Date: Mon, 25 Nov 2002 03:39:15 +0100 From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= <sten.daniel.sorsdal@wan.no> To: "Andrew Thompson" <andy@fud.org.nz>, <freebsd-isp@freebsd.org> Subject: RE: 150 VLANS?? Message-ID: <0AF1BBDF1218F14E9B4CCE414744E70F07DDEE@exchange.wan.no>
index | next in thread | raw e-mail
I would go for the 150 VLANs thing, it might get you if you're supplying public IP addresses to each apartment Ie (that could be solved with for example PPPoE). With 150 vlans you can more easily stop spoofing and do accounting in one rule (spoofing is something im very concerned with regarding any network structure). With 150 VLANs you can also do forms of load balancing (say 20 vlans of the group constantly use the net) you could shift The vlans over to a second or third interface. Making it very easy to expand. With VLANs you can also make sure no one is "cheating" by using the next apartments ratio/quota (if you are/will apply this). Most VLAN switches have options to make sure no one with a vlan able adapter is able to make their own tagged packets as if it was the neighbour. The network would go somewhat faster, especially for users as Windows (for example) slow down noticebly from network chatter. And the users wont copy between eachother without you getting your cut (you are after all supplying the infrastructure). The FreeBSD router can have backup systems making sure readings arent lost (as switches can easily be rebooted etc). And if the FreeBSD router cant cope with the traffic you can always put in two without doing network gymnastics. I can recommend FXP (Intel) network cards for VLANing, it doesn't do hardware vlaning but with polling added I would Say that it would make up for it. I run 100 vlans on a mere Celeron 500mhz ( okay, it has specially designed hardware - WAN Access Gateway - a product im charge of developing - shameless plug!) and it has no trouble in keeping up with the demands (on average 50 mbit intervlan traffic and peaks of 300mbit) ---------------------------------- Med vennlig hilsen / Best regards Sten Daniel Sørsdal Wireless Systems Manager WAN Norway AS sten.daniel.sordal@wan.no http://www.wan.no | http://www.wan-international.com Tel: +47 69 21 13 00 Fax: +47 69 21 13 01 Dir: +47 69 21 13 06 Mobile: +47 40 80 03 06 ------------------------------------ -----Original Message----- From: Andrew Thompson [mailto:andy@fud.org.nz] Sent: 25. november 2002 02:51 To: freebsd-isp@freebsd.org Subject: 150 VLANS?? Hi, I have been given the task of providing broadband Internet for a new apartment building. There are about 150 apartments and I am trying to think of the best way to tackle this one. The one condition is that I am able to track usage for billing purposes (simple byte count will do). The first option that sprung to mind was to just have one big lan with router, but there are concerns about security. My next idea was to buy four cisco 48-port switches and have each port on a seperate vlan, then create 150 vlan devices on FreeBSD and use ipfw or ipf to count the bytes on each vlan device. Can anyone tell me if this is feasable? or am I doomed to fail? thanks Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0AF1BBDF1218F14E9B4CCE414744E70F07DDEE>