directory is DNS, screw with the way DNS is supposed to work within a AD network and you screw all of your computers (name resolution, being able to connect to the AD database to be able to signon, pushing group policies, syncing with servers, etc).  When you first fire up a server, and you attempt to get the active directory service up and running it will automatically install DNS.  It is not an option to not install DNS or bypass DNS from being installed/enabled.  DHCP is secondary/not needed/optional on a AD network but taking the time to configure DHCP properly will aid you in making things simple and easy to manage.  The reason that I say that it is not needed is that you can manually assign all of your computers with an ip on the network, this does not make things easy but it would function properly...it is highly recommended to use DHCP. 

[+Thayios Subscriber²]

http://www.ebay.com/itm/Cisco-RV042G-Dual-Gigabit-WAN-VPN-Router-RV042G-K9-NA-800115288-/390966776259?pt=US_Firewall_VPN_Devices&hash=item5b076f91c3

 

/thread

 

No need for making things complicated, you're going to spend more time (time = money) trying to rig anything else up.

[sc302 Veteran]

http://www.ebay.com/itm/Cisco-RV042G-Dual-Gigabit-WAN-VPN-Router-RV042G-K9-NA-800115288-/390966776259?pt=US_Firewall_VPN_Devices&hash=item5b076f91c3

 

/thread

 

No need for making things complicated, you're going to spend more time (time = money) trying to rig anything else up.

Yeah.....you need to catch up, we are passed that.