RE: large-scale wireless [was: cpu needed to NAT 45mbs]
Also, some issues with Intel, too: http://www.intel.com/support/wireless/wlan/sb/cs-006205.htm http://listserv.educause.edu/cgi-bin/wa.exe?A2=ind0608&L=wireless-lan&D=1&H= 1&T=0&P=5230 I know that this has been at least somewhat addressed, but I'm not sure if they are fully addressed. Regards, Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Casey Callendrello Sent: Tuesday, November 13, 2007 1:20 PM To: nanog@merit.edu; [EMAIL PROTECTED] Subject: Re: large-scale wireless [was: cpu needed to NAT 45mbs] Hard-earned knowledge: Meru's single-channel approach has some compatability issues with certain drivers, most notably Lenovo laptops with the Atheros chipset. If you decide to go that route, make sure you have a USB key lying around with the latest drivers from the Lenovo site for the T60's wireless network. Regardless of your deployment, make sure your front line support staff (you DO have a helptable, right?) has the ability to update drivers on PCs without requiring wireless connectivity. An ethernet cable should work just fine :) --Casey Jeff Kell wrote: >Frank Bulk wrote: > > >>Foundry OEMs from Meru, which also uses a single-channel approach. It does >>not have an L1 requirement. >> >> > >Meru APs tunnel back to the controller, so any old L3 will do. We took an AP home (just for grins) and it still worked back to our controller through residential broadband. > >Jeff > >
Re: large-scale wireless [was: cpu needed to NAT 45mbs]
Hard-earned knowledge: Meru's single-channel approach has some compatability issues with certain drivers, most notably Lenovo laptops with the Atheros chipset. If you decide to go that route, make sure you have a USB key lying around with the latest drivers from the Lenovo site for the T60's wireless network. Regardless of your deployment, make sure your front line support staff (you DO have a helptable, right?) has the ability to update drivers on PCs without requiring wireless connectivity. An ethernet cable should work just fine :) --Casey Jeff Kell wrote: Frank Bulk wrote: Foundry OEMs from Meru, which also uses a single-channel approach. It does not have an L1 requirement. Meru APs tunnel back to the controller, so any old L3 will do. We took an AP home (just for grins) and it still worked back to our controller through residential broadband. Jeff
Re: large-scale wireless [was: cpu needed to NAT 45mbs]
Frank Bulk wrote: > Foundry OEMs from Meru, which also uses a single-channel approach. It does > not have an L1 requirement. Meru APs tunnel back to the controller, so any old L3 will do. We took an AP home (just for grins) and it still worked back to our controller through residential broadband. Jeff
RE: large-scale wireless [was: cpu needed to NAT 45mbs]
Foundry OEMs from Meru, which also uses a single-channel approach. It does not have an L1 requirement. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Niels Bakker Sent: Tuesday, November 13, 2007 11:35 AM To: nanog@merit.edu Subject: Re: large-scale wireless [was: cpu needed to NAT 45mbs] * [EMAIL PROTECTED] (Frank Bulk) [Tue 13 Nov 2007, 14:24 CET]: >If you're going with Extricom you don't need to worry about channel >planning beyond adding more "channel blankets". I understand Foundry's wireless products do the same thing. Seems to work ok but have not heard about larger test cases than a hundred or so clients. * [EMAIL PROTECTED] (Carl Karsten) [Tue 13 Nov 2007, 05:56 CET]: >On Wifi for 1000: [..] In the context of that, you may wish to peruse the proceedings of the last few CCC Congresses in Berlin, which had pretty much working wireless - even with thousands of attendees: http://events.ccc.de/camp/2007/Fahrplan/attachments/1347-Camp07-NetworkRevie w.pdf http://events.ccc.de/congress/2006/Fahrplan/attachments/1247-23c3-noc-review -corrected.pdf http://events.ccc.de/congress/2005/fahrplan/attachments/652-slides_network_r eview.pdf (They're still looking for a sponsor of wireless equipment for this year's edition, by the way) Regards, -- Niels. -- "The Mac doesn't have a one-button mouse, it has a five-button mouse, with four of the buttons on the keyboard." -- Peter da Silva <[EMAIL PROTECTED]>
