Re: [swinog] VDSL/Zyxel P2802 HWL not strong enough for a small company LAN?
Re-bonjour, On Wed, 2008-03-05 at 14:31 +0100, Olivier Mueller wrote: What would you try next? If you think I should get some more hardware (and use the Zyxel as a bridge), what would you then recommend ? Thanks again for all your helpful answers to my initial post. I took the Alix Board pfSense solution, and it is now up running live since two days, with a bridged Zyxel P2802. Jabber ssh connections are now stable (not a single timeout since the activation), and everything else is still working fine with a good performance, so I guess the initial problem was solved. Time spent: - 1h for reading/posting on the swinog ML :) - 30min to organize the hardware (thanks to Filip @ Webkitchen.ch!) - 30min to find the proper null-modem adapter and especially gender-changer: 2x 9pin/F (merci Ueli :-) - 3h for RTFM, setup testing - 15min for the going live - 20min to solve some small issues with suggestions/help from #swinog irc channel Bonus: PPTP VPN server installed and activated in 5 minutes. So at the moment, I am quite happy with this http://www.pfsense.com/ based setup. Testing will continue for about 1-2 weeks, and if everything remains fine, I will add a backup device to the setup. Regards happy Easters, Olivier ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] VDSL/Zyxel P2802 HWL not 'strong' enough for a small company LAN?
- Original Message From: Manuel Krummenacher [EMAIL PROTECTED] You're right, I didn't think of that point. As a linux guy, I know what things like dd and /dev/sdb mean, but a windows admin would have to spend some time to get the point. If I would have to configure a PIX, I had to read through the documentation for at least 4 hours. ;-) just my two cents, I'm vendor-agnostic, and open source supporter :-) I'm pleased to hear that! ;-) If you need (or want) to install pfSense, I would be happy to help you. I'm afraid I would do that myself quite easily (http://sinyagin.pp.ru/resume.html) ;-) But again, what works for few geeks may not be a proper business solution :-) ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] VDSL/Zyxel P2802 HWL not strong enough for a small company LAN?
Salut Olivier, We are using ZyXEL ZyWALL1050/USG1000/USG300 behind various P-2802. In most case, we have some green.ch public IP address subnet, the P-2802 is running as (br-)router, smaller installations PPPoE is terminated on the ZyWALL. As wholesales VDSL2 is PPPoE only, there is no advantage in terminating the tunnel direct on the router as in the ADSL times using PPPoA then. Please contact me off-list for some more in-depth P-2802 information. Regards, -Kurt. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Olivier Mueller Sent: Wednesday, March 05, 2008 2:32 PM To: [EMAIL PROTECTED] Subject: [swinog] VDSL/Zyxel P2802 HWL not strong enough for a small company LAN? snip ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] VDSL/Zyxel P2802 HWL not strong enough for a small company LAN?
you wrote nothing about line usage i´d recomend to graph the dsl-line-usage on a 1 second intervall-base to see if you have peaks. additionally put a icmp paket loss to it - then you see if line usage corresponds to paket or link loss. also have a look for link loss - check your modem if the dsl link was rebuilt in problem times - frequency problems on the copper lines grows - so it´s normal that lines begin to get bad while dsl-line count in the neighbourhood grows. check if your router log´s that - also check link status with your provider - if the dsl line is on the edge of maximum speed it could help to reduce bandwith with x percent (eg: 20%) and of course: check if you have viruses in the lan - there are a lot of mass-spreading viruses who can sit on a user´s notebook and overload the router nat table and causes such problems... i hope this basic recomendations can help you gruezi from austria :-) bernd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Olivier Mueller Sent: Wednesday, March 05, 2008 2:32 PM To: [EMAIL PROTECTED] Subject: [swinog] VDSL/Zyxel P2802 HWL not strong enough for a small company LAN? Hello, bonjour, I'm not sure it is the right place to ask this, but as most the members of this list are working for companies selling *DSL services, maybe there will be a match :) The network of one of the companies I'm working for is connected to internet simply via a green.ch VDSL line, over a Zyxel P2802. Everything was fine until a few weeks ago, and now I'm getting more and more Timeout, server not responding. messages in my (even active) terminals connected via ssh to remote hosts, and jabber/imap/etc. connections are getting randomly disconnected too after a few minutes or hours. I guess it's a problem related to the company size: it grew during the last months, and now there are about 20 employee, which makes about 40-50 terminals (PC + VoIP Phones + a few internal servers) connected to the LAN. Is it possible that the Zyxel device is not the proper one anymore for this case? Rebooting doesn't really help, and there are no special messages in the logs, CPU Usage ~ 13%, Memory Usage ~ 60%. Feedback from Studerus Support was to upgrade the Firmware, but it was already up to date... I have the same Router @home and never got this kind of issue. What would you try next? If you think I should get some more hardware (and use the Zyxel as a bridge), what would you then recommend ? Thanks for your attention a nice end of week to you :-) Olivier ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] VDSL/Zyxel P2802 HWL not 'strong' enough for a small company LAN?
Hello! On Wed, March 5, 2008 2:31 pm, Olivier Mueller wrote: Is it possible that the Zyxel device is not the proper one anymore for this case? I don't know the situation on current Zyxel hardware, but my Prestige 642R couldn't handle all connections for my needs. What would you try next? If you think I should get some more hardware (and use the Zyxel as a bridge), what would you then recommend ? I personally would buy an Alix board from pcengines.ch (costs about CHF 150 with 3 LAN interfaces), install pfSense on it, switch the Zyxel to bridge mode and be happy. ;-) With the Alix, you would also gain extra benefits like complex packet filter rules, traffic shaping, traffic graphs etc. (see pfsense.com for full feature list). Regards, Manuel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] VDSL/Zyxel P2802 HWL not strong enough for a small company LAN?
On Wed, 2008-03-05 at 14:50 +0100, Spiess Bernd wrote: you wrote nothing about line usage Right: it's for a web-design company, so 80% download (http), 20% upload (sftp/scp/ftp/rsync), no p2p (afaik and according to ntop :-), Jabber clients everywhere. I see no traffic peaks, just these disconnects... i´d recomend to graph the dsl-line-usage on a 1 second intervall-base to see if you have peaks. additionally put a icmp paket loss to it - then you see if line usage corresponds to paket or link loss. ok, thanks for all the suggestions (and the other posts on the list), I'm sure some of them will help! regards, Olivier ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] VDSL/Zyxel P2802 HWL not 'strong' enough for a small company LAN?
Manuel Krummenacher schrieb: I personally would buy an Alix board from pcengines.ch (costs about CHF 150 with 3 LAN interfaces), install pfSense on it, switch the Zyxel to bridge mode and be happy. ;-) With the Alix, you would also gain extra benefits like complex packet filter rules, traffic shaping, traffic graphs etc. (see pfsense.com for full feature list). Seconded. I've got a previous-generation WRAP board with pfSense (just upgraded to the recently released 1.2). It should be noted that pfSense also does IPSEC and OpenVPN SSL-VPN and a host of other things. I'm not sure how much bandwidth the Alix-boards can shuffle, but my WRAP is supposed to max out somewhere in the 30MBit range. You can also install it on an old PC and temporary replace the Zyxel, to get some idea about the current traffic pattern. Rainer ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] VDSL/Zyxel P2802 HWL not strong enough for a small company LAN?
Olivier Mueller wrote: I see no traffic peaks, just these disconnects... If it's any help to you - we've also been seeing many disconnects in the last 1-2 weeks. Not on VDSL, just plain ADSL. Typically every day we would have 3-4 quick disconnects during the night, then maybe a few in the morning too. It has stopped since the weekend I think. /Per Jessen, Herrliberg -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] VDSL/Zyxel P2802 HWL not 'strong' enough for a small company LAN?
