[KLUG Members] Re: Members Digest, Vol 7, Issue 3

Randall Perry RandallP at domain-logic.com
Thu Dec 2 11:06:45 EST 2004
Previous message: [KLUG Members] xfsdump
Next message: [KLUG Members] Win32 "mail" equivalent?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 05:37 PM 12/1/2004, you wrote:
>Date: Wed,  1 Dec 2004 10:44:57 -0500
>From: Adam Tauno Williams <adam at morrison-ind.com>
>Subject: Re: [KLUG Members] Re: VoIP router choice
> > To clarify...are you including the Cisco-labelled Linksys
> > products on store shelves?  um, yeah. those are _GREAT_ (and they _are_
>cisco).
> > Well, to add some more clarity, the WRT54G is both a Cisco product and a
> > Linux product.
>These may be great, but they aren't routers.  They may be partly routers but
>really they are something else + some router functionality.
Out of the box, technically they are just PAT gateways (not even real NAT 
or masquerading).
But..being a box that can run Linux, it can be route, stateful inspection 
firewall, IDS, whatever.

(for those that are scratching their heads:  it technically is not a 
'router' because
it does not manage routing tables to different networks.  Granted, you 
would not have
to edit these by hand, but you could use RIP, OSPF, etc.  Basically, it is 
just a 'gateway'
that pushes everything up to the next hop).

>IBM makes PCs too, but I don't usually buy them.  PCs, like things like WAPs,
>are just so much disposable crud, if it has a problem you junk it and swap in
>another one.  Buy the cheapest you can find. But routers are like servers, 
>they
>have hundreds or thousans of people depending on them for everything they 
>do, so
>they need to quietly sit in a rack somewhere an hummmm away the years while
>requiring the absolute minimum amount of attention.
Agreed, PCs are commodities (game machines and workstations are not part of 
that).
The same could be said, though about web cachine appliances, SANs storage 
boxes, etc.
It really depends on specific implementation.

> > > We do VOIP between 14 sites on point to point circuits and frame and
> > > ISDN.  For something like VOIP I wouldn't even THINK FOR ONE SECOND
> > > about using something other than Cisco.  We started with Nortel and not
> > > even the phone company could make it work (although that may not really
> > > be saying much).  Swapped out and installed all Cisco gear.... works!
> > > Sometimes you just have to spend the money.
> > If you want to blow money, then you can read the InfoWorld article on VoIP
> > friendly firewalls from Ingate, SonicWall (page24 of issue 47).
>Firewalls and routers aren't the same thing.
Yes, this is addressing the issue of proper firewalls allowing traffic to 
pass properly in and out.
(and while a Cisco router would address the packet prioritization, they 
sell PIX for real firewalling)
That is not to say, however, that the services are exclusive of each other.
The functions can both occur on the same box and there is a grey area where
one fades to another.  (not at the actual service or protocol layer, but at 
network model where you place devices to protect and balance).

I understand that your network is probably alot larger than Rusty's with 
devices inplace for specific functions.
But, oftentimes (for smaller settings, not unlike Rusty's situation at 
hand--which is the specific problem we are looking at)
a single Linux box will run wondershaper, squid, ipchains and snort.

IPCop is a specific example of a distro that functions as a router, 
firewall, intrusion detection system, DHCP server, Proxy, etc

> > I wouldn't chalk up that Nortel issue to Nortel.  (incompetent or lazy
> > techs).
>
>Well, Notel flew out two of their own techs, and they spent a couple of days
>playing with it... and it still didn't work.
Ok, now that really does sound like a Nortel issue
(although I have heard similar war stories of Cisco equipment problems at a 
hospital).

> > I used to manage by hand all the IOS rules and shaping.
> > It is just so much easier to do that on the Linux box (out of familiarity
> > and efficiency...I can apply that concept to the T1, wifi, Cable, DSL
>business
> > 'net connections I have)
>
>All my firewalls are Linux boxes, for simple sites I like floppyfw
>(http://www.zelow.no/floppyfw/), no moving parts so it is very router-like.  I
>manage all my firewalls with fwbuilder
>(http://www.fwbuilder.org/archives/cat_about.html) which is a fabulous app.
Good examples.
Freesco is another, but that has so many plugins and features it outgrows 
it role
as 'Free Cisco replacement'.   LRP is nice.

Booting from floppy or cd (write protected storage) is nice because once 
it's in RAM
it is not needed.
Firewalls need somewhere to log everything (over NFS not a good idea)

>From: Adam Tauno Williams <adam at morrison-ind.com>
>Subject: Re: [KLUG Members] Re: VoIP router choice
> > Does anyone know of a good T1 card that works with Linux?
>Both Digium and Cyclades make these cards. (Last I knew anyway).
I don't keep up with those.  They can get expensive if you can't get it off 
auction or
a good contact.

> > Will IPCop  work with the T1 card?
>No idea.
Yes, but would require a bit of elbow grease.
(not the ideal situation).

> > What exactly has to be done to do the VoIP on the Cisco router?
>Here is the relevant slices of a Cisco configuration,  the included 
>interface is
>a frame relay PVC (just for example of how to apply the QoS to the interface).
<snip>
Clean and to-the-point. Nice.
I am not sure how much Rusty wants to actually dedicate for the Voice portion,
or even what kind of service level his provider has given him.
A Private Virtual Circuit certainly is not treated the same as a business 
DSL account
or those $500/month 'T1' lines.
Then again, if the ISP is shaping traffic between you and their carrier, 
you will have
performance issues beyond your control.  (more likely to happen at smaller 
ISPs that deal
with SMB and residential)

> > What  will happen without it?  Will it work but degrade the sound?
Only if you don't use your data at that time.
If someone starts downloading bit-torrents, then it will SUCK that baby dry 
of bandwidth.
(of course, your VPN tunnels, HTTP, and email transfers would suffer as well)

Also consider what is at the receiving end.
If you cannot guarantee a certain slice of bandwidth at the client end 
(like a small remote branch on a cablemodem)
then you will still have quality problems.

Managed carriers are another option, but then the price isn't as nice.



*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.
      Randall Perry
      Domain Logic Technology Solutions
      http://www.domain-logic.com
      1(574) 220-1545
Previous message: [KLUG Members] xfsdump
Next message: [KLUG Members] Win32 "mail" equivalent?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Members mailing list