[WBEL-users] Layer 3 Routing

Jeff O'Brien jobrien at ntisys.com
Mon Jun 5 07:34:12 CDT 2006 

Alon,

I think what they meant by layer 3, is the actual routing protocols as 
in OSPF(open shortest path first), RIPv1/v2 (routing information 
protocol) or whatever else, considering this NOC probably uses cisco or 
some other "routers".  In which case there are daemons like routed and 
zebra you may want to check out.  There are premade linux routers with 
such protocol support built in.  check out:

http://www.coyotelinux.com/   --Ive heard and seen great things done 
with this.

Google'ing for linux routers should put you on the right track.

-Jeff O'Brien


Alon wrote:

> Hi Terry,
>
> The reason I indicated the hardware that is apparently by-far an 
> overkill is due to the fact that I simply happen to have
> 6 systems with that configuration (I purchased 8 identical hw config). 
> So the money is already out of pocket and it is
> just a matter of putting the hardware to good use.
> I'll use IDE instead of SATA if that is preferred work settings (I 
> have few configurations with IDE and few with SATA
> so again it is immaterial for me to use one or the other).
> YES!  part of the reasons I want to go with the linux box option is 
> due to the fact that THIS IS MY GATEWAY!
> If that breaks,. I'm dead in the water with 30 servers disconnected 
> and probably hundreds of calls of angry customers
> complaining about this.
> So,. having a generic box that I can replicate and keep as a spare is 
> exactly how I want to approach this.
> If all it would take to switch between the systems is just moving the 
> physical wires from one machine to the next,. then I'm
> very happy with such a solution.
> And yes.. labeling with colors of To-NOC  / To-Cabinet is easy to to do.
>
> Focusing specifically on the Network Layer 3 Routing setup steps 
> (taken from Vic's reply):
>
> 1) Install WBEL
> Version 3 or 4 does it matter?
> Desktop? Server? GUI? Non GUI?
> Up until today I've only used WBEL for webhosting and used DirectAdmin 
> with a Server shell command only.
>
> 2) Install Webmin
> Webmin - is that part of the WBEL or is this a diff software that I 
> need to install?
>
> 3) Go to Webmin->Networking->Network Configuration->Routing and Gateways
> 4) Add routes to your heart's content :-)
> Is there any indication there for a Layer 3 Routing or is this 
> transparent?
>
> Thanks,
>
> - Alon
> js at wsco.com
>
>
> From: "Terry Henderson"
> To: "Alon" <js at wsco.com>
> Sent: Saturday, June 03, 2006 4:34 PM
> Subject: Re: [WBEL-users] Layer 3 Routing
>
>
>> On 6/2/06, Alon <js at wsco.com> wrote:
>>
>>>
>>>
>>> Hi All,
>>>
>>> This is not a WBEL specific question, but I thought perhaps you 
>>> could throw
>>> some pointers on how to address this:
>>>
>>> I want to move to a new NOC that has all the bells and whistles that 
>>> I want
>>> including a better pricing per server (if I take a full cabinet).
>>> However, the NOC requires me to manage my own gateway and as a 
>>> requirement I
>>> need to have a Layer 3 Routing box.
>>>
>>> They love to offer various ready-out of the box solutions which are 
>>> very
>>> nice and of course are very costly:
>>>
>>> Fortigate 200A is a solution they propose. This solution offers not 
>>> just
>>> Layer 3 Routing, but also adds a Firewall, SpamChild and Anti-Virus and
>>> DDoS protection.
>>>
>>> While all the additives are great,.. except the Firewall, there is 
>>> really no
>>> added value to my specific needs.
>>>
>>> So,. I am looking to 'build' my own Layer 3 Router with Firewall and it
>>> seems that Linux is the perfect suite for this device.
>>>
>>> With that said,. I'm a newbie when it all comes down to Routing and 
>>> IP mgmt.
>>> Until today all my IP mgmt were basically narrowed to:  Setup --> 
>>> Network
>>> Mgmt --> set IP, DNS and Gateway values.  And occionly
>>> add few more IPs to the server, and even that was done via DirectAdmin
