DSU/router/switch/traffic-shaper gizmo (maybe OT)
Dan Jenkins
dan at rastech.com
Thu Jul 3 08:54:31 EDT 2003
> We have a need to divide up an Internet feed among several tenants in
> a building. The feed will come in on a T1 or similar. Upstream
> provider gives us a CSU and a routable IP block. So we need to plug
> into the CSU and be a router. Each tenant will need to be on an
> isolated Ethernet. We will need to do NAT for some (but not all)
> tenants. We need to do traffic shaping/bandwidth limiting/whatever,
> so that no one tenant can hog the pipe.
>
> What I'm curious about is if anyone on this list has done this sort
> of thing with Linux? I know, in theory, Linux should be able of doing
> this. I know there are WAN interface boards, multi-port Ethernet
> cards, and traffic shaping software for Linux. But from past
> experience, I know that having all the pieces doesn't always add up
> to a stable, cost-effective solution. So I'm looking to hear about
> people who have actually done it, and can comment on how well it
> worked. Pointers to reviews and other third-party sources are
> welcomed as well as first-hand accounts.
We've been doing this for close to ten years (though usually without
traffic shaping).
We use Sangoma (www.sangoma.com) WANPIPE (S514 should work for you)
cards for the WAN interface. They amply support Linux. They have RPMs
and source which compiles quite nicely. Simple curses configuration tool
too. Nice folk to deal with tech support-wise. Albeit I only needed to
call them twice in the last 8 years. Once to overnight parts smoked by a
direct lightning hit.
We've never had reliability problems or any issues with the T1 providers
(we've worked with several dozen different companies). We've had more
down time due to Verizon getting fried in that lightning hit than
anything else - for all our clients combined. If the client had bought a
spare (like we originally recommended), the downtime would have been
same day instead of next day. (It took Verizon 8 hours to get their
service back up.)
One caveat--as you need to provide each one with its own physical
network, you'll need a network interface per each tenant. This can be
problematic for some PC motherboards - you got to have enough slots.
I've had good luck with several multiport network cards, including the
Nextreme ones. I've even used USB network interfaces (yes, with Linux)
in one case where we ran out of room in an older PC (had 5 network cards
already, 2 ISA, 3 PCI, 1 PCI card for WAN). That worked fine. No idea
whether that scales at all. Wouldn't bet on it.
Regarding the routing, I just handcode with iptables and routes as
needed. We only needed to do traffic shaping once. I don't even
recollect what we used at this time. We took it off later when the
tenant they wanted restricted moved. Never had much of a contention
problem surprisely enough. Performance of the Linux system has never
been an issue. If the box also does other things (such as email, web
proxy, web content filtering, etc.), than we add a bit more ram and hard
drive space. Basically, any modern system is way more than adequate.
We usually provide the client a slightly customized web interface using
Webmin and maybe some custom Webmin modules or commands.
Let us know how this turns out for you.
--
Dan Jenkins (dan at rastech.com)
Rastech Inc., Bedford, NH, USA --- 1-603-624-7272
*** Technical Support for over a Quarter Century
More information about the gnhlug-discuss
mailing list