DSU/router/switch/traffic-shaper gizmo (maybe OT)

Dan Jenkins dan at rastech.com
Thu Jul 3 08:54:31 EDT 2003


>  We have a need to divide up an Internet feed among several tenants in
>  a building. The feed will come in on a T1 or similar. Upstream
>  provider gives us a CSU and a routable IP block. So we need to plug
>  into the CSU and be a router. Each tenant will need to be on an
>  isolated Ethernet. We will need to do NAT for some (but not all)
>  tenants. We need to do traffic shaping/bandwidth limiting/whatever,
>  so that no one tenant can hog the pipe.
>
>  What I'm curious about is if anyone on this list has done this sort
>  of thing with Linux? I know, in theory, Linux should be able of doing
>  this. I know there are WAN interface boards, multi-port Ethernet
>  cards, and traffic shaping software for Linux. But from past
>  experience, I know that having all the pieces doesn't always add up
>  to a stable, cost-effective solution. So I'm looking to hear about
>  people who have actually done it, and can comment on how well it
>  worked. Pointers to reviews and other third-party sources are
>  welcomed as well as first-hand accounts.

We've been doing this for close to ten years (though usually without 
traffic shaping).

We use Sangoma (www.sangoma.com) WANPIPE (S514 should work for you) 
cards for the WAN interface. They amply support Linux. They have RPMs 
and source which compiles quite nicely. Simple curses configuration tool 
too. Nice folk to deal with tech support-wise. Albeit I only needed to 
call them twice in the last 8 years. Once to overnight parts smoked by a 
direct lightning hit.

We've never had reliability problems or any issues with the T1 providers 
(we've worked with several dozen different companies). We've had more 
down time due to Verizon getting fried in that lightning hit than 
anything else - for all our clients combined. If the client had bought a 
spare (like we originally recommended), the downtime would have been 
same day instead of next day. (It took Verizon 8 hours to get their 
service back up.)

One caveat--as you need to provide each one with its own physical 
network, you'll need a network interface per each tenant. This can be 
problematic for some PC motherboards - you got to have enough slots. 
I've had good luck with several multiport network cards, including the 
Nextreme ones. I've even used USB network interfaces (yes, with Linux) 
in one case where we ran out of room in an older PC (had 5 network cards 
already, 2 ISA, 3 PCI, 1 PCI card for WAN). That worked fine. No idea 
whether that scales at all. Wouldn't bet on it.

Regarding the routing, I just handcode with iptables and routes as 
needed. We only needed to do traffic shaping once. I don't even 
recollect what we used at this time. We took it off later when the 
tenant they wanted restricted moved. Never had much of a contention 
problem surprisely enough. Performance of the Linux system has never 
been an issue. If the box also does other things (such as email, web 
proxy, web content filtering, etc.), than we add a bit more ram and hard 
drive space. Basically, any modern system is way more than adequate.

We usually provide the client a slightly customized web interface using 
Webmin and maybe some custom Webmin modules or commands.

Let us know how this turns out for you.

-- 
Dan Jenkins (dan at rastech.com)
Rastech Inc., Bedford, NH, USA --- 1-603-624-7272
*** Technical Support for over a Quarter Century





More information about the gnhlug-discuss mailing list