RE: large-scale wireless [was: cpu needed to NAT 45mbs]
Aruba has some pretty large implementations under their belt including Microsoft Corp. Check them out. Tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Niels Bakker Sent: Tuesday, November 13, 2007 12:35 PM To: nanog@merit.edu Subject: Re: large-scale wireless [was: cpu needed to NAT 45mbs] * [EMAIL PROTECTED] (Frank Bulk) [Tue 13 Nov 2007, 14:24 CET]: >If you're going with Extricom you don't need to worry about channel >planning beyond adding more "channel blankets". I understand Foundry's wireless products do the same thing. Seems to work ok but have not heard about larger test cases than a hundred or so clients. * [EMAIL PROTECTED] (Carl Karsten) [Tue 13 Nov 2007, 05:56 CET]: >On Wifi for 1000: [..] In the context of that, you may wish to peruse the proceedings of the last few CCC Congresses in Berlin, which had pretty much working wireless - even with thousands of attendees: http://events.ccc.de/camp/2007/Fahrplan/attachments/1347-Camp07-NetworkR eview.pdf http://events.ccc.de/congress/2006/Fahrplan/attachments/1247-23c3-noc-re view-corrected.pdf http://events.ccc.de/congress/2005/fahrplan/attachments/652-slides_netwo rk_review.pdf (They're still looking for a sponsor of wireless equipment for this year's edition, by the way) Regards, -- Niels. -- "The Mac doesn't have a one-button mouse, it has a five-button mouse, with four of the buttons on the keyboard." -- Peter da Silva <[EMAIL PROTECTED]>
Re: large-scale wireless [was: cpu needed to NAT 45mbs]
* [EMAIL PROTECTED] (Frank Bulk) [Tue 13 Nov 2007, 14:24 CET]: If you're going with Extricom you don't need to worry about channel planning beyond adding more "channel blankets". I understand Foundry's wireless products do the same thing. Seems to work ok but have not heard about larger test cases than a hundred or so clients. * [EMAIL PROTECTED] (Carl Karsten) [Tue 13 Nov 2007, 05:56 CET]: On Wifi for 1000: [..] In the context of that, you may wish to peruse the proceedings of the last few CCC Congresses in Berlin, which had pretty much working wireless - even with thousands of attendees: http://events.ccc.de/camp/2007/Fahrplan/attachments/1347-Camp07-NetworkReview.pdf http://events.ccc.de/congress/2006/Fahrplan/attachments/1247-23c3-noc-review-corrected.pdf http://events.ccc.de/congress/2005/fahrplan/attachments/652-slides_network_review.pdf (They're still looking for a sponsor of wireless equipment for this year's edition, by the way) Regards, -- Niels. -- "The Mac doesn't have a one-button mouse, it has a five-button mouse, with four of the buttons on the keyboard." -- Peter da Silva <[EMAIL PROTECTED]>
RE: large-scale wireless [was: cpu needed to NAT 45mbs]
Elmar: Marketing and theory -- I haven't had a chance to test it myself. BTW, I'm not regurgitating Extricom's marketing rhetoric when I say you don't need to worry about channel planning -- their product is designed with that specifically in mind. The technical benefits and caveats of this single-channel architecture, and the possible concerns that a network planner might have around the requirement to have L1 connectivity from Extricom's APs to their switch, are better discussed in another forum. Frank -Original Message- From: Elmar K. Bins [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 13, 2007 7:46 AM To: Frank Bulk Cc: nanog@merit.edu Subject: Re: large-scale wireless [was: cpu needed to NAT 45mbs] [EMAIL PROTECTED] (Frank Bulk) wrote: > If you're going with Extricom you don't need to worry about channel planning > beyond adding more "channel blankets". Is that based on marketing, theory (based on the whitepapers and patent descriptions) or practical experience? Elmar.
Re: large-scale wireless [was: cpu needed to NAT 45mbs]
[EMAIL PROTECTED] (Frank Bulk) wrote: > If you're going with Extricom you don't need to worry about channel planning > beyond adding more "channel blankets". Is that based on marketing, theory (based on the whitepapers and patent descriptions) or practical experience? Elmar.
