what's the name for what I want to do?

I want to do two things on my network and I need to know how they're called so I can start researching.

Here's what I want to do.

I've got a 100/10 (down/up) mbit line and I want to slice it into two parts: 80/9 and 20/1. Each part will go to a different switch and several machines will be behind each switch. So it will effectively become two separate networks.

There will be people doing gaming, VoIP, streaming, browsing, BitTorrent, etc, in each network and as I understand it gaming and VoIP need prioritization so as not to lag, so I need that too.

Additionally, it would be really nice if I could add a WiFi SSID to the first network and abide by the limits of the first network.

So, how are these two things called?

As a bonus, if you feel like it, you can give me some iptables rules I can start playing with.

What you're looking for is QOS. Your Linux box is your router?

No, I'll be buying some dedicated equipment for this task. It'll either be an off-the-shelf solution --some VDSL routers can do this and some can run OpenWRT-- or an ARM board that runs Linux or OpenBSD (I really liked pf in FreeBSD but it's lagging in comparison to OpenBSD's). There are pros and cons in both solutions.

Almost every soho device has QOS. There are other ways to "network shape" too.

If one has to have speed then a dedicated hardware device tends to have the most options down to how to route the traffic based on the first packet even. That tends to be commercial devices. Running a high quality home router with or without Openwrt/tomato/merlin sort of firmware may be OK for your needs.

Software solutions tend to be a bit slower but you'd need to know your needs.

Sometimes it a bit difficult to manage tcp/ip protocols if they don't use dedicated ports. There may be some solutions to that based on traffic inspection.

https://en.wikipedia.org/wiki/List_o...mware_projects

I'd suggest pfSense. Minimal hardware requirements and relatively flat learning curve with lots of support available online. I've been running it both at home and set up multiple clients with pfSense based solutions for their small offices and it is super stable and great to work with.

Quote:

Originally Posted by jefro If one has to have speed then a dedicated hardware device tends to have the most options down to how to route the traffic based on the first packet even. That tends to be commercial devices. Running a high quality home router with or without Openwrt/tomato/merlin sort of firmware may be OK for your needs. Software solutions tend to be a bit slower but you'd need to know your needs.

Hardware device means doing networking calculations on the CPU, which a cheap ARM board doesn't do?

A software solution is a firewall running without, lets say, CPU acceleration?

And 100mbits is borderline where a software solution would be okay?

Is this what you mean?

Quote:

Originally Posted by jefro Sometimes it a bit difficult to manage tcp/ip protocols if they don't use dedicated ports. There may be some solutions to that based on traffic inspection.

Today, almost all traffic is encrypted. I was betting that I would find the port of each service, or just simply prioritize anything UDP -- games and VoIP use UDP, right?

Quote:

Originally Posted by designator I'd suggest pfSense. Minimal hardware requirements and relatively flat learning curve with lots of support available online. I've been running it both at home and set up multiple clients with pfSense based solutions for their small offices and it is super stable and great to work with.

pfSense was my first thought but they did change the UI at some point and it became very complex for my taste, and they might do it again in the future. From a little searching I see that what I want to do is really simple, like 30 lines of iptables or pf commands, and it's going to stay like this. So a machine that runs *nix and loads 30 rules of firewall seems more robust. Another idea is to load pfSense, do the configurations I need and grab the pf lines it generates.

"Hardware device means doing networking calculations on the CPU, which a"

No, I mean a commercial product that has discrete components to perform tasks. Any home type computer is mostly software defined. However the nic and other encryption chips may make one system much better for some network tasks.

The amount and method to encrypt data can allow most routers to manage data unless the encryption goes too high. In fact the most secure encryption can't easily be routed.

Thank you.

I'd recommend pfSense. Insignificant equipment prerequisites and generally level expectations to absorb information with loads of help accessible on the web.

I've been running it both at home and set up numerous customers with pfSense based answers for their little workplaces and it is too steady and extraordinary to work with.