Date: Mon, 25 Nov 2002 03:39:15 +0100 From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= <sten.daniel.sorsdal@wan.no> To: "Andrew Thompson" <andy@fud.org.nz>, <freebsd-isp@freebsd.org> Subject: RE: 150 VLANS?? Message-ID: <0AF1BBDF1218F14E9B4CCE414744E70F07DDEE@exchange.wan.no>
next in thread | raw e-mail | index | archive | help
I would go for the 150 VLANs thing, it might get you if you're supplying = public IP addresses to each apartment Ie (that could be solved with for example PPPoE). With 150 vlans you can more easily stop spoofing and do accounting in = one rule=20 (spoofing is something im very concerned with regarding any network = structure). With 150 VLANs you can also do forms of load balancing (say 20 vlans of = the group constantly use the net) you could shift The vlans over to a second or third interface. Making it very easy to = expand. With VLANs you can also make sure no one is "cheating" by using the next = apartments ratio/quota (if you are/will apply this). Most VLAN switches have options to make sure no one with a vlan able = adapter is able to make their own tagged packets as if it was the = neighbour. The network would go somewhat faster, especially for users as Windows = (for example) slow down noticebly from network chatter.=20 And the users wont copy between eachother without you getting your cut = (you are after all supplying the infrastructure). The FreeBSD router can have backup systems making sure readings arent = lost (as switches can easily be rebooted etc). And if the FreeBSD router cant cope with the traffic you can always put = in two without doing network gymnastics. I can recommend FXP (Intel) network cards for VLANing, it doesn't do = hardware vlaning but with polling added I would Say that it would make up for it. I run 100 vlans on a mere Celeron 500mhz ( okay, it has specially = designed hardware - WAN Access Gateway - a product im charge of = developing - shameless plug!) and it has no trouble in keeping up with = the demands (on average 50 mbit intervlan traffic and peaks of 300mbit)=20 ---------------------------------- Med vennlig hilsen / Best regards Sten Daniel S=F8rsdal Wireless Systems Manager WAN Norway AS sten.daniel.sordal@wan.no http://www.wan.no | http://www.wan-international.com Tel: +47 69 21 13 00 Fax: +47 69 21 13 01 Dir: +47 69 21 13 06 Mobile: +47 40 80 03 06 ------------------------------------ -----Original Message----- From: Andrew Thompson [mailto:andy@fud.org.nz]=20 Sent: 25. november 2002 02:51 To: freebsd-isp@freebsd.org Subject: 150 VLANS?? Hi, I have been given the task of providing broadband Internet for a new = apartment building. There are about 150 apartments and I am trying to = think of the best way to tackle this one. The one condition is that I = am able to track usage for billing purposes (simple byte count will do). The first option that sprung to mind was to just have one big lan with = router, but there are concerns about security. =20 My next idea was to buy four cisco 48-port switches and have each port = on a seperate vlan, then create 150 vlan devices on FreeBSD and use ipfw = or ipf to count the bytes on each vlan device. Can anyone tell me if this is feasable? or am I doomed to fail? thanks Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0AF1BBDF1218F14E9B4CCE414744E70F07DDEE>