• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Routing Tables

Ahhzz

Moderator
Staff member
Joined
Feb 27, 2008
Messages
8,701 (1.48/day)
System Name OrangeHaze / Silence
Processor i7-13700KF / i5-10400 /
Motherboard ROG STRIX Z690-E / MSI Z490 A-Pro Motherboard
Cooling Corsair H75 / TT ToughAir 510
Memory 64Gb GSkill Trident Z5 / 32GB Team Dark Za 3600
Video Card(s) Palit GeForce RTX 2070 / Sapphire R9 290 Vapor-X 4Gb
Storage Hynix Plat P41 2Tb\Samsung MZVL21 1Tb / Samsung 980 Pro 1Tb
Display(s) 22" Dell Wide/24" Asus
Case Lian Li PC-101 ATX custom mod / Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G502 Lightspeed Wireless / Logitech G502 Proteus Spectrum
Keyboard K68 RGB — CHERRY® MX Red
Software Win10 Pro \ RIP:Win 7 Ult 64 bit
Ok, routing always gave me a headache... at a previous employer, we had two network protocols (ethernet and token ring) over several buildings in different cities, and 1 server in 1 building. I know it was possible for us to "route" traffic from the token ring sides to the Ethernet server, but it always gave me fits trying to comprehend it, especially since once we started converting TR users to Ethernet, we had to manually enter a Route statement in their PC to get them back across.

I've run into it again, and need some help. We have a client with network cameras on two different networks, in two different buildings, and on two different External (internet viewable) addresses. The Internet provider has issued 2 static IPs into a single drop, and we split it with a switch, sending it to the two different buildings, with their own routers.

Building two is on 192.168.254.***, and has 4 IP cameras in place (they're on IP addresses 192.168.188.**). Building one is on 192.168.1.***, and the Network Video Recorder (NVR) is located at 192.168.1.24, and the cameras in that building are on 192.168.188.**.

I need the NVR to see the 4 remote cameras. The gentleman in Building 1 owns both buildings, and wants cameras on both. With access to both routers (they're using PFSense), I think I need to add a route statement to each, so they can see the other, but I'm failing miserably I'm afraid. Can a get a little assist here? :) Thanks!!

edit added a pic as point of clarification :)

CADE1.jpg
 
Last edited:
Joined
Jul 3, 2008
Messages
174 (0.03/day)
Processor Intel Core i7 5820k
Motherboard MSI X99S-GAMING7
Cooling Corsair H105
Memory 16GB G.SKILL DDR4
Video Card(s) Gigabyte GTX1070 Gaming G1
Storage Samsung 840 Evo 256GB
Display(s) Acer Predator XB271HU
Case Corsair 800D
Audio Device(s) ASUS XONAR
Power Supply Corsair HX850i
Mouse Logitech G502
Keyboard Filco Majestouch
Software Windows 10
I've tried to type out an answer for this three times. Each time I find myself starting to talk about broadcast domains and layer 3 networks. Which isn't going to make sense to you.

If you are expected to address this as part of your job. You should really spend some time learning about the basics of networking.

My advice is get a CBT nuggets subscription and do the Cisco ICND 1 module. It will give you the foundation you need to be able to figure this out and you'll be able to handle more things in the future.

Either that or pay someone who knows what they are doing to redesign your network.
 
Joined
Jan 1, 2016
Messages
522 (0.17/day)
Location
Beachy Gulf Beach
System Name RadActive Dragon & Black Dragon
Processor i7 5960X & 1090T
Motherboard Gigabyte X99-UD3P & Asus Sabertooth 990FX
Cooling EK EVO & Corsair H50
Memory GSkill TridentZ 32GBs 3200MHz & Vegeance 8GBs 1600MHz
Video Card(s) 2x 980Ti & 960 FTW
Storage Samsung Pro 256GB & Intel 120GB
Case Heavy modded Haf X & NZXT Apollo
Power Supply AX1200 & AX1200i
Software Windows 7 & Ubuntu 15.04
Yeah, trying to explain that stuff is a bit of a pain. Though, first time I ever seen two routers using a switch in between each other then to go through to a internet connection. Unless, is that top switch a layer 3 switch?

Only seen so far where routers talk directly with each other and using switches between each other with all them going back to on master switch that then hooks to a router that routes out to the internet. If it was done that way it probably be easier then to use VLANs. My experience is still small in setup of routing though.
 
Last edited:
Joined
Apr 30, 2006
Messages
1,181 (0.18/day)
Processor 7900
Motherboard Rampage Apex
Cooling H115i
Memory 64GB TridentZ 3200 14-14-14-34-1T
Video Card(s) Fury X
Case Corsair 740
Audio Device(s) 8ch LPCM via HDMI to Yamaha Z7 Receiver
Power Supply Corsair AX860
Mouse G903
Keyboard G810
Software 8.1 x64
Is there a reason for the two different IP addresses for the buildings? Seems weird since the buildings are connected to a switch and then to the internet at a single point.
 
