+ Post New Thread
Results 1 to 14 of 14
Internet Related/Filtering/Firewall Thread, Best use of multiple ADSL connections in Technical; Hello All, We're looking at how best to increase the amount of bandwidth the school has access to, both for ...
  1. #1

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,609
    Thank Post
    1,223
    Thanked 772 Times in 670 Posts
    Rep Power
    234

    Best use of multiple ADSL connections

    Hello All,

    We're looking at how best to increase the amount of bandwidth the school has access to, both for upload and download speed. We currently have one ADSL line at one end of the school that we use, and a second that I planned to get working with a nice new SmoothWall install.

    We now maybe have a bit more money to spend on this, so I'm looking at getting a third ADSL line installed next to the second one and taking advantage of our ISP's offer of two uncontended ADSL 2+ lines running at 9Mb/s download speed each.

    We want to make best use of all the bandwidth we'll have available. We'll have two lines next to each other offering 9Mb/s download and maybe 1Mb/s upload, and one line at the other end of the school offering 1Mb/s download and 512Kb/s(?) upload.

    What's the best solution? Obviously, we want any web access to go through a filter - seemingly we can have multiple copies of SmoothWall installed throughout the school, so that's not a problem. At some point, a load-balancing router would probably come in handy. Routers that sit in the centre of a network seem to be rather expensive, around 3,000+, but routers that sit at the edge of a network, where the Internet connection comes in, seem to be quite cheap, and we can probably just set up a Linux VM to act as a load-balancing router.

    Could I set up a load-balancing router with three network interfaces and have each seperate ADSL router port-forward incoming requests to a given network interface? If I do that, wouldn't I then have separate routers available on the network which users could connect to to get un-filtered Internet access? Can I set an ADSL router to refuse connections from anything except a trusted source? Can this only be done by (spoofable) MAC address? Is a VLAN the answer instead - set up a VLAN to take traffic from the ADSL router at one end of the school to the load-balancing router at the other end? Would this use up an excessive amount of our 2Gb/s backbone bandwidth?

    --
    David Hicks

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,755
    Thank Post
    825
    Thanked 1,661 Times in 1,446 Posts
    Blog Entries
    11
    Rep Power
    441
    Have you considered a leased line? It would be far better

  3. #3


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,458
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    David, are you on NG or SchoolGuardian? SG can handle 2 internet lines and lb web traffic. Advanced Firewall can handle ~19 and is a minimal cost upgrade from SG.

    Give me a call tomorrow so I can better understand your setup.

  4. #4

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,609
    Thank Post
    1,223
    Thanked 772 Times in 670 Posts
    Rep Power
    234
    Quote Originally Posted by FN-GM View Post
    Have you considered a leased line? It would be far better
    Better in what way?

    --
    David Hicks

  5. #5

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,609
    Thank Post
    1,223
    Thanked 772 Times in 670 Posts
    Rep Power
    234
    Quote Originally Posted by tom_newton View Post
    are you on NG or SchoolGuardian?
    We're currently evaluating SchoolGuardian. Advanced Firewall sounds like it might be the kind of thing we want - I'll give you a call tomorrow, then. Thanks.

    --
    David Hicks

  6. #6

    Join Date
    Aug 2009
    Posts
    33
    Thank Post
    3
    Thanked 10 Times in 10 Posts
    Rep Power
    11
    I have used Zeroshell for multiple ADSL/3g accounts and it does load balancing very nicely, but at the end of the day 2 or 3 adsl lines don't compare to 10/10mbit fiber

  7. Thanks to benaus from:

    dhicks (17th February 2010)

  8. #7

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,980
    Thank Post
    850
    Thanked 2,647 Times in 2,249 Posts
    Blog Entries
    9
    Rep Power
    763
    Quote Originally Posted by dhicks View Post
    Better in what way?
    A leased line will be more robust than DSL, maybe not if the DSL is through different providers with different DSLAMs though. It also offers up the bandwidth in one big chunk allowing for larger downloads to use more than the max bandwidth of one DSL line.

    Shareing the DSL lines as above gets you three completely seporate connections to the web so no single conversation with the web can use more than the max of one of the DSL lines at a time. You could somewhat get around this with the use of BGP but it is way overcomplicated for what you want to do and probably would not be supported by your ISP. No system that I am aware of can ballance out the usage across the lines in any more than a best effort fassion due to the persistance of TCP connections and the unknown usage patterns of individual users.

    Not saying it is not a viable idea but just highlighting what it actually provides. I would look at using a central filtering gateway like smoothwall above to share the connections as a distributed system would be even less able to spread the load in an optimized way.

  9. Thanks to SYNACK from:

    dhicks (17th February 2010)

  10. #8


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,458
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Quote Originally Posted by SYNACK View Post
    A leased line will be more robust than DSL, until it breaks and is just as broken
    There, fixed that for ya

    Had a BT man on the other day trying to sell me a leased line.

    BT Man: "Would you like a leased line, it is $$$$"
    Me: That's our entire connectivity budget, what about a backup line?
    BT: Err... this never breaks
    Me: What? Never?
    (this goes on for a while)
    BT: No, in all my years with BT I have never seen one break
    Me: Jeremy Beadle? Is that you?
    <click>

  11. Thanks to tom_newton from:

    dhicks (17th February 2010)

  12. #9
    pwds's Avatar
    Join Date
    Dec 2008
    Location
    Derby
    Posts
    279
    Thank Post
    73
    Thanked 48 Times in 38 Posts
    Rep Power
    20
    FWIW Most routers with a full SPI firewall will allow you to restrict traffic to one IP address. As I understand it, it is possible to spoof a sending IP, but it's not possible to establish communication from a spoofed IP for what are hopefully obvious reasons.

    There are various load balancing routers around although the Linux VM may well be a good option.

    Computers -> SM -> VM -> Routers

  13. Thanks to pwds from:

    dhicks (17th February 2010)

  14. #10


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,458
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    David, if you tried to catch me this aft - sorry, was called out unexpectedly. In as normal tomorrow though. I hope >

  15. #11

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,568
    Thank Post
    833
    Thanