Changing ISP's
airbornflght
Houston, TX Icrontian
Ok, I'm looking to change ISP's.
Right now we have a 10 megabit fiber line coming into the house that we pay $750 a month for.
I contacted suddenlink cable today about internet and I can get a 12/1.5 line for $500 a month or a 6/1 for $220 a month.
Both lines are business, dedicated, and 80% bandwidth guaranteed. So bare minimum I will get 9.6 mbps.
What I want to ask. Is if I get a dual wan router, or build a computer and lay a software router on top such as IPCOP, and get the two 6/1 connections. Will they run in serial when they are loadbalanced so that I will effectively have 12/3 connection minus overhead? If so I would really like to do that.
Otherwise if the speeds don't add together would there really be an advantage of two seperate connections and load balancing them?
What would you do? 12/1.5 or two 6/1?
I just now got put in charge of IT here so I'm working on quite a bit of stuff and my first goal is to cut $250 off of ISP bill and funnel that into rennovating the network. I will post a roadmap here later of what I want to accomplish and hopefully I can get some thoughts on it. This is my first big 'job' when it comes to the ammount of control I have. It's a little overwhelming to tell the truth, but I'm really excited about it.
Right now we have a 10 megabit fiber line coming into the house that we pay $750 a month for.
I contacted suddenlink cable today about internet and I can get a 12/1.5 line for $500 a month or a 6/1 for $220 a month.
Both lines are business, dedicated, and 80% bandwidth guaranteed. So bare minimum I will get 9.6 mbps.
What I want to ask. Is if I get a dual wan router, or build a computer and lay a software router on top such as IPCOP, and get the two 6/1 connections. Will they run in serial when they are loadbalanced so that I will effectively have 12/3 connection minus overhead? If so I would really like to do that.
Otherwise if the speeds don't add together would there really be an advantage of two seperate connections and load balancing them?
What would you do? 12/1.5 or two 6/1?
I just now got put in charge of IT here so I'm working on quite a bit of stuff and my first goal is to cut $250 off of ISP bill and funnel that into rennovating the network. I will post a roadmap here later of what I want to accomplish and hopefully I can get some thoughts on it. This is my first big 'job' when it comes to the ammount of control I have. It's a little overwhelming to tell the truth, but I'm really excited about it.
0
Comments
Now one question as I'm not familiar with your setup. Is your current 10meg fiber bi-directional. I know where I am all business class fiber connections are bi-directional so a 10 meg connection is 10/10, which is usually why they are so much more.
Depending on what you are doing having your outbound connection drop from 10megs to 1.5 megs could have a significant impact.
yes those prices suck....but
I think PFsense supports 2 wan connections and it has a web interface.
The cheapest easyest option would be to get 2 adsl lines, Run each into a separate firewall and just set a range of ip addresses (150+) to use the other as the gateway.
But yah cable generaly sucks. Higher latency then dsl/fiber, The isp's tend to be nazi's and thorttle bit torrent generally as well with cable.
I wouldn't leave the fiber line unless you go adsl2 or with another fiber provider. Also remember if you have alot of users and ANY are running any p2p 1.5 megs of upload is pathetic.
edit: The best option in your case would probably be shorewall, You could get by with that cable connection if you ONLY allow http traffic,msn,ssh,telnet,ect. (ACTIVELY BLOCK EVERYTHING ELSE, including uncommon games) you will also need QOS setup and you will probably be a VERY unpopular person if you axe the fiber line and have to start blocking everything.
REMEMBER TO KEEP IN MIND with those business connections your liable with almost all isp's if anyone does anything illegal on them and you cant provide logs that prove who did it. The person who did it is the person who owns the connections (Illegal examples= Hacking, Childporn)
Edit: You could probably do what you want to do with a windows 2003 server (I think the package on it is called IAS), I don't know much about it but linux users won't have DNS services same with mac users and some video game consoles. (At least with the way my school has it setup).
edit: If you do go with pfsense, It also supports vlan trunking so you could put say every 4 rooms on there own VLAN (Limit arp cache poisoning and other security risks to very small parts of the network)
Its a business class cable service so it's a dedicated line and it is wide open for what I want to use it for. I talked to a consultant/account manager and he insured me that traffic wasn't shaped or throttled. And my fiber connection isn't that great. I just ran a speed test and I got 5200/296, and I highly doubt anyone else is up on the internet at this time in the morning. So they are no where close to symmetrical. There aren't even that many people on the network right now. And changing from fiber to cable isn't a question. It has to be done because we are getting overcharged.
I would really rather not give up the fiber line, but we aren't getting rated speeds, it costs way too much, and I need to funnel the extra money into repairing and upgrading the network. And as far as I'm concerned no one needs to be doing p2p on a shared connection anyway. I am blocking it now and still have a couple clients running but only get like 5 KBps, and if they want to run them like that then ok, but other people need the bandwidth more.
I know we're getting raped, but it is a market with two big providers. We can either go with Chickasaw which is who we're with now, or suddenlink who will give us better rates. Other than that there aren't any.
And we can't just get business class internet. Because we are legally considered a boarding house so we have to get a service that we are allowed to "resell" to tenants. It falls under the service theft laws even though we are all under one roof and one address. Kind of stupid but it's the law.
I am aware that we are liable, which is why I am investigating ways to log traffic, aka cover my ass.
Here is my road map at present
1. Repair/replace broken network runs with Cat. 6
2. Replace remaining runs with Cat 6.
3. Upgrade switches to gigabit
4. New router
5. Wireless common rooms.
I talked to one of the local isp's in town, and the guy there that ran it told me about a router called mikrotik. Anyone have experience with it? He could only do 1.5 max and I was talking to him about the network and he recommended it. I need something that is halfway intuitive so that when I leave someone can learn how to use it relatively easily if need be.
To block bit torrent you will have to block EVERYTHING other then standard protocols(This will also block online games and such).
Awesome, Thats the right plan, You will need a transparent proxy server inorder to do that effectively.
Gigibit would be a very bad thing if you have local file sharers, It will also increase your overall cost substantially. (You will need 10 gig uplinks on the switch to do this right). The best plan would be 10/100 to clients with a gigabit uplink on the switch (Running to the core switch, Where servers are connected).
Ive never heard of them before.
If you can let us know, How many people your serving ?, What the current average traffic is, And what protocols have the most traffic. Im sure most of us could help you set something up.
I can't tell you how much traffic, or what protocols are going through because I don't have any usage statistics. Right now the fiber runs into the transceiver, then into the cheap netgear consumer wifi router, then that is uplinked into two 48 port switches. I plan on purchasing 3 48 port switches.
But wouldn't you agree that gigabit is a more future proofed option as well as being able to handle xbox/computer lan traffic? It is very noticeable right now when 15 xboxes link up over the lan. The main thing I was trying to accomplish with gigabit is to one: future proof our network and 2: achieve greater network throughput for file transfers and also not 'feel it' so much when everyones lan gaming.
And the way I figured it is that 99% of people will have 100 megabit interfaces so it's not like anyone is going to be hammering the network with file transfers aside from me
/$.02
I know the gist of what I'm doing, but I'm missing the fine details, and more importantly, my lack of experience is most visible when it comes to knowing suppliers/brands such as where to buy and what to buy. For the most part I know what I need in the abstract such as features, but I don't really know what brands are reputable but also cost effective.
And I thought layer 3 were routers? What is this layer 3 switch hub bub? Also, what is the difference between a smart switch and a managed switch? Anyone care to write me a network admin 101 cliff's notes?
Also, does cat 5e support gigabit traffic? I've read conflicting thoughts on the matter. Does anyone care to elaborate? Because if Cat 5e supports gigabit then is Cat 6 just for like 10gb? I'm trying to soak up as much as possible so that I can make the best decisions possible.
Make sure to get good switches, I suggest a layer3 gigabit switch for the core switch if you have lots of intranet traffic (Local File Sharers), Netgear makes a good switch. If you can't afford a layer 3 (Probably a grand) get a layer 2 (There not as fast but a layer 3 switch with 10/100 client switches that have gigabit uplinks shouldn't have any bandwidth issues.) If you just go with gigabit switches all the way you will run into a problem at the weakest point (The link to the other switches) in theory a single person can saturate that link.
I also suggest encouraging local filesharing (But not taking responsibility for illegal files shared) and doing everything in your power to block sharing over the internet. If you encourage local sharing and have a good well designed network
infrastructure, If you put them on separate vlan's they will suffer from slow network preformance but increased security
If you go gigabit and theres lots of file transfers between switches you will see a nice little CONNECTION PROBLEM message if the uplink on the switch runs out of bandwidth. 10/100 is far more then you need for gaming, And with file sharing its sitll pretty dam fast.
I haven't seen a new machine since 2004 ship without gigabit.
I recommend the following hardware for your setup.
Netgear 7212 (Can be bought on ebay for around $200 used its $500 new)- Ive been running one of these since the summer, With the latest firmware its surpassed all my expectations (Stock firmware was crap). Firmware upgrade was efordless I just TFT'ED it over and reset everything to defaults. It supports Class of service, Port security, 802.1Q trunking and many more features. It has 12 ports gigabit Also supports SFP fiber. I use it as a core switch at home and transfers faster then my hard-drives can, Supports SSH for managment along with telnet and a web interface. The command line is similar to cisco's almost all the commands are the same, Easy to configure both from the command line and web interface. If you have your CCNA this should be effortless to setup properly.
Netgear FS726T (Can be bought for around $170 new)- This switch is great for a 24 port fast ethernet switch, and features both a SFP uplink and gigabit uplink. (Plug that into the 7212's SFP port for a 2 gigabit connection.) Its not managed hence its low price. But you can implement the managed features you need on the core switch.
For your current amount of people a p3 1GHZ with a scsi hard-drive and 512MB-1GB of ram that has good network cards (3com or intel), A good motherboard and a good psu . Should be fine (Any old dell/sun/hp server off ebay/creigs list around these specs will do).
Layer 3 switches are high speed switches, They typically have much more ram and cpu then layer 2 managed switches and have much more features. A smart switch is also known as a unmanaged switch, Managed switches are much more powerful switches that can do much more, Such as class of service (Quality of service on the switches end), Web interfaces for configuration (See the documentation of the switch for more info)
Cat5e should have no problem with gigabit as long as its not cheep overseas cable (Made in china). I can run gigabit over cable from delco without any issues. Cat 6 simply has more bandwidth (For furure use) and is harder to run (Cable is stiffer).
Perhaps it would be beneficial for me to outline what we have right now. It's a fairly simple network.
Do you have a different recommendation for network topology?
Whats your current router ?.
Netgear RangeMax™ Next (Draft 802.11n) Router
I wasn't too happy about it when they bought it. I told them to spend the extra money and get a good router. But.. they went to staples and bought that. I do give it props that it is handling the load so far but it isn't really that configurable. and I am convinced that port forwarding on it doesn't work. I have some ports forwarded to my ip (static) and they are coming back as not forwarded.
I am really wanting to replace the switches. as they are approaching ten years old and I just don't trust them. I've had a couple dead ports and had to do a little bit of cable shuffling, but not a huge problem. I'd feel better with a switch that could handle more throughput.
Im surprised that router is able to handle everything, Your probably not using as many bandwidth or connections as I thought, You might be able to get buy with a ipcop box and a single cable connection with just QOS.
When the router does get overloaded and go into a coma for a couple hours until it sorts things out I don't hear the end of it. Pulling the plug and letting it sit for 20 minutes doesn't fix anything either. I hate that router.
Theres the consumer routers I know and love.[/sarcasm]
I haven't seen throughput on any consumer router higher then 8 megabits, Even the best business ones die at around 256 simultaneous connections. I suggest finding a old P3 and putting up a ipcop box asap and seeing how it runs. Configuration is simple and straight forward. Also drop a gig of ram in it and enable transparent squid proxy.