Friday, March 31, 2006

The bandwidth is coming, the bandwidth is coming ...

I've been following the broadband providers (on DSL Reports) and it looks like we're in for a bandwidth war, DSL vs. Cable. We've already heard about DSL at 15Mbps and we're hearing that Cable will follow up with 16Mbps. Wow, but will we have the home equipment to properly handle the speed? I don't know about most of you but my home network in not directly on my Internet connection. It sits behind a firewall router. At home I have a WRT54GS V4 with OpenWRT. I've been doing some quick tests and figured out that I won't be able to use the WRT because the built-in switch is limited to 10Mbps. I know it supports 10/100 but ~9.5M is all I could get through it. I thought maybe the WGT634U with OpenWRT might do better (it supports a Turbo wireless speed of 108 Mbps) but it looks like it's worse (~3500 Mbps). Right now I'm looking to see if I can find better tools for testing (the problem could be my testing or it's tools). At work I've got a device called a Smartbits tester. We use it to pound on the routers (and not just on the small routers, I mean things like Cisco 12000's and 7600's and Juniper equipment). I could use that (I'd have to do it on my own time) but I can't find anything to do it with a wireless interface. Right now it's on my (very long) list of things to do.

So I guess what I'm saying is that I'm looking for good inexpensive home networking equipment that can handle the speeds while not adding much latency to the traffic. I also want it to run Linux because the hardware vendors never add the features I need. Features such as a file system so I can put debugging tools on the device, a way to find out how much traffic I've been dealing with and the normal security and QoS & traffic shaping stuff.


At 3/31/2006 1:10 PM, Anonymous Dmitri Kostioukov said...

Why don't you just put a second network card into a linux box and setup iptables? This will handle any bandwidth, is cheap and runs linux. I've recently had verizon FIOS service installed (30/5) and have no issues with speed.

At 3/31/2006 1:41 PM, Anonymous Anonymous said...

Dang you're fast! ;-) Thanks, that's a good point. What equipment are you using and did you tune the Linux box to be able to push 30/5M (nice numbers).

I actually have 2 10/100 PCI cards and a Wireless card that Linux supports directly so that is a good idea. I can't put my main Linux Server box on the Internet (sharing duty with the firewall) because of the difficulty of properly securing it (I design networks for a living and I consider this as a big no-no).

I have a 1GHz motherboard with 3 PCI slots, 64M of RAM and I can put a CF card on the IDE chain so the machine becomes quiet.

At 3/31/2006 5:13 PM, Anonymous Dmitri Kostioukov said...

I have old PIII 500 box with 10/100 card and I also bought 1000 card for $5 after rebate. I have nice red cable going from 100 card into the wall and 1000 card is plugged into a switch. From that switch I have connections to another switch as well as a wi-fi router that I'm using as an AP only.

Since 30 is less that a 100, there's no need to optimize anything. The speed measures pretty much the same between my setup and verizon provided super-duper-custom-firmware-fios-optimized router.

I don't get the same the same speed with wi-fi but that's a separate issue.

I don't have any reservations about sharing the box: I have iptables, asterisk, home automation software and apache running on it. iptables and snort log to mysql and I have php packages that analyze the logs.

At 3/31/2006 6:02 PM, Blogger Neil Cherry said...

Sorry about the last post being anonymous, clicked the wrong button.

The throughput sounds like it's not going to be an issue. Lets hope that stays the same when I add traffic shaping. I've seen other commercial routers drop throughput by as much as 50% when QoS/traffic shaping was applied. Of course the price for that equipment is 10 times as much and if I can lower the power usage to a couple of watts I'll have a real winner.

This box will be setup as stand alone. I've crashed my development system too many times to have the router involved. Don't worry it's not that Linux is unstable just doing any development with the kernel is dangerous. Also I'm keeping the disk drive off the box means no HA on it. I have my reasons, security is just one. During the test phase I'll boot off the local LAN and run NFS until I get the tools I want loaded.

At 3/31/2006 9:40 PM, Anonymous Dmitri Kostioukov said...

Well, I'd suggest getting a small hdd, configuring it the way you want it and then either mounting it as read-only or even burning it on a cdrom. In fact, you can just download ubuntu live-cd, add a couple of things and reburn it. And for that tin-foil-heat touch - you can save logs to remote box and/or write only media.

At 3/31/2006 9:50 PM, Anonymous Dmitri Kostioukov said...

Sorry, "write-only" didn't come out right. I meant something without random write access or something that cannot be easily overwritten.

At 3/31/2006 10:51 PM, Blogger Neil Cherry said...

Don't worry about the write only, my dyslexic mind thought read only too. I'll stick with the CF which can be written to quite easily but will be read only when inserted into the router. It will have to be manually switch to read write that way no break-in can damage it. To Linux it looks like an ide drive (including read and write) a jumper on the cable should allow me to switch it to read-only or r/w. I pretty much had this working with a 333 MHz system and I may try that one again. That's because of your good fortune with your 500 MHz system.

At 4/02/2006 8:44 PM, Anonymous Ryan Erickson said...

I'd suggest m0n0wall.

It's an OpenBSD-based firewall distro. Configuration is all via PHP-based web GUI.

It'll handle 3 nics, traffic shaping, QoS, etc.

I've got mine booting off an old 64M CompactFlash. It runs entirely in RAM, so it doesn't access the CF after boot-time.

I haven't tested it's speed, but OpenBSD is supposed to be pretty fast, and overall, on my lame 166mhz firewall, it works pretty well.


At 5/06/2006 7:03 PM, Anonymous Anonymous said...

That's incorrect.

M0n0Wall is FreeBSD. Not OpenBSD.

pfSense is also FreeBSD, but uses pf. (which is from OpenBSD)


Post a Comment

<< Home