RE: large-scale wireless [was: cpu needed to NAT 45mbs]
If you're going with Extricom you don't need to worry about channel planning beyond adding more "channel blankets". Frank -Original Message- From: Carl Karsten [mailto:[EMAIL PROTECTED] Sent: Monday, November 12, 2007 10:56 PM To: nanog@merit.edu Cc: [EMAIL PROTECTED]; Adrian Chadd; Suresh Ramasubramanian Subject: Re: cpu needed to NAT 45mbs Thank you for all the advice - it was nice to see 20 replies that all basically agreed (and with me too.) If only the 6 people involved in this project were such. On Wifi for 1000: I have tried to make sure everyone involved in this PyCon Wifi project has read http://www.nanog.org/mtg-0302/ppt/joel.pdf - too bad some have read it and don't get it. I think it will be OK, because someone else wrote up the plan, which is basically to use http://wavonline.com/vendorpages/extricom.htm If anyone would like to see it in action, I am sure something can be arranged. (you are welcome to come look at it, but I would think would want to actually peek under the hood and see some stuff in real time, etc. ) March 13-16 in Chicago. Carl K Joel Jaeggli wrote: > Frank Bulk wrote: >> I would have disagree with your point on centralized AP controllers -- >> almost all the vendors have some form of high availability, and Trapeze's >> offering, new (and may not yet be G.A) purports to be almost entirely >> seamless in its load sharing and failover support. > > I have a few scars to show from deploying centralized ap controllers, > from several vendors including the one that you mention above. Hence my > observation that they must be deployed in a HA setup in that sort of > environment... > > We you lose a fat-ap, unless cascading failure ensues you just lost one > ap... When your ap-controller with 80 radio's attached goes boom, you > are dead. So, as I said if you're going to use a central ap controller > for an environment like this you need to avail yourself of it's HA features. > >> Now that dual-band radios in laptops are becoming more prevalent, it's >> possible to get 30 to 50% of your user population using 802.11a. >> >> Frank >> >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joel >> Jaeggli >> Sent: Saturday, November 10, 2007 11:51 PM >> To: Adrian Chadd >> Cc: Suresh Ramasubramanian; nanog@merit.edu >> Subject: Re: cpu needed to NAT 45mbs >> >> Adrian Chadd wrote: >>> On Sat, Nov 10, 2007, Suresh Ramasubramanian wrote: >>> >>>> Speaking of all that, does someone have a "conference wireless' bcp >>>> handy? The sort that starts off with "dont deploy $50 unbranded >>>> taiwanese / linksys etc routers that fall over and die at more than 5 >>>> associations, place them so you dont get RF interference all over the >>>> place etc" before going on to more faqs like what to do so worms dont >>>> run riot? >>>> >>>> Comes in handy for that, as well as for public wifi access points. >>> Everyone I speak to says something along the lines of >>> >>> "Why would I put that sort of stuff up? I want people to pay me for >>> that kind of clue." >> I did a presentation a couple of years ago at nanog on high-density >> conference style wireless deployments. It's in the proceedings from >> Scottsdale. Fundamentally the game hasn't changed that much since then: >> >> Newer hardware is a bit more robust. >> >> Centralized AP controllers are beguiling but have to be deployed with >> high availability in mind because putting all your eggs in a smaller >> number of baskets carriers some risk... >> >> If you can, deploy A to draw off some users from 2.4ghz. >> >> Design to keep the number of users per radio at 50 or less in the worst >> case. >> >> Instrument everything... >> >> >>> There are slides covering basic stuff and observations out there. >>> >>> (I'm going through a wireless deployment at an ISP conference next week; >>> I'll draft up some notes on the nanog cluepon site.) >>> >>> >>> >>> >>> Adrian >>> >> > >
Re: cpu needed to NAT 45mbs
Thank you for all the advice - it was nice to see 20 replies that all basically agreed (and with me too.) If only the 6 people involved in this project were such. On Wifi for 1000: I have tried to make sure everyone involved in this PyCon Wifi project has read http://www.nanog.org/mtg-0302/ppt/joel.pdf - too bad some have read it and don't get it. I think it will be OK, because someone else wrote up the plan, which is basically to use http://wavonline.com/vendorpages/extricom.htm If anyone would like to see it in action, I am sure something can be arranged. (you are welcome to come look at it, but I would think would want to actually peek under the hood and see some stuff in real time, etc. ) March 13-16 in Chicago. Carl K Joel Jaeggli wrote: Frank Bulk wrote: I would have disagree with your point on centralized AP controllers -- almost all the vendors have some form of high availability, and Trapeze's offering, new (and may not yet be G.A) purports to be almost entirely seamless in its load sharing and failover support. I have a few scars to show from deploying centralized ap controllers, from several vendors including the one that you mention above. Hence my observation that they must be deployed in a HA setup in that sort of environment... We you lose a fat-ap, unless cascading failure ensues you just lost one ap... When your ap-controller with 80 radio's attached goes boom, you are dead. So, as I said if you're going to use a central ap controller for an environment like this you need to avail yourself of it's HA features. Now that dual-band radios in laptops are becoming more prevalent, it's possible to get 30 to 50% of your user population using 802.11a. