Hi All,
We're about to be openning up an office, and since there is substantial bandwidth we'll be hosting our NS2 and backup server there, the primary servers are located at a NOC.
The big decision of the day is what to use as a router and traffic shaper. There are about four workstations and a server located there, and we'll need to prioritize between the boxes and also control the amount of bandwidth that goes out the main pipe ( ethernet to an ISP accross the hall)
Any ideas of what would be a good setup to do this? so far we've been looking at Cisco and linux htb. Our budget is about $500, however it's a bit flexible if we find something real nifty.
Regards,
Erek Dyskant
Unix Consultant
scooterh
09-20-2003, 06:58 PM
Packeteer is nice, not sure if its in your price range, i've setup a couple before just never knew of the price :)
http://www.packeteer.com/
Linux supports QOS (cbq, htb my fav. routines); that can allow you to shape traffic on many ways including bandwidth usage and bandwidth rate caps. Likewise you can also use FWMARK for iptables to prioritize protocols into your network. As for iptables itself; it can do pretty much anything with the right front end manager utility (e.g: shorewall, apf etc..).
The only con with linux is it has a really **** routing table. But this shouldnt be a problem for a network the way you described. As long as the system is minimalist configured; optimized for performance [tweak tcpstack, devices etc..) and locked down -- you should be good to use a Linux router.
Really your only thing with Linux is the learning curb in setting it up or maintaining it. Whereas hardware appliances let you more or less point-n-click your way through SOHO networking.
check out dummynet
http://info.iet.unipi.it/~luigi/ip_dummynet/
Originally posted by rfxn
The only con with linux is it has a really **** routing table.
What do you think is wrong with the Linux routing table?
Does it use too much memory? - are lookups slow? or?
Interesting...One of the reasons I was considering linux is because of the easy learning curve in comparison with other options (read Cisco.) I've already been admministering linux servers for years, but some of the router OSes are new to me.
Erek
Linux uses a hash based routing table; that is very limited in terms of size. The size can be increased (RT_HASH); however performance is very poor on systems with large routing tables and prone to degridation in network performance.
Bottom line is a hash based table is very bad for routing operations; the 2.6 kernel implaments a different scheme for static/dynamic routing operations but it is still hash based. Last i heard alan cox was working with linus to replace the hash based routing table with something more refined.
Most recently there was a route table flaw not long ago in 2.4.20> kernels that allow an attacker to craft packets in such a way that it filled the routing tables hash and caused a system to become unresponsive over the network. Many LinkSYS routers are still vulnerable to this issue and other appliance hardware based on linux kernels that have not been patched [be it manually or firmware upgrade].
In my opinion critical firewalling/routing should be given to BSD systems; workstation, web servers and other network servers should go Linux and desktops the infamous windows. However in a SOHO environment linux can do just fine in most if not all situations.
Originally posted by rfxn
Linux uses a hash based routing table; that is very limited in terms of size. The size can be increased (RT_HASH); however performance is very poor on systems with large routing tables and prone to degridation in network performance.
Are you sure that's not just a theoretical limitation in this scenario?
I have a Linux machine here running kernel 2.4.x. It has a routing table with 72000+ entries (i.e. plenty for everyone I should think) -- and it has no problems coping with 45 mbps of traffic using only <10% CPU on a standard Intel 2.4 gHz server.
