4 NICs, 3 nets one and confused bunny in over his head

Hi All,

Have been looking through this group a bit but was unable to find
anything matching my, somewhat excentric, idea.
Basically I have a small home network with 3 PCs and a MDK 9.1 "server"
(I know, old but so is the CPU).
Anyways, in my glorious spur of the momentness I have gone out and
bought a Zyxel Prestige 2002 ATA that I obviously plan to use. I would
really like to take advantage of the fact that this ATA comes with built
in QOS rules as I have had nothing but trouble out of the Shorewall QOS
setup. Here is the problem, the Linux server currently works as a bit of
a Switch/Router (probably more the 1st than the 2nd and please don't
worry about security right now, I know...) running on 4 different
networks, once my ATA arrives it was my plan to use the passthrough port
in the ATA to connect a HUB and connect the other end to the server,
allowing me to run the whole network off one NIC effectively cutting out
the need for 2 of the 4 NICs currently in the machine... Here's where it
gets tricky, Essentially, the net would look like this:

------------------- ------- ------- ----------- -------
| LAN |-----| HUB |-----| ATA |-----| MDK Box |---| NET |
------------------- ------- ------- ----------- -------

What I hadn't considered before I put in the order for the ATA was that,
as the NET connection is 10Mb/128kbps and the ATA's QOS would probably
need to be configured with these speeds I would limit any connections to
the MDK box to these speeds, effectively rendering the server
functionality useless..

So, in order to get around this without ruining the fun I'm having with
learning something about Linux and routing (and without having to spend
more money ;O) I came up with the hair brain scheme of seeings if it was
possible to solve this problem with a bit of a workaround...
Basically I was thinking about trying to put all the NICs into use after
all, designing a network that looks like this:

-------
| LAN |
-------
|
|
------- ----------------
| HUB |---| MDK Box Eth3 |
------- -------------------------
Just routed on the box ==> | MDK Box Eth2 |
----------------
|
|
------- ----------------
| ATA |---| MDK Box Eth1 |
------- ------------------- ---------
Again routed on the box ==> | MDK Box Eth0 |---| I-Net |
---------------- ---------

The problem is that cannot put the ATA between Eth0 and the net as my
ISP provides IPs dynamically and only provides one IP pr. account so for
this to work it is more or less essential that all traffic between the
LAN and the net goes via the network cables to the ATA and back...
So here's the question: What do you reckon, could this actually be done?
Clumpsy and odd as it might look?
And if so, do you have any idea about what to do and possibly be aware off?

Any help would be greatly appreciated as I really am in over my head...
as you may have gathered.

Have a nice day,
Neb

> -------
> | LAN |
> -------
> |
> |
> ------- ----------------
> | HUB |---| MDK Box Eth3 |
> ------- -------------------------
> Just routed on the box ==> | MDK Box Eth2 |
> ----------------
> |
> |
> ------- ----------------
> | ATA |---| MDK Box Eth1 |
> ------- ------------------- ---------
> Again routed on the box ==> | MDK Box Eth0 |---| I-Net |
> ---------------- ---------
>
> The problem is that cannot put the ATA between Eth0 and the net as my
> ISP provides IPs dynamically and only provides one IP pr. account so for
> this to work it is more or less essential that all traffic between the
> LAN and the net goes via the network cables to the ATA and back...

I don't understand this, but I don't know anything about VoIP, so I'll take
your word for it.

> So here's the question: What do you reckon, could this actually be done?
> Clumpsy and odd as it might look?

Sure; it just requires the right routing rules. But it looks to me as
though the reason for your complexity here is that there's some requirement
that all of your LAN traffic pass through the ATA. Why, for example,
couldn't you just hang the ATA separately as a terminal node off of the
hub, or off of one of those four NICs on the Mandrake box? Is there
something about the VoIP or QOS (neither of which I know anything about)
that requires you to pass all of your traffic through the ATA?

--
To reply by email, change "deadspam.com" to "alumni.utexas.net"

Andrew Schulman wrote:
>
>
>>So here's the question: What do you reckon, could this actually be done?
>>Clumpsy and odd as it might look?
>
>
> Sure; it just requires the right routing rules.

