bdhtechnology
asked on
Setting up multiple Internet connections for the same network
I have a customer that has 50+ computers on a network sharing a cable Internet connection. The customer is an apartment building so they are all residential computers that are not controlled from a central source or server with any policies in place. They have been complaining to their ISP that the speeds are sometimes very slow. The ISP’s solution was to add 2 additional cable modems, so that there could be a separate cable modem for each floor (3 total floors).
Each floor has 3 power over Ethernet (PoE) wireless access points that the residents connect to. Each access point has a cable run to it from a PoE managed switch in the basement of the building, that DOES support VLANs.
What they have asked us to do is set them up so that each floor can run off a single cable modem. The simplest solution would be to setup 2 additional routers (3 total routers) and separate each floor into a different VLAN. That will work but we would like to set something else up to monitor the traffic so that if they complain about speed issues we can look and see what was happening at that specific time. Also if it is a specific resident that was causing the problem, report that to the management so they can decide what to do about it.
My idea is to setup a Linux box to act as the router using iptables to route the traffic. I know I could do this using 6 separate NIC cards, one for each incoming connection and another for each outgoing connection. I am fairly confident I can eliminate 2 NIC cards as I can use the same NIC card with virtual interfaces for each VLAN (i.e. eth0:0, eth0:1, eth0:2). That would get me down to 4 NIC cards. The problem on the ISP side is that each cable modem requires a unique MAC address from the WAN interface of the router to assign IP addresses to, and those addresses are dynamic and not static.
My questions are:
1. Is this type of setup with a Linux box going to work at all?
2. How many NIC cards will I need?
3. Will the inbound NIC/interface (LAN) work with different virtual interfaces for each VLAN like I have described?
4. Is there a way to setup the outbound NIC/interface (WAN) to use virtual interfaces with each virtual interface using a dynamic IP address & having a unique MAC address?
5. Is there a better solution for this?
I am also wondering what the best way to monitor the traffic for historical analysis would be, but this is altogether a different question that I will ask separately.
Each floor has 3 power over Ethernet (PoE) wireless access points that the residents connect to. Each access point has a cable run to it from a PoE managed switch in the basement of the building, that DOES support VLANs.
What they have asked us to do is set them up so that each floor can run off a single cable modem. The simplest solution would be to setup 2 additional routers (3 total routers) and separate each floor into a different VLAN. That will work but we would like to set something else up to monitor the traffic so that if they complain about speed issues we can look and see what was happening at that specific time. Also if it is a specific resident that was causing the problem, report that to the management so they can decide what to do about it.
My idea is to setup a Linux box to act as the router using iptables to route the traffic. I know I could do this using 6 separate NIC cards, one for each incoming connection and another for each outgoing connection. I am fairly confident I can eliminate 2 NIC cards as I can use the same NIC card with virtual interfaces for each VLAN (i.e. eth0:0, eth0:1, eth0:2). That would get me down to 4 NIC cards. The problem on the ISP side is that each cable modem requires a unique MAC address from the WAN interface of the router to assign IP addresses to, and those addresses are dynamic and not static.
My questions are:
1. Is this type of setup with a Linux box going to work at all?
2. How many NIC cards will I need?
3. Will the inbound NIC/interface (LAN) work with different virtual interfaces for each VLAN like I have described?
4. Is there a way to setup the outbound NIC/interface (WAN) to use virtual interfaces with each virtual interface using a dynamic IP address & having a unique MAC address?
5. Is there a better solution for this?
I am also wondering what the best way to monitor the traffic for historical analysis would be, but this is altogether a different question that I will ask separately.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@mattvmotas
I am not sure about bonding, I will have to check with them to see if it is possible.
I am not sure about bonding, I will have to check with them to see if it is possible.
ASKER
@xcomiii:
So what you are suggesting is not separating the users out by physical floor but instead giving them a maximum speed instead? Do you have any examples that would show me how to do that using iptables?
Would this require the cable modems to be bonded, as mattvmotas suggested, on the WAN interface of the Linux box?
So what you are suggesting is not separating the users out by physical floor but instead giving them a maximum speed instead? Do you have any examples that would show me how to do that using iptables?
Would this require the cable modems to be bonded, as mattvmotas suggested, on the WAN interface of the Linux box?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The minimum speed would be no lower than a level where people start to complain. Basically the management doesn't care about much of anything, they just want the residents to stop complaining about the Internet. So no there are no concrete goals or requirements.
I will check out the links you provided and see if any of those solutions will work.
I still come back to one of my original questions. Is it possible for the WAN to be connected to 3 separate cable modems? The cable company requires each device to have it's own MAC address which is why I was thinking I would have to setup virtual interfaces for it to work properly.
I will check out the links you provided and see if any of those solutions will work.
I still come back to one of my original questions. Is it possible for the WAN to be connected to 3 separate cable modems? The cable company requires each device to have it's own MAC address which is why I was thinking I would have to setup virtual interfaces for it to work properly.
ASKER
unable to troubleshoot further
2. 2 nics is more than enough.
3. No need for VLAN really, although I like to use it unless it complicates too much.
4. As mentioned, there is no need to use virtual interfaces. 1 physical for the WAN and 1 physical for the LAN will do the trick.
5. The key to this is to use traffic shaping. Iptables can be used for this, but it can be very complicated to setup, depending on your goals. You can restrict max traffic pr LAN IP, but if that means maximum 0,2 Mb for each user, it is probably useless. Then you have to make some dynamic rules (ie: if total traffic is not exceeding 10 Mb, then each LAN IP can use up to 1 Mb each, otherwise restricted to 0,2 Mb). Just an example.
Enterprise firewalls like Checkpoint and Juniper can also do this, or commercial traffic shaping appliances / software.