Real+Life+Scenario

= = Static Routing - A Real-Life Scenario = =

At the hospital where I work, we use mostly static routing, and it works very well for our network topology, even though we do not have a typical stub-network. Allow me to explain our situation:

We have multiple VLANs; however, there are two "main" VLANs - the Default hospital VLAN (1 in the example) and the Radiology department's VLAN (2 in the example).

I would simplify our network topology by calling it a "double-stub" network. What I mean by that is we have two main routes in and out of the hospital - a connection to our corporate offices and a 100MB Internet connection.

The main route out of the hospital is our PTP connection to our corporate office. Once the IP traffic is sent to the corporate network routers, our corporate networking department regulates http traffic via Access Control Lists (ACLs). These ACLs are based on the source IP addresses of the computers on our default VLAN who are allowed (or disallowed) to access the Internet. All computers on the default VLAN have a Default Gateway of our "Core in-house router."

The Radiology department; however has a separate "Radiology router" with a 100MB connection to the Internet which is required to send and receive large images (X-Rays, Echos, etc). This router does not use ACLs to block HTTP traffic on a per IP basis. All computers on the Radiology VLAN have a default gateway of the "Radiology router" and have full Internet access by default.

Our "Core in-house router" has a default route (quad zeros) that points to the router at our corporate office. All default VLAN IP traffic destined for the Internet must go through our connection to corporate, where it is then filtered according to the ACLs.

When things become interesting (as well as convenient) is when we need to allow all hospital computers (including those which would normally not have Internet access) access to a particular approved website. All I have to do is add another static route (usually a host route with a mask of 255.255.255.255) to the "Corporate router" which sends all IP traffic destined for that website's IP to the "Radiology router" which has an "open" connection to the Internet. Quite handy use of static routes! (See image for over-simplified example)

-Rob