Routing of 1Gbit internet

Eranos · Jun 21, 2010, 7:12 PM

Hey.

I am the organizer of a rather large LAN in denmark. We need to route a 1gbit internet connection to 600 users, and as you might've guessed, there's gonna be some heavy load on it. We suspect that many will try to max the connection, to get the "whoa" effect - some of these through different torrent softwares etc. What sort of hardware would be required to route this event ?

Best regards,
Eranos

Supermule · Jun 21, 2010, 7:22 PM

Davs du. Du skal ha' fat i rigtigt serverjern med Intel NIC's der kan håndtere tcp/ip offloading.

Hvad er dit budget?

Eranos · Jun 21, 2010, 7:28 PM

Jamen det er jo det - vi prøver at se hvor stor en server der skal til, så vi har en ide om udgiften :)

Jeg har et par af disse servere til at stå herhjemme, og tænker om de kan trimmes til opgaven, eller hvad snakker vi ?

Intel Xeon 2,8Ghz Single core (2 stk pr server)
3Gb Ram
2x1gbit Intel Nic (Server grade på PCI-X)
2x10K RPM scsci diske

Supermule · Jun 21, 2010, 7:43 PM

Det kan de godt…. :) Ingen problemer dér.

Er det X345??

Eranos · Jun 21, 2010, 8:13 PM

Godt nok :) Det er nogle "hjemmebyggede" servere baseret på Tyan bundkort i nogle fine 1U chenbro kabinetter :)

Men takker for dit svar - så prøver vi det… Er lidt svært at finde lignende scenarier på nettet ::)

Supermule · Jun 21, 2010, 8:17 PM

Jeg kører PFsense i et failover scenarie på 2x1 gbit. Og det egner det sig godt til…

GruensFroeschli · Jun 22, 2010, 3:18 PM

Hi
I think my post from quite some time ago might be interesting for you:

@GruensFroeschli:

Nice :)
Well if you have that much bandwidth at hand i suppose you also have appropriate hardware otherwise.
You could split your LAN in multiple DHCP-domains with different gateways but with the users still in the same broadcast-domain.

I'd do this with VLAN's.
Have every client in two VLAN's.
Say VLAN 42 for the broadcast domain.
Everyone in this VLAN can talk with each other.
–> Only clients are in this VLAN (defined by PVID) but not the pfSense.
Additionally every pfSense has its own VLAN.
Say VLAN 100, 200 and 300 (again by the PVID).

Now if a client requests an IP all pfSenses will receive the request.
But only the pfSense on the corresponding VLAN can answer.

NOTE:
The VLAN should NOT be configured on the pfSense.
Egress all packets on all ports untagged (well except the trunks to connect all the switches ;) ).
Inbound packets of the clients should have the PVID of the global domain --> 42
Inbound packets of the pfSense should have the local PVID --> 100, 200 or 300
All ports are members of 42
Only the ports of the local domain are member of 100, 200 or 300.

pfSense1: 10.0.0.1/16 - DHCP-range 10.0.0.2/16 to 10.0.0.255/16, gateway 10.0.0.1
pfSense2: 10.0.1.1/16 - DHCP-range 10.0.1.2/16 to 10.0.1.255/16, gateway 10.0.1.1
pfSense3: 10.0.2.1/16 - DHCP-range 10.0.2.2/16 to 10.0.2.255/16, gateway 10.0.2.1