Joined
Oct 22, 2014
Messages
13,210 (3.84/day)
Location
Sunshine Coast
System Name Black Box
Processor Intel Xeon E3-1260L v5
Motherboard MSI E3 KRAIT Gaming v5
Cooling Tt tower + 120mm Tt fan
Memory G.Skill 16GB 3600 C18
Video Card(s) Asus GTX 970 Mini
Storage Kingston A2000 512Gb NVME
Display(s) AOC 24" Freesync 1m.s. 75Hz
Case Corsair 450D High Air Flow.
Audio Device(s) No need.
Power Supply FSP Aurum 650W
Mouse Yes
Keyboard Of course
Software W10 Pro 64 bit
Wow, that seems complicated just to access remote cams.
I'm far from an expert, but if you know the cams I.P. isn't it only a matter of also knowing which port they forward from and entering that in the NVR's software or the I.P. in a browser to access?
 

Kursah

Super Moderator
Staff member
Joined
Oct 15, 2006
Messages
14,664 (2.30/day)
Location
Missoula, MT, USA
System Name Kursah's Gaming Rig 2018 (2022 Upgrade) - Ryzen+ Edition | Gaming Laptop (Lenovo Legion 5i Pro 2022)
Processor R7 5800X @ Stock | i7 12700H @ Stock
Motherboard Asus ROG Strix X370-F Gaming BIOS 6203| Legion 5i Pro NM-E231
Cooling Noctua NH-U14S Push-Pull + NT-H1 | Stock Cooling
Memory TEAMGROUP T-Force Vulcan Z 32GB (2x16) DDR4 4000 @ 3600 18-20-20-42 1.35v | 32GB DDR5 4800 (2x16)
Video Card(s) Palit GeForce RTX 4070 JetStream 12GB | CPU-based Intel Iris XE + RTX 3070 8GB 150W
Storage 4TB SP UD90 NVME, 960GB SATA SSD, 2TB HDD | 1TB Samsung OEM NVME SSD + 4TB Crucial P3 Plus NVME SSD
Display(s) Acer 28" 4K VG280K x2 | 16" 2560x1600 built-in
Case Corsair 600C - Stock Fans on Low | Stock Metal/Plastic
Audio Device(s) Aune T1 mk1 > AKG K553 Pro + JVC HA-RX 700 (Equalizer APO + PeaceUI) | Bluetooth Earbuds (BX29)
Power Supply EVGA 750G2 Modular + APC Back-UPS Pro 1500 | 300W OEM (heavy use) or Lenovo Legion C135W GAN (light)
Mouse Logitech G502 | Logitech M330
Keyboard HyperX Alloy Core RGB | Built in Keyboard (Lenovo laptop KB FTW)
Software Windows 11 Pro x64 | Windows 11 Home x64
Wow, that seems complicated just to access remote cams.
I'm far from an expert, but if you know the cams I.P. isn't it only a matter of also knowing which port they forward from and entering that in the NVR's software or the I.P. in a browser to access?

Agreed. To me it appears we have two LAN subnets that need static routes set on both sides to allow traffic traversal. At least if the diagram is correct from the, what I assume is an L3 switch that both routers are connected to. Gotta dig into the top of the network pyramid here to accomplish that.

This might help though: http://superuser.com/questions/753472/pfsense-to-route-between-multiple-subnets-on-same-lan

In theory if the routers are not connected to the same device you manage for controlling routes, there is an option of WAN-to-WAN routing. Again this depends on the accuracy of the above diagram, but that option would be an IPSEC or OpenVPN tunnel(s), site-to-site. PFSense makes these pretty easy to setup. Not sure what PFSense version you're on, but these should work even with 2.3.x's new UI. VPN tunnels are very easy to setup on a PFSense router, and especially between them, but even if there was a SonicWall or Cisco, etc. it's not too bad to accomplish.

https://blog.monstermuffin.org/create-an-ipsec-site-to-site-tunnel-between-two-pfsense-firewalls/
https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site

Though the issue with VPN tunnels is they can slow down traffic, and depending on the network connection, hardware in the routers, and possible QoS filtering, could cause degraded video quality. But if this traffic must traverse the Internet at all (which it doesn't appear to), I would absolutely be streaming over an encrypted VPN tunnel with AES 256, SHA 256 and RSA2048.

I'd like to know how that switch is setup, if there are active VLAN's if it's acting as a gateway switch to maintain faster VLAN packet routing...if that's the case, a route here may be necessary.
https://community.spiceworks.com/to...-default-gateway-for-vlans-and-layer-3-switch
http://www.cisco.com/c/en/us/suppor...-routing/41860-howto-L3-intervlanrouting.html

I hope some of those links are helpful. Frankly though if your routers don't have routes on the switch if it is in-fact in L3 mode, issues could occur. I have a feeling if you can access the potential L3 router at the top, that would be a good place to start with static routes, inter-VLAN routing, etc. I apologize I'm very tired and meant to comment earlier. I hope my post makes sense where my train of thought has gone for solving this issue. Also are the LAN switches at each site L2 or L3? If L3 is it in L3 mode being utilized or staged in L2 configuration?
 

Ahhzz

Moderator
Staff member
Joined
Feb 27, 2008
Messages
8,701 (1.48/day)
System Name OrangeHaze / Silence
Processor i7-13700KF / i5-10400 /
Motherboard ROG STRIX Z690-E / MSI Z490 A-Pro Motherboard
Cooling Corsair H75 / TT ToughAir 510
Memory 64Gb GSkill Trident Z5 / 32GB Team Dark Za 3600
Video Card(s) Palit GeForce RTX 2070 / Sapphire R9 290 Vapor-X 4Gb
Storage Hynix Plat P41 2Tb\Samsung MZVL21 1Tb / Samsung 980 Pro 1Tb
Display(s) 22" Dell Wide/24" Asus
Case Lian Li PC-101 ATX custom mod / Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G502 Lightspeed Wireless / Logitech G502 Proteus Spectrum
Keyboard K68 RGB — CHERRY® MX Red
Software Win10 Pro \ RIP:Win 7 Ult 64 bit
Thanks for all the replies, esp all at once lol

Yeah, trying to explain that stuff is a bit of a pain. Though, first time I ever seen two routers using a switch in between each other then to go through to a internet connection. Unless, is that top switch a layer 3 switch?

Only seen so far where routers talk directly with each other and using switches between each other with all them going back to on master switch that then hooks to a router that routes out to the internet. If it was done that way it probably be easier then to use VLANs. My experience is still small in setup of routing though.

Is there a reason for the two different IP addresses for the buildings? Seems weird since the buildings are connected to a switch and then to the internet at a single point.

The top switch is there to split the ISP provided connection. There's one connection outside building 2, and the ISP provided 2 IP addresses on the same circuit. The switch allows us to give each company its respective IP address :) . It's just a basic netgear 5-port Gigabit. The reason there are 2 IPs is because there are 2 companies :) Building 1 Business owner actually owns both buildings, and wants to provide camera coverage for the whole area, since he owns the buildings. Feels it's his responsibility to maintain security.



Wow, that seems complicated just to access remote cams.
I'm far from an expert, but if you know the cams I.P. isn't it only a matter of also knowing which port they forward from and entering that in the NVR's software or the I.P. in a browser to access?

The problem is that the cameras use port 8000 for remote access, but that's the port forwarded in the router (bldg 1) to allow remote access to the NVR itself, so we can't forward that port from the cameras to the NVR o_O conflicting port traffic :(.


I've tried to type out an answer for this three times. Each time I find myself starting to talk about broadcast domains and layer 3 networks. Which isn't going to make sense to you.

If you are expected to address this as part of your job. You should really spend some time learning about the basics of networking.

My advice is get a CBT nuggets subscription and do the Cisco ICND 1 module. It will give you the foundation you need to be able to figure this out and you'll be able to handle more things in the future.

Either that or pay someone who knows what they are doing to redesign your network.


I do need to improve my networking skills, even as old as I am. I've just got too many spots where it's weak.


So, I did manage to figure out routing, at least for this mess. I had to tell the router in BLDG 2 that BLDG1 router knows how to find the 188 subnet, and then told BLDG 1` router that the NVR knows how to find the 188 subnet, which worked fine, as far as it went. Telling BLDG 1 how to get to the 254 subnet wasn't much more. The problem occurred when I realized that the NVR couldn't be told how to find the 254 subnet :(. The NVR is basically a mini-router as well, as evidenced by it talking to the cameras on a 188 subnet, instead of whatever it is attached to on the front end.

What we ended up doing, was pulling a second line from Bldg 1 to Bldg 2. This connection goes from a single port on the back of the NVR to a POE switch in Bldg 2, and from there to the additional 4 cameras covering Bldg 2 and surrounding area. The NVR assigned each camera to an open "virtual" port, with its correct IP, and seems to work great. I think I might have been able to make it work if I could have gotten in the depths of the NVR's OS, but more likely would have opened a new can of "What else don't I know?", and this was a more efficient method.

Anyway, thanks so much for all the help and input, everyone! Appreciate it! :)
 
Top