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joel Jaeggli Sent: Saturday, November 10, 2007 11:51 PM To: Adrian Chadd Cc: Suresh Ramasubramanian; nanog@merit.edu Subject: Re: cpu needed to NAT 45mbs Adrian Chadd wrote: On Sat, Nov 10, 2007, Suresh Ramasubramanian wrote: Speaking of all that, does someone have a "conference wireless' bcp handy? The sort that starts off with "dont deploy $50 unbranded taiwanese / linksys etc routers that fall over and die at more than 5 associations, place them so you dont get RF interference all over the place etc" before going on to more faqs like what to do so worms dont run riot? Comes in handy for that, as well as for public wifi access points. Everyone I speak to says something along the lines of "Why would I put that sort of stuff up? I want people to pay me for that kind of clue." I did a presentation a couple of years ago at nanog on high-density conference style wireless deployments. It's in the proceedings from Scottsdale. Fundamentally the game hasn't changed that much since then: Newer hardware is a bit more robust. Centralized AP controllers are beguiling but have to be deployed with high availability in mind because putting all your eggs in a smaller number of baskets carriers some risk... If you can, deploy A to draw off some users from 2.4ghz. Design to keep the number of users per radio at 50 or less in the worst case. Instrument everything... There are slides covering basic stuff and observations out there. (I'm going through a wireless deployment at an ISP conference next week; I'll draft up some notes on the nanog cluepon site.) Adrian
Re: cpu needed to NAT 45mbs
Frank Bulk wrote: > I would have disagree with your point on centralized AP controllers -- > almost all the vendors have some form of high availability, and Trapeze's > offering, new (and may not yet be G.A) purports to be almost entirely > seamless in its load sharing and failover support. I have a few scars to show from deploying centralized ap controllers, from several vendors including the one that you mention above. Hence my observation that they must be deployed in a HA setup in that sort of environment... We you lose a fat-ap, unless cascading failure ensues you just lost one ap... When your ap-controller with 80 radio's attached goes boom, you are dead. So, as I said if you're going to use a central ap controller for an environment like this you need to avail yourself of it's HA features. > Now that dual-band radios in laptops are becoming more prevalent, it's > possible to get 30 to 50% of your user population using 802.11a. > > Frank > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joel > Jaeggli > Sent: Saturday, November 10, 2007 11:51 PM > To: Adrian Chadd > Cc: Suresh Ramasubramanian; nanog@merit.edu > Subject: Re: cpu needed to NAT 45mbs > > Adrian Chadd wrote: >> On Sat, Nov 10, 2007, Suresh Ramasubramanian wrote: >> >>> Speaking of all that, does someone have a "conference wireless' bcp >>> handy? The sort that starts off with "dont deploy $50 unbranded >>> taiwanese / linksys etc routers that fall over and die at more than 5 >>> associations, place them so you dont get RF interference all over the >>> place etc" before going on to more faqs like what to do so worms dont >>> run riot? >>> >>> Comes in handy for that, as well as for public wifi access points. >> Everyone I speak to says something along the lines of >> >> "Why would I put that sort of stuff up? I want people to pay me for >> that kind of clue." > > I did a presentation a couple of years ago at nanog on high-density > conference style wireless deployments. It's in the proceedings from > Scottsdale. Fundamentally the game hasn't changed that much since then: > > Newer hardware is a bit more robust. > > Centralized AP controllers are beguiling but have to be deployed with > high availability in mind because putting all your eggs in a smaller > number of baskets carriers some risk... > > If you can, deploy A to draw off some users from 2.4ghz. > > Design to keep the number of users per radio at 50 or less in the worst > case. > > Instrument everything... > > >> There are slides covering basic stuff and observations out there. >> >> (I'm going through a wireless deployment at an ISP conference next week; >> I'll draft up some notes on the nanog cluepon site.) >> >> >> >> >> Adrian >> > >
Re: cpu needed to NAT 45mbs
Frank Bulk wrote: > I would have disagree with your point on centralized AP controllers you can do so when you have deployed successfully in meeting rooms of 2000 people. joel has. randy
RE: cpu needed to NAT 45mbs