according to what this guy writes, http://rockpenguin.wordpress.com/2008/02/23/installing-pfsense-on-the-alix2c1/ such thing as a firewall based on Alix platform requires at least few days of work for a guy on a salary with nothing else to do :) If you start counting the cost of worktime to have it up and running, probably any off-the-shelf firewall would be much more affordable. Or even a Cisco 8XX router, whatever current SoHo series they have :) - Original Message From: Rainer Duffner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 5, 2008 3:39:54 PM Subject: Re: [swinog] VDSL/Zyxel P2802 HWL not 'strong' enough for a small company LAN? Manuel Krummenacher schrieb: I personally would buy an Alix board from pcengines.ch (costs about CHF 150 with 3 LAN interfaces), install pfSense on it, switch the Zyxel to bridge mode and be happy. ;-) With the Alix, you would also gain extra benefits like complex packet filter rules, traffic shaping, traffic graphs etc. (see pfsense.com for full feature list). Seconded. I've got a previous-generation WRAP board with pfSense (just upgraded to the recently released 1.2). It should be noted that pfSense also does IPSEC and OpenVPN SSL-VPN and a host of other things. I'm not sure how much bandwidth the Alix-boards can shuffle, but my WRAP is supposed to max out somewhere in the 30MBit range. You can also install it on an old PC and temporary replace the Zyxel, to get some idea about the current traffic pattern. Rainer ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] VDSL/Zyxel P2802 HWL not 'strong' enough for a small company LAN?
On Wed, March 5, 2008 9:45 pm, Stanislav Sinyagin wrote: according to what this guy writes, http://rockpenguin.wordpress.com/2008/02/23/installing-pfsense-on-the-ali x2c1/ such thing as a firewall based on Alix platform requires at least few days of work for a guy on a salary with nothing else to do :) If you start counting the cost of worktime to have it up and running, probably any off-the-shelf firewall would be much more affordable. Or even a Cisco 8XX router, whatever current SoHo series they have :) I get your point. You have to do some work to get it running, but its far away from days. If you don't need serial access, you can skip the part with the baud-rate configuration. The interfaces can be assigned from the web interface. (And you don't have to unmount the CF card as stated in the article, because dd doesn't need it mounted.) I get an ALIX up and running in about an hour incl. (simple) configuration. And at least you get a nice enclosure. There's no cool company logo on it, but it doesn't look like homemade. By the way, if you want a turn-key solution, you can buy it assembled and installed: http://shop.a-enterprise.ch/product_info.php?manufacturers_id=12products_id=29 However, there is a downside: You get no support for the entire product. If the hardware fails and the boards are sold out, you probably have to wait rather long. (But at this price, I always have a board in reserve.) Regards, Manuel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] VDSL/Zyxel P2802 HWL not 'strong' enough for a small company LAN?
- Original Message From: Manuel Krummenacher [EMAIL PROTECTED] I get your point. You have to do some work to get it running, but its far away from days. If you don't need serial access, you can skip the part with the baud-rate configuration. The interfaces can be assigned from the web interface. (And you don't have to unmount the CF card as stated in the article, because dd doesn't need it mounted.) I get an ALIX up and running in about an hour incl. (simple) configuration. + 3-4 hours to read all the pieces of documentation, choosing the right board that you want to use, all the software options that are available, adding the wireless cards of proper vendor, chatting on this list etc. + 1 hour, as you say, to assemble it all together and boot for the first time + 1-2 hours to get through all the configuration options and getting to know the product + 1 hour to build a proper backup solution At the end of the day, you get your firewall which will most probably need few hours more for fine-tuning etc. For my own office, I would consider this as an option. If I'd intend to install it to a customer, it needs at least few dozens of installations before it pays back all the invested time. For a small number of installations, a small Cisco PIX firewall might be much easier to get. just my two cents, I'm vendor-agnostic, and open source supporter :-) ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] VDSL/Zyxel P2802 HWL not 'strong' enough for a small company LAN?
On Wed, March 5, 2008 11:26 pm, Stanislav Sinyagin wrote: + 3-4 hours to read all the pieces of documentation, choosing the right board that you want to use, all the software options that are available, adding the wireless cards of proper vendor, chatting on this list etc. You're right, I didn't think of that point. As a linux guy, I know what things like dd and /dev/sdb mean, but a windows admin would have to spend some time to get the point. If I would have to configure a PIX, I had to read through the documentation for at least 4 hours. ;-) just my two cents, I'm vendor-agnostic, and open source supporter :-) I'm pleased to hear that! ;-) If you need (or want) to install pfSense, I would be happy to help you. Regards, Manuel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
