Business FIOS at the office. Part II.
Our changeover from XO DSL for Verizon FiOS is now complete. We just ordered the cancellation of the DSL line yesterday so there is no turning back now. Our network topology with the DSL service was not what I would call ideal, particularly when it came to security and because of that it was quite an effort to get completely functional with the new design. We leased a block of 32 IP’s from the DSL provider and every device on our network had a public Class A address (I know, not cool), it’s just how I did it from the beginning 11 years ago. But I was able to keep everything secure with diligent firewall rules and reviews and by keeping all the systems up top date. I knew long ago that I should change this but it was one of those things that just remained on the back burner.
With the new FiOS package that we chose I went with leasing only 14 IP’s which obviously forced me into making the long needed change. We have approximately 30 network devices here at the office including the IP phones (they were not publicly adressed, thank you). So, logically I did what should have been don in the first place and put all of our network devices on a private network and left only the servers on the public IP’s. Needless to say this required the reconfiguration of all the desktops, printers, the scanner, switches and servers. The switch was the most involved as we had to reassign a number of ports and add an additional VLAN for the new private address network. A number of the servers were also converted to multihomed mode so that they would have a physical connection to both the public and private networks because they provide services to both. Additionally, we have 2 primary DNS servers here that provide name resolution for a number of domains including some that are not ours. The coordination of reconfiguring those servers and making the authoritative record changes was done carefully so as to avoid any downtime for web-services, they were completed on Monday this week.
As I mentioned in the previous post, we are using a Soekris Net5501 as our router and firewall. It runs BSD’s well regarded PF packet filtering software via pfSense and has more than enough processing power to allow our bandwidth to operate at full speed.
Our Sonic Wall SOHO 50 is now retired after almost 12 years in service. Proprietary it may have been but it ran like a champ. It’s so out-dated I can’t find a picture of it on the internet. We have the Soekris set up to provide NAT to the new private address LAN and then we set up a bridge from the WAN port to another port that provides the connectivity to all the new FiOS leased public IP’s. Its a mildly complicated configuration but once its going it is rock solid reliable.
I also mentioned in the earlier post that I was looking forward to the speed increase that would allow us to do offsite backups in a reasonable amount of time. That is working out great. We have about 330GB of current and archived data. It wouldn’t pay to start the offsite transfer from scratch so I made an initial transfer at the office and then took that drive to the offsite location. From then on all that needs to happen is to transfer the incremental updates. That amounts to a few GB at most a on any given day, only mere minutes now instead of hours.
It’s done.