I would have disagree with your point on centralized AP controllers -- almost all the vendors have some form of high availability, and Trapeze's offering, new (and may not yet be G.A) purports to be almost entirely seamless in its load sharing and failover support. Now that dual-band radios in laptops are becoming more prevalent, it's possible to get 30 to 50% of your user population using 802.11a. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joel Jaeggli Sent: Saturday, November 10, 2007 11:51 PM To: Adrian Chadd Cc: Suresh Ramasubramanian; nanog@merit.edu Subject: Re: cpu needed to NAT 45mbs Adrian Chadd wrote: > On Sat, Nov 10, 2007, Suresh Ramasubramanian wrote: > >> Speaking of all that, does someone have a "conference wireless' bcp >> handy? The sort that starts off with "dont deploy $50 unbranded >> taiwanese / linksys etc routers that fall over and die at more than 5 >> associations, place them so you dont get RF interference all over the >> place etc" before going on to more faqs like what to do so worms dont >> run riot? >> >> Comes in handy for that, as well as for public wifi access points. > > Everyone I speak to says something along the lines of > > "Why would I put that sort of stuff up? I want people to pay me for > that kind of clue." I did a presentation a couple of years ago at nanog on high-density conference style wireless deployments. It's in the proceedings from Scottsdale. Fundamentally the game hasn't changed that much since then: Newer hardware is a bit more robust. Centralized AP controllers are beguiling but have to be deployed with high availability in mind because putting all your eggs in a smaller number of baskets carriers some risk... If you can, deploy A to draw off some users from 2.4ghz. Design to keep the number of users per radio at 50 or less in the worst case. Instrument everything... > There are slides covering basic stuff and observations out there. > > (I'm going through a wireless deployment at an ISP conference next week; > I'll draft up some notes on the nanog cluepon site.) > > > > > Adrian >
Re: cpu needed to NAT 45mbs
Adrian Chadd wrote: > On Sat, Nov 10, 2007, Suresh Ramasubramanian wrote: > >> Speaking of all that, does someone have a "conference wireless' bcp >> handy? The sort that starts off with "dont deploy $50 unbranded >> taiwanese / linksys etc routers that fall over and die at more than 5 >> associations, place them so you dont get RF interference all over the >> place etc" before going on to more faqs like what to do so worms dont >> run riot? >> >> Comes in handy for that, as well as for public wifi access points. > > Everyone I speak to says something along the lines of > > "Why would I put that sort of stuff up? I want people to pay me for > that kind of clue." I did a presentation a couple of years ago at nanog on high-density conference style wireless deployments. It's in the proceedings from Scottsdale. Fundamentally the game hasn't changed that much since then: Newer hardware is a bit more robust. Centralized AP controllers are beguiling but have to be deployed with high availability in mind because putting all your eggs in a smaller number of baskets carriers some risk... If you can, deploy A to draw off some users from 2.4ghz. Design to keep the number of users per radio at 50 or less in the worst case. Instrument everything... > There are slides covering basic stuff and observations out there. > > (I'm going through a wireless deployment at an ISP conference next week; > I'll draft up some notes on the nanog cluepon site.) > > > > > Adrian >
RE: cpu needed to NAT 45mbs
The important thing to remember is that when you exceed 20 to 30 wireless users in a small area, your now dealing with an 'Enterprise' deployment. Lots of whitepapers exist on this subject. Design your layer 2 stuff correctly, and use L3 gear that is up to the task. If you're trying to use Linksys wireless routers to handle 400 users, you may as well try to invade a foreign country with lawn darts and a squirt gun. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Suresh Ramasubramanian Sent: Saturday, November 10, 2007 1:03 AM To: Lamar Owen Cc: nanog@merit.edu Subject: Re: cpu needed to NAT 45mbs On Nov 10, 2007 2:43 AM, Lamar Owen <[EMAIL PROTECTED]> wrote: > I'm able to get 45Mb/s through a P3-800 with a four-port NIC running NAT and > simple content filtering with SmoothWall Advanced Firewall 2 easily. Have a > box doing that right now. Speaking of all that, does someone have a "conference wireless' bcp handy? The sort that starts off with "dont deploy $50 unbranded taiwanese / linksys etc routers that fall over and die at more than 5 associations, place them so you dont get RF interference all over the place etc" before going on to more faqs like what to do so worms dont run riot? Comes in handy for that, as well as for public wifi access points. srs
Re: cpu needed to NAT 45mbs
