Joining two networks without sharing ISPs (VLAN free solution)

Network
Joining two networks without sharing ISPs (VLAN free solution)
Share Twitter Facebook Pinterest Tumblr Google+

Did you ever have a day when your internet didn’t work? I hate that. I always wished I simply could use the internet from a neighbor. Of course you can with WiFi, but we have two offices here next to each other with two different ISPs so the chance that both fail at the same time is miniscule.

A bit more: A real Network bridge

For us it was even a bit more. Since I help in the office I wanted to be able to share all devices within a network, so they are locally accessible.

So the goal is to access all devices on each other's network – as far as you don't block them – still use your own ISP and in case of emergencies switch over.

The Challenge

When you have a standard cheap ISP, you normally have a router with DHCP which tells your devices, which router to use. The problem for such a bridge is there can only be one DHCP server in a network.

The future solution should be VLANs, but those are not supported on all devices yet and might never come. E.g. I am using a Airport Extreme and Airpot Express a lot throughout the house, with no VLAN support.

People claim there is NO solution, but there is 🙂

The Easy Solution

There is super easy way I found after I have done the analysis described in the last section. All you need for this solution is

  • each party needs a manageable Switch e.g. Cisco SG300-10
  • One cable between both networks

Setup the Hardware

For this description each party connect their router to port 1 and  the cable to the other party for to port 2 . I am assuming here that the router is a NAT Router using DHCP, but best is if WLAN is not going through this router. Ports 3 and all higher should be all devices for the local network, including other switches and WLAN stations.

Note: If the router's WLAN is used all devices connected to this WLAN can neither access decvices on the neighbor nor use the backup internet!

Setup the Network-Settings

There are only two things to do here:

  • Setup both networks to use exactly the same subnet, and the addresses given out by DHCP should be distinct. e.g. 192.168.123.* as subnet, both routers have 192.168.123.1 and one DHCP gives out 2-120 while the other uses 121-240.
  • Setup on the manageable switch to be port 1+2 both protected so they cannot communicate with each other

[tkp_image width="960" alt="Cisco SG300-10 Networkbridge Setup"]Cisco-SG300-10-Networkbridge-Setup.png[/tkp_image]

That’s it, now clients can talk to each other even though both use their own routers to go into the internet.

Note: If you want to speed up the switch when the internet fails, simply set the ARP request timeout (under IP Configuration -> ARP) lower, e.g. to 60 seconds.

What to do when Internet fails?

IF your ISP fails there are only two things to do:

  • On the failing side deactivate port 1.
  • On the working side remove the protection from port 1.

You are done. Your network can now communicate with the other party’s router and your own router does not disturb the communication by having the same IP.

Limit the sharing

If you have things you don't want your neighbor to share, like certain devices or services like Bonjour or AirPlay you can use ACLs to block those.

Discussion

Honestly I wished I had found a solution with just one manageable switch, here is why I failed:

It's easy to block communication of routers from the other side including DHCP request. This is what ACLs are for. What I did not find was any way to manipulate the ARP requests. The ARP requests tell the switch which port our router is connected to. I noticed that you will always have a race condition, it could happen that the neighbor's router answers the ARP request before ours and then all packages would be dropped and you have no internet until the next ARP request.

One thing I am currently looking into, is automatically switching the used router, will post it if I find a solution.

I would love to hear any other solutions.