DSU/router/switch/traffic-shaper gizmo (maybe OT)

Tom Buskey tom at buskey.name
Wed Jul 2 14:10:50 EDT 2003


bscott at ntisys.com wrote:
> Hello list,
> 
>   Got a question for the many experts here.
> 
>   We have a need to divide up an Internet feed among several tenants in a
> building.  The feed will come in on a T1 or similar.  Upstream provider
> gives us a CSU and a routable IP block.  So we need to plug into the CSU and
> be a router.  Each tenant will need to be on an isolated Ethernet.  We will
> need to do NAT for some (but not all) tenants.  We need to do traffic
> shaping/bandwidth limiting/whatever, so that no one tenant can hog the pipe.
> 
>   We're specifically not interested in advanced security features like
> firewall, VPN, etc.  Those will be offered as an option using separate
> equipment on a per-tenant basis.
> 
>   Now, I know I could do this with some expensive box from Cisco, NetScreen,
> or the like.  What I'm curious about is if anyone on this list has done this
> sort of thing with Linux?  I know, in theory, Linux should be able of doing
> this.  I know there are WAN interface boards, multi-port Ethernet cards, and
> traffic shaping software for Linux.  But from past experience, I know that
> having all the pieces doesn't always add up to a stable, cost-effective
> solution.  So I'm looking to hear about people who have actually done it,
> and can comment on how well it worked.  Pointers to reviews and other
> third-party sources are welcomed as well as first-hand accounts.
>

We have a T1 coming into a Cisco 2600 to convert it to ethernet.  The 
Cisco does nothing but route.  Behind the router we have an BSD box as 
the firewall to the tenants.  It does NAT so we can easily change 
providers w/o having to renumber internally.  We allow each tenant to 
have 2 static ips on the outside.  We do redirects to specific IPs 
inside the NAT space if they want to run servers, etc.

We're not doing any traffic shaping or bandwidth limiting.




More information about the gnhlug-discuss mailing list