Turning off Intersite Topology Generator

  • 149 Views
  • Last Post 17 February 2019
idarryl posted this 17 February 2019

Hey folks,
TL;DR: under what conditions is is turning off Intersite Topology Generator a suitable solution? Under what conditions is it better to turn off ISTG rather than turn off 'Bridge all site links’?
I have a situation I’m trying to help out in, but I’m lacking some of the more detailed knowledge of the replication architecture in AD.
The situation is a merger of two existing forests/domains (Domain A & Domain B) into one existing domain (Domain Z). Most subnets in Domain A and Domain B overlap with Domain Z.  The project has ruled out re-IPing the subnets of the incoming Forests (A & B), unless it’s the only technical option. The proposed solution is to create two ‘hub’ networks that use unused subnets. The logical layout would be that all offices/sites would connect to data centres/hosting faciclities as they do currently, and then all the data centres/hosting facilities would connect to the two hubs.  Sites and service will be identical across all Forests prior to the migration and the idea is that as the users and computers are migrated to Domain Z, that they can contact DC’s of Domain Z within the two 'hubs'
For anyone interested, theses are the project musts, verbatim: 

  • Must facilitate users and computers being able to successfully and timely authenticate to resource within their home domain or any other domain to which a trust relationship exists
  • Must allow for each of the 3 legacy networks only being able to have network connectivity to and from the ‘hubs’ and not between networks
  • Must allow domain controllers in each legacy network to properly replicate take in to account the ‘hubs’ model
  • Must allow for IP overlap between the legacy networks
In order to achieve this, the proposed solution is to disable and to manually define Intersite Topology for every site.  My gut tells me that turning off 'Bridge all sites’ in Domain Z is sufficient, but I struggling to articulate why turning of ISTG isn’t the right solution.
Is turning ISTG the right or wrong solution? Ditto for turning off 'Bridge all sites’?
Many thanksDarryl

Order By: Standard | Newest | Votes
bdesmond posted this 17 February 2019

I don’t see how turning off the ISTG would help you. Your main problem is that you have overlapping IP space that you’re going to have to do some degree of NAT’ing with. I assume the

proposal is that when your clients hit the ‘hub’ site, they will be NAT’ed into unique IP space? In theory it should work but it’s not a supported solution.

 

Thanks,

Brian

 



 



 

show

idarryl posted this 17 February 2019

Thanks Brian,
The honest answer is I don’t know. I’m no network guy, I’m not even working for the company, I’m just doing a concerned project member a favour by looking over the proposal. 
I thought that each of the two hubs were going to use a unique IP space each, and those would be unique to the three networks combined. I’ll ask. 
My issue is, I agree, I don’t see how turning off ISTG will help, but I can’t explain how it won’t. Would you mind sharing your thinking?
~Darryl


show

bdesmond posted this 17 February 2019

The ISTG takes site link (and bridge) data that the administrator supplies and creates the connection objects between domain controllers in the sites. Subnet data has nothing to do with

that and isn’t taken into account.

 

Thanks,


Brian

 

show

Close