>>> control panel.
>>>
>>> So,. I'm looking to learn a bit more about how to create my 'own 
>>> Layer 3
>>> Routing Gateway'.
>>>
>>> The hardware that will be used as a dedicated box is:  Pentium 4 
>>> 3.0Ghz with
>>> 2MB Cache, 1GB of RAM and 80GB SATA HD.
>>> I'll add 2 Gbit network PCI cards to the onboard 10/100 NIC.
>>> I was told this will probably be even an Overkill with regards of 
>>> Layer 3
>>> Routing Gateway needs.
>>> My regular total MRTG traffic stands at about 30MB with peeks of 
>>> 70MB at
>>> times.
>>>
>>
>> That is somewhat of an overkill. You would do just fine with a LOT
>> less. Like a 500M or 1G processor with 256-512M ram and a 5-10G HD.
>> And I use IDE or SCSI drives not SATA.  It's best to customize the
>> hardware to fit application needs.
>>
>> What I like is a par of [low end] machines all set up and ready,
>> sitting there side by side, but only one is plugged into the network.
>> (Preferably identical.)
>> I label the NICs with a black magic marker so that there's no
>> confusion, and I also label the cables  (mine are labeled, RED GREEN
>> ORANGE & BLUE).
>> Although it only takes 15 minutes to re-install and load up the
>> back-up config files to re-create your firewall should  you ever have
>> some sort of hardware failure, you would first have to go out and get
>> the broken part, and besides that, if you're not around, someone else
>> can just swap the cables over and power up the backup machine and your
>> back in business.
>>
>> The back-up configuration file takes care of all network address
>> assignments and all other special configurations to that point, such
>> as opening ports for particular users, special configurations for your
>> various servers, etc.. ALL of it is backed up on a single file that
>> will be automatically uncompressed and it's files dispersed to proper
>> locations.
>>
>> Having two identical machines sitting there side by side is best
>> though [IMO].  Although I've yet to have a one fail, it's nice to know
>> it's there and ready to go, and that there's plenty of time to fix the
>> problem.  And besides,  if you ever need to take the machine down for
>> some sort of service ... bearings go out in a fan or ... well you can
>> see what I mean, it's just nice to have.
>>
>> The backup feature is nice to use.  With a click of a mouse, IPCop
>> will create a complete set of backup config files that you save on a
>> separate machine that you can load on another machine after the
>> re-install process, and you can do it with or without hardware config,
>> (you only use hardware configuration if the machines are identical) -
>> and in the end, you've built a new firewall in only 15 minutes and
>> it's ready to use.
>>
>> It will also create backup on floppy and you use the floppy during the
>> re-install process but it does hardware configuration and it either
>> has to be the same machine or one with identical hardware, (and that
>> means identical NICs too).
>>
>>> I do want to have the active firewall present with packet stateful
>>> inspection and whatever I throw in to better protect my network.
>>>
>>> But other than that,. I don't have any more demands.
>>>
>>> Can you suggest of a ready made solution or give me pointers of how to
>>> approach this?
>>>
>>> For firewall solutions I was told about:  http://ipcop.org    Has 
>>> anyone had
>>> experience with this?
>>>
>>> Thanks,
>>>
>>> -Alon.
>>>
>>> _______________________________________________
>>> Whitebox-users mailing list
>>> Whitebox-users at beau.org
>>> http://beau.org/mailman/listinfo/whitebox-users
>>>
>>>
>>>
>>
>>
>> -- 
>> Registered Linux User 188099
>>                  <><
>>
>
> _______________________________________________
> Whitebox-users mailing list
> Whitebox-users at beau.org
> http://beau.org/mailman/listinfo/whitebox-users

More information about the Whitebox-users mailing list