LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-31-2020, 04:54 PM   #1
swapjim
LQ Newbie
 
Registered: Aug 2015
Posts: 10

Rep: Reputation: Disabled
what's the name for what I want to do?


I want to do two things on my network and I need to know how they're called so I can start researching.

Here's what I want to do.

I've got a 100/10 (down/up) mbit line and I want to slice it into two parts: 80/9 and 20/1. Each part will go to a different switch and several machines will be behind each switch. So it will effectively become two separate networks.

There will be people doing gaming, VoIP, streaming, browsing, BitTorrent, etc, in each network and as I understand it gaming and VoIP need prioritization so as not to lag, so I need that too.

Additionally, it would be really nice if I could add a WiFi SSID to the first network and abide by the limits of the first network.

So, how are these two things called?

As a bonus, if you feel like it, you can give me some iptables rules I can start playing with.
 
Old 03-31-2020, 05:12 PM   #2
designator
Member
 
Registered: Jun 2003
Location: California, USA
Distribution: OpenSUSE Tumbleweed
Posts: 219

Rep: Reputation: 37
What you're looking for is QOS. Your Linux box is your router?
 
Old 03-31-2020, 06:51 PM   #3
swapjim
LQ Newbie
 
Registered: Aug 2015
Posts: 10

Original Poster
Rep: Reputation: Disabled
No, I'll be buying some dedicated equipment for this task. It'll either be an off-the-shelf solution --some VDSL routers can do this and some can run OpenWRT-- or an ARM board that runs Linux or OpenBSD (I really liked pf in FreeBSD but it's lagging in comparison to OpenBSD's). There are pros and cons in both solutions.
 
Old 03-31-2020, 09:00 PM   #4
jefro
Moderator
 
Registered: Mar 2008
Posts: 19,852

Rep: Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086
Almost every soho device has QOS. There are other ways to "network shape" too.

If one has to have speed then a dedicated hardware device tends to have the most options down to how to route the traffic based on the first packet even. That tends to be commercial devices. Running a high quality home router with or without Openwrt/tomato/merlin sort of firmware may be OK for your needs.

Software solutions tend to be a bit slower but you'd need to know your needs.

Sometimes it a bit difficult to manage tcp/ip protocols if they don't use dedicated ports. There may be some solutions to that based on traffic inspection.

https://en.wikipedia.org/wiki/List_o...mware_projects

Last edited by jefro; 03-31-2020 at 09:04 PM.
 
Old 03-31-2020, 11:40 PM   #5
designator
Member
 
Registered: Jun 2003
Location: California, USA
Distribution: OpenSUSE Tumbleweed
Posts: 219

Rep: Reputation: 37
I'd suggest pfSense. Minimal hardware requirements and relatively flat learning curve with lots of support available online. I've been running it both at home and set up multiple clients with pfSense based solutions for their small offices and it is super stable and great to work with.
 
Old 04-01-2020, 07:29 AM   #6
swapjim
LQ Newbie
 
Registered: Aug 2015
Posts: 10

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jefro
If one has to have speed then a dedicated hardware device tends to have the most options down to how to route the traffic based on the first packet even. That tends to be commercial devices. Running a high quality home router with or without Openwrt/tomato/merlin sort of firmware may be OK for your needs.

Software solutions tend to be a bit slower but you'd need to know your needs.
Hardware device means doing networking calculations on the CPU, which a cheap ARM board doesn't do?

A software solution is a firewall running without, lets say, CPU acceleration?

And 100mbits is borderline where a software solution would be okay?

Is this what you mean?

Quote:
Originally Posted by jefro
Sometimes it a bit difficult to manage tcp/ip protocols if they don't use dedicated ports. There may be some solutions to that based on traffic inspection.
Today, almost all traffic is encrypted. I was betting that I would find the port of each service, or just simply prioritize anything UDP -- games and VoIP use UDP, right?

Quote:
Originally Posted by designator
I'd suggest pfSense. Minimal hardware requirements and relatively flat learning curve with lots of support available online. I've been running it both at home and set up multiple clients with pfSense based solutions for their small offices and it is super stable and great to work with.
pfSense was my first thought but they did change the UI at some point and it became very complex for my taste, and they might do it again in the future. From a little searching I see that what I want to do is really simple, like 30 lines of iptables or pf commands, and it's going to stay like this. So a machine that runs *nix and loads 30 rules of firewall seems more robust. Another idea is to load pfSense, do the configurations I need and grab the pf lines it generates.

Last edited by swapjim; 04-01-2020 at 07:33 AM.
 
Old 04-01-2020, 02:46 PM   #7
jefro
Moderator
 
Registered: Mar 2008
Posts: 19,852

Rep: Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086Reputation: 3086
"Hardware device means doing networking calculations on the CPU, which a"

No, I mean a commercial product that has discrete components to perform tasks. Any home type computer is mostly software defined. However the nic and other encryption chips may make one system much better for some network tasks.

The amount and method to encrypt data can allow most routers to manage data unless the encryption goes too high. In fact the most secure encryption can't easily be routed.

Last edited by jefro; 04-01-2020 at 02:47 PM.
 
Old 04-03-2020, 06:13 PM   #8
swapjim
LQ Newbie
 
Registered: Aug 2015
Posts: 10

Original Poster
Rep: Reputation: Disabled
Thank you.
 
Old 04-10-2020, 04:03 AM   #9
techpeat
LQ Newbie
 
Registered: Apr 2020
Location: usa
Posts: 3

Rep: Reputation: Disabled
I'd recommend pfSense. Insignificant equipment prerequisites and generally level expectations to absorb information with loads of help accessible on the web.

I've been running it both at home and set up numerous customers with pfSense based answers for their little workplaces and it is too steady and extraordinary to work with.
 
  


Reply

Tags
networking


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
hosting and ping samba server name as well as mail server name simultaneously cbekannan Linux - General 2 01-11-2005 12:11 AM
where to find net adapter name/macdriver name SeanatIL Linux - Hardware 1 07-15-2004 05:29 PM
How to extract the 16 byte source name field (Name to add) from the NetBIOS fram (NBF Bassam Linux - Networking 0 05-23-2004 04:58 AM
Computer name/Domain name changing tweselak Linux - Newbie 4 07-31-2003 03:29 PM
the mail account name must be login name ? LCD Linux - Software 0 03-19-2003 04:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration