Commercial building CAM internet

Networking & Firewalls
1

I have 3 commercial buildings next to each other owned by the same landlord. Fiber is now coming to our area so they want to sign up for gig fiber and include it in CAM fees to the tenants. We’ll get a block of IP addresses for the tenants to each have their own static but I’m not sure of the best way to deal with the network to divide it all out.

Usually when you have multiple IP addresses from an ISP you plug the line from the ISP into a switch and each router will set the IP. However, we want to do WAN failover with pfsense in case the main provider goes down. Is there a way to do this without doing double NAT to everybody when they plug in their own router? Or is my best solution to provide 2 cables from different switches coming from each ISP to each tenant and it’s up to them to have a router to handle multi wan?

The idea is to do overhead fiber to each building. Any recommendations on a switch to put in each building to activate the fiber? We want 10 GB pushed over that fiber to meet traffic needs (possible shared cluster VM hosting in addition to internet.) Also any recommendation on where to buy lengths of fiber already made that we can run?

2

I would get a used Cisco C4948 (around $100 on eBay) and terminate the ISPs to that switch. If you get a separate IP block for each customer, it is easy to create a L3 link between the switch and their firewall. The ISP will make sure to route those blocks across the L3 connection you have with them. Since they are local networks on the switch, you shouldn’t have to do anything except create a default route back out to that ISP. Also, make sure to configure each ISP on its own VRF so they don’t share routing tables. The customers connection via that same ISP needs to be assigned on that VRF as well. This setup will allow the customer to configure the primary and secondary ISPs to use.

1 Like
3

Thank you very much @FredFerrell I don’t have any experience with layer 3 so I have some research to start doing. That obviously explains why this is so hard for me to figure out because I don’t even know about that aspect of networking. You at least pointed me in a direction I didn’t know about so I appreciate that.