But wouldn't the routing rules be reset at every restart leaving the
machine with 2 nics on the same network both set as the default route to
that network?

> Is there
> something about the VoIP or QOS (neither of which I know anything about)
> that requires you to pass all of your traffic through the ATA?
>

The reason why I am trying to pass all of my Net traffic through the ATA
is that the ATA comes with QOS built in and I would really like these
QOS rules to guide the traffic on the network. As far as I can see, for
this to happen all Net traffic has to go through the ATA, so I can't
just hang it off the HUB as the traffic would no longer be rung through
the ATA and thus wouldn't be subject to the built in QOS rules.
The problem is that I can't hook the ATA up between the HUB and server
for the same reason that I can't just hook it up off the HUB, if I do
that, all traffic going to the server will be subject to the ATA's QOS
rules. If my understanding of QOS is correct that would essentially mean
limiting all traffic between the LAN and the server to the same speed as
the Net link, in order for QOS to be effective.

I hope that makes sense, my apologies if I didn't express myself clearly
enough.

> Andrew Schulman wrote:
>>
>>
>>>So here's the question: What do you reckon, could this actually be done?
>>>Clumpsy and odd as it might look?
>>
>>
>> Sure; it just requires the right routing rules.
>
> But wouldn't the routing rules be reset at every restart leaving the
> machine with 2 nics on the same network both set as the default route to
> that network?

Yes, but that's what boot scripts are for. A few static routing rules
and/or iptables FORWARD rules are easy to reinstall in a boot script.

>> Is there
>> something about the VoIP or QOS (neither of which I know anything about)
>> that requires you to pass all of your traffic through the ATA?
>>
>
> The reason why I am trying to pass all of my Net traffic through the ATA
> is that the ATA comes with QOS built in and I would really like these
> QOS rules to guide the traffic on the network. As far as I can see, for
> this to happen all Net traffic has to go through the ATA, so I can't
> just hang it off the HUB as the traffic would no longer be rung through
> the ATA and thus wouldn't be subject to the built in QOS rules.
> The problem is that I can't hook the ATA up between the HUB and server
> for the same reason that I can't just hook it up off the HUB, if I do
> that, all traffic going to the server will be subject to the ATA's QOS
> rules. If my understanding of QOS is correct that would essentially mean
> limiting all traffic between the LAN and the server to the same speed as
> the Net link, in order for QOS to be effective.

OK, I get it. I told you I didn't know anything about QOS...

--
To reply by email, change "deadspam.com" to "alumni.utexas.net"

> ----------- ------- ------- ----------- -------
> | LAN |-----| HUB |-----| ATA |-----| MDK Box |---| NET |
> ----------- ------- ------- ----------- -------

A gentle reminder: don't use tabs in ASCII art; it will always come out
wrong.

> What I hadn't considered before I put in the order for the ATA was that,
> as the NET connection is 10Mb/128kbps and the ATA's QOS would probably
> need to be configured with these speeds I would limit any connections to
> the MDK box to these speeds, effectively rendering the server
> functionality useless..

Okay, let me see if I understand this.

If you put ATA between HUB and MDK, then you'll have to limit LAN-MDK
traffic to 10M/128K in order to match your MDK-NET bandwidth for QOS
purposes.

But why not put ATA between MDK and NET? Then you don't have to limit
your LAN bandwidth, since ATA isn't part of the LAN. The QOS rules will
take account of all traffic between MDK and NET, and only that traffic--
no LAN traffic. This seems to me to be the right thing to do, assuming
you're calling out to the NET, and not in to your LAN. Your voice
traffic is between ATA and NET and so should be balanced against your
other traffic between MDK and NET. Or am I missing something?

Of course that would make ATA a potential bottleneck between NET and
MDK, since all of their traffic has to pass through it. But I expect
that ATA is fast enough for that not to be noticeable.

--
To reply by email, replace "deadspam.com" by "alumni.utexas.net"