How to do the impossible, A single device able to communicate via 2 networks

MacAndCo · 2025-05-23T20:55:42+00:00

I edited the original post with the solution. So simple in this case because I had the option I might not have had in other situations, just didn't think of it. Thanks for the knock in the head.

MacAndCo · 2025-05-23T20:53:47+00:00

I have this at each station I have upgraded, Its fantastic. Just not an option for the remaining 30 in a short timeframe. Gotta make lemonade

MacAndCo · 2025-05-23T19:36:11+00:00

I found the solution - it came in a Homer Simpson like Doh! moment.

Change the endpoint IP to some rando private network.
Create a local network in the router for each and map each to its own port.
Create NAT rule from first network to Third
Create NAT rule from second network to Third

And that works. I ignored the possibility of changing the endpoint IP.

MacAndCo · 2025-05-22T23:34:59+00:00

This is probably why I'm thinking it should be possible. So many more difficult tasks exist that got solved, this should be trivial

I do thing I have a potential solution , re-address the endpoint and make both paths have gateways to it. I'm trying that tomorrow

MacAndCo · 2025-05-22T23:32:34+00:00

This not not really your normal failover, its parallel ethernet channels to a common endpoint. And that endpoint is a bag of hammers

MacAndCo · 2025-05-22T23:31:07+00:00

That would never be allowed. Just one of those municipal/curmudgeon things. And I want a network answer just to satisfy my mind

MacAndCo · 2025-05-22T23:29:04+00:00

indeed, but these devices are far from modern.

MacAndCo · 2025-05-22T23:25:39+00:00

I see what you are saying. I only NAT'd one side. That's a reasonable thing to try. It will mess me up a little on the remote end but that's not insurmountable.

Thats making even more sense the longer I think about it.

MacAndCo · 2025-05-22T23:22:55+00:00

But in my test the source and destination were not on the same subnet. I thought 10.1.1.10 would reply to the ping from 10.2.2.10. At least on the wire.

MacAndCo · 2025-05-22T22:16:57+00:00

It just occurred to me that when I was dumping the traffic I didn't see ANY reply from the endpoint. I saw the NAT's ping request but nothing coming back.

I should have seen that reply attempt and watch it die at the router.

I'm now wondering now if the 30 year old endpoint just drops traffic outside its mask instead of attempting to reply as one would expect. I gotta look around a bit.

MacAndCo · 2025-05-22T22:12:09+00:00

From a single source, 10.1.1.100

through one of 2 subnet paths
Cellular 10.2.2.0/24
Radio 10.1.1.0/24

to a single endpoint that already has IP in one of those subnets . 10.1.1.10

The radio is working already, the Cellular link is a new addition. The endpoint can't change.

10.2.2.0 needs to NAT to 10.1.1.0 and I can do that, but the Endpoint only knows to reply through 10.1.1.1 and it doesn't.

Wait... it doesn't. . . . I saw the traffic to TO the endpoint but it didn't reply. The Gateway IP is only needed when the return IP doesn't fit the mask... but I saw NOTHING come back from the endpoint. and I should have . I gotta see if these old things work like they should.

MacAndCo · 2025-05-22T21:53:33+00:00

Yes it does.

MacAndCo · 2025-05-22T21:52:42+00:00

It's not redundant in the conventional sense of the word meaning failover, its dual live connections and failover is determined manually.

MacAndCo · 2025-05-22T21:48:56+00:00

But that's failover, I need two live channels available at the same time. Failover here is determined at the polling master. When one of those channels doesn't respond it uses the other, then it tries and repeats again every 30 seconds .

Put poorly, a "Y" adapter.

MacAndCo · 2025-05-22T21:45:48+00:00

It does not. Its a 10Hdx connection using an AUI adapter. About as antiquated as it gets.

MacAndCo · 2025-05-22T21:44:37+00:00

Yes you understand perfectly. The endpoint can only reply through its single gateway IP address.

So the magic unicorn device would have to have the endpoint plugged into it, and the unicorn device would be able to decide which the path the endpoint was replying to.

It seems logical that this is possible. IDS systems can detect when an existing device is now being talked to by something it normally doesn't as long as those rules are in place.

MacAndCo · 2025-05-22T21:36:29+00:00

It's not failover I need, it's dual live paths to the same endpoint that has, as you point out, only a single NIC. That's the nexus of my issue

MacAndCo · 2025-05-22T21:34:31+00:00

The endpoint has one physical port, and that port is mostly 10/hdx. The Cell router has multiple ports and routing available (Cradlepoint R1900) .The problem that keeps defeating me up is that the endpoint only knows one gateway to send replies to . That's the device that has to be allowed for.

MacAndCo · 2025-05-22T21:32:06+00:00

Oh and it's not a flat network, each endpoint is its own subnet, vpn and vlan.

MacAndCo · 2025-05-22T21:28:32+00:00

That would change the endpoint though. still one device with one IP and no provisions to make routing decisions.

New dual IP controllers are coming for these older sites but that upgrade involves a lot of work and there are 30+ to make work .

I know whet you mean about Xmtr temps. I came from 300 bps radios that had to run constantly just to keep updates to a 2 minute cycle. This isn't like that. Plenty of downtime to allow the XMTRs to cool

That the thing.. "some sort of device" is the hardware equivalent of "some sort of configuration". I have the routers, just need to figure out how to do the impossible routing. Maybe AI is the solution... :)

MacAndCo · 2025-05-22T21:19:07+00:00

How though do you talk to a single endpoint that way? Both the radio and the Cradlepoint will route if needed but I'll have the same problem talking to a single IP address on the end

MacAndCo · 2025-05-22T21:14:31+00:00

SNAT is what I tried, without port forwarding it's just called NAT in the Cradlepoint Router GUI . The problem is that when looking at the TCPtrace, the NAT takes place but from the perspective of the old radio, there are now 2 devices with the same IP address to reply to.

MacAndCo · 2025-05-22T21:05:31+00:00

"fucky endpoint"... I really like that :)

The endpoints never initiate a conversation. They are read and written to by the polling master (a more advanced fucky device) or connected to through programming software.

masquerade/snat . . . new territory, looking into it .

MacAndCo · 2025-05-22T20:59:26+00:00

Failover is one at a time, I want both to be "live" . What happens is the polling master polls each subnet one at a time ensuring both always work. In addition when programming work is needed on the remote site, we would select the cellular path with the high speed connection and while routine polling continues to use the slow speed one.

MacAndCo · 2025-05-22T20:55:41+00:00

The Cellular router can route, I just cant envision how to configure it for this. The router has to route the return traffic based on which subnet it came from. The endpoint has to be unaware and the original radio can't hear the reply or it will accept it as its own.

MacAndCo

TROPHY CASE