On Sat, Nov 10, 2007, Suresh Ramasubramanian wrote: > Speaking of all that, does someone have a "conference wireless' bcp > handy? The sort that starts off with "dont deploy $50 unbranded > taiwanese / linksys etc routers that fall over and die at more than 5 > associations, place them so you dont get RF interference all over the > place etc" before going on to more faqs like what to do so worms dont > run riot? > > Comes in handy for that, as well as for public wifi access points. Everyone I speak to says something along the lines of "Why would I put that sort of stuff up? I want people to pay me for that kind of clue." There are slides covering basic stuff and observations out there. (I'm going through a wireless deployment at an ISP conference next week; I'll draft up some notes on the nanog cluepon site.) Adrian
Re: cpu needed to NAT 45mbs
On Nov 10, 2007 2:43 AM, Lamar Owen <[EMAIL PROTECTED]> wrote: > I'm able to get 45Mb/s through a P3-800 with a four-port NIC running NAT and > simple content filtering with SmoothWall Advanced Firewall 2 easily. Have a > box doing that right now. Speaking of all that, does someone have a "conference wireless' bcp handy? The sort that starts off with "dont deploy $50 unbranded taiwanese / linksys etc routers that fall over and die at more than 5 associations, place them so you dont get RF interference all over the place etc" before going on to more faqs like what to do so worms dont run riot? Comes in handy for that, as well as for public wifi access points. srs
Re: cpu needed to NAT 45mbs
On Thursday 08 November 2007, Carl Karsten wrote: > I do the networking in my house, and hang out with guys that do networking > in small offices that have a few T1s. Now I am talking to people about a > DS3 connection for 500 laptops*, and I am bing told "a p4 linux box with 2 > nics doing NAT will not be able to handle the load." I am not really > qualified to say one way or the other. I bet someone here is. I'm able to get 45Mb/s through a P3-800 with a four-port NIC running NAT and simple content filtering with SmoothWall Advanced Firewall 2 easily. Have a box doing that right now. -- Lamar Owen Chief Information Officer Pisgah Astronomical Research Institute 1 PARI Drive Rosman, NC 28772 (828)862-5554 www.pari.edu
Re: cpu needed to NAT 45mbs
A second CPU or core will help tremendously. We used to use single-CPU boxes for this and we noticed that traffic sometimes stalls when the machine has to do some task other than NATting, such as expiring idle flows. Having a second CPU or core will help keep latency much more uniform. We have a few dual 3.2Ghz Xeon boxes (not the ones based on Core, the older ones) that NAT/FW across two GE interfaces. They do quite well up to about 300Mb/s, then we start to see issues. We believe the issues are due to overloading the NB-SB link. A more modern mobo probably wouldn't have this problem. Since we are talking about PC Routers... 300Mb/s is a limitation we've seen before... especially related to Interrupts overwhelming the system. Modern ethernet cards (non-interrupt based) and a modern OS with support for all of their offloading and zero-copy functions will improve this greatly. Current FreeBSD is signficantly faster than current Linux implementations for this kind of work. But (as I told the OP privately) 45mb/s is a joke and doesn't really need anything more than a 400mhz P-II with two Intel EtherExpress cards and 1GB of RAM. Even for 4,000 downstream connections. A few $200-$300 L3 switches can do this just as well. Deepak Jain AiNET
RE: cpu needed to NAT 45mbs
> From my experience, a fast P4 linux box with 2 good NICs can NAT > 45Mbps easily. I am NAT/PATing >4,000 desktops with extensive > access control lists and no speed issues. This isn't over a 45Mb > T3--this is over 100 Mb Ethernet. > > --Patrick Darden > --ARMC, Internetworking Manager A second CPU or core will help tremendously. We used to use single-CPU boxes for this and we noticed that traffic sometimes stalls when the machine has to do some task other than NATting, such as expiring idle flows. Having a second CPU or core will help keep latency much more uniform. We have a few dual 3.2Ghz Xeon boxes (not the ones based on Core, the older ones) that NAT/FW across two GE interfaces. They do quite well up to about 300Mb/s, then we start to see issues. We believe the issues are due to overloading the NB-SB link. A more modern mobo probably wouldn't have this problem. DS
Re: cpu needed to NAT 45mbs
On 11/8/07, Carl Karsten <[EMAIL PROTECTED]> wrote: > > I do the networking in my house, and hang out with guys that do networking in > small offices that have a few T1s. Now I am talking to people about a DS3 > connection for 500 laptops*, and I am bing told "a p4 linux box with 2 nics > doing NAT will not be able to handle the load." I am not really qualified to > say one way or the other. I bet someone here is. how about just looking at what a production MSSP would roll out for a similar situation.. a nokia ip530-class box (I think it's a ip580 these days) with Checkpoint as the 'firewall'... Certainly (poke fbsd fanboys) a fbsd box of similar config can perform as well, yes? :) I recall the ip530 being an intel P3-ish system (http://www.google.com/search?hl=en&q=nokia+ip530&btnG=Google+Search) I think we selected these at a past job because it could handle 2 quad FE cards and a DS3 card...
