From owner-freebsd-isp Sun Nov 24 18:39: 5 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 32D4937B401 for ; Sun, 24 Nov 2002 18:39:03 -0800 (PST) Received: from exchange.wan.no (exchange.wan.no [80.86.128.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 17E2943E3B for ; Sun, 24 Nov 2002 18:39:02 -0800 (PST) (envelope-from sten.daniel.sorsdal@wan.no) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: 150 VLANS?? Date: Mon, 25 Nov 2002 03:39:15 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Message-ID: <0AF1BBDF1218F14E9B4CCE414744E70F07DDEE@exchange.wan.no> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: 150 VLANS?? Thread-Index: AcKUJW4Mxotkaa/RQUKo7ljfxeRNCAAA6Byw From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= To: "Andrew Thompson" , Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I would go for the 150 VLANs thing, it might get you if you're supplying = public IP addresses to each apartment Ie (that could be solved with for example PPPoE). With 150 vlans you can more easily stop spoofing and do accounting in = one rule=20 (spoofing is something im very concerned with regarding any network = structure). With 150 VLANs you can also do forms of load balancing (say 20 vlans of = the group constantly use the net) you could shift The vlans over to a second or third interface. Making it very easy to = expand. With VLANs you can also make sure no one is "cheating" by using the next = apartments ratio/quota (if you are/will apply this). Most VLAN switches have options to make sure no one with a vlan able = adapter is able to make their own tagged packets as if it was the = neighbour. The network would go somewhat faster, especially for users as Windows = (for example) slow down noticebly from network chatter.=20 And the users wont copy between eachother without you getting your cut = (you are after all supplying the infrastructure). The FreeBSD router can have backup systems making sure readings arent = lost (as switches can easily be rebooted etc). And if the FreeBSD router cant cope with the traffic you can always put = in two without doing network gymnastics. I can recommend FXP (Intel) network cards for VLANing, it doesn't do = hardware vlaning but with polling added I would Say that it would make up for it. I run 100 vlans on a mere Celeron 500mhz ( okay, it has specially = designed hardware - WAN Access Gateway - a product im charge of = developing - shameless plug!) and it has no trouble in keeping up with = the demands (on average 50 mbit intervlan traffic and peaks of 300mbit)=20 ---------------------------------- Med vennlig hilsen / Best regards Sten Daniel S=F8rsdal Wireless Systems Manager WAN Norway AS sten.daniel.sordal@wan.no http://www.wan.no | http://www.wan-international.com Tel: +47 69 21 13 00 Fax: +47 69 21 13 01 Dir: +47 69 21 13 06 Mobile: +47 40 80 03 06 ------------------------------------ -----Original Message----- From: Andrew Thompson [mailto:andy@fud.org.nz]=20 Sent: 25. november 2002 02:51 To: freebsd-isp@freebsd.org Subject: 150 VLANS?? Hi, I have been given the task of providing broadband Internet for a new = apartment building. There are about 150 apartments and I am trying to = think of the best way to tackle this one. The one condition is that I = am able to track usage for billing purposes (simple byte count will do). The first option that sprung to mind was to just have one big lan with = router, but there are concerns about security. =20 My next idea was to buy four cisco 48-port switches and have each port = on a seperate vlan, then create 150 vlan devices on FreeBSD and use ipfw = or ipf to count the bytes on each vlan device. Can anyone tell me if this is feasable? or am I doomed to fail? thanks Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message