Re: cpu needed to NAT 45mbs
Darden, Patrick S. wrote: > > From my experience, a fast P4 linux box with 2 good NICs can NAT > 45Mbps easily. I am NAT/PATing >4,000 desktops with extensive access > control lists and no speed issues. This isn't over a 45Mb T3--this > is over 100 Mb Ethernet. NAT processing requirement thresholds are all about *flows* per second, not *bytes* per second. Once you have a cached flow, it's trivial. The overhead of statefully tracking flows, setup, teardown, timeouts, housecleaning, etc., are the limiting factors. If you want to stress-test it, you should benchmark it with SQL Slammer :-) Jeff
Re: cpu needed to NAT 45mbs
> I do the networking in my house, and hang out with guys that do networking in > small offices that have a few T1s. Now I am talking to people about a DS3 > connection for 500 laptops*, and I am bing told "a p4 linux box with 2 nics > doing NAT will not be able to handle the load." I am not really qualified > to > say one way or the other. I bet someone here is. So, are they Microsoft fans, or Cisco fans, or __ fans? For any of the above, you can make the corresponding product fail too. :-) The usual rules for PC's-as-routers apply. You can find extensive discussions of this on lists such as the Quagga list (despite the list being intended for routing _protocols_ rather than routing platforms) and the Soekris (embedded PC) lists. Briefly, 1) Small packet traffic is harder than large packet traffic, 2) Good network cards and competent OS configuration will help extensively, 3) The more firewall rules, the slower things will tend to be (highly implementation-dependent) 4) In the case of NAT, it would seem to layer some additional delays on top of #3. We've successfully used a carefully designed FreeBSD machine (PIII-850, dual fxp) as a load balancer in the past, which shares quite a few similarities to a NAT device. The great upside is complete transparency as to what's happening and why, and the ability to affect this as desired. I don't know how close we ran to 100Mbps, but I know we exceeded 45. With sufficient speed, you can make up for many sins, including a relatively naive implementation. With that in mind, I'd guess that you are more likely to be successful than not. The downside is that if it doesn't work out, you can recycle that PC into a more traditional role. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
RE: cpu needed to NAT 45mbs
>From my experience, a fast P4 linux box with 2 good NICs can NAT 45Mbps >easily. I am NAT/PATing >4,000 desktops with extensive access control lists >and no speed issues. This isn't over a 45Mb T3--this is over 100 Mb Ethernet. --Patrick Darden --ARMC, Internetworking Manager -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Carl Karsten Sent: Thursday, November 08, 2007 2:25 PM To: nanog@merit.edu Subject: cpu needed to NAT 45mbs I do the networking in my house, and hang out with guys that do networking in small offices that have a few T1s. Now I am talking to people about a DS3 connection for 500 laptops*, and I am bing told "a p4 linux box with 2 nics doing NAT will not be able to handle the load." I am not really qualified to say one way or the other. I bet someone here is. * for wifi, going to be using this system: http://wavonline.com/vendorpages/extricom.htm March 13-17 (testing a week or 2 before) for PyCon in Chicago. If anyone wants to see it in action, etc. drop me a line. Carl K
cpu needed to NAT 45mbs
I do the networking in my house, and hang out with guys that do networking in small offices that have a few T1s. Now I am talking to people about a DS3 connection for 500 laptops*, and I am bing told "a p4 linux box with 2 nics doing NAT will not be able to handle the load." I am not really qualified to say one way or the other. I bet someone here is. * for wifi, going to be using this system: http://wavonline.com/vendorpages/extricom.htm March 13-17 (testing a week or 2 before) for PyCon in Chicago. If anyone wants to see it in action, etc. drop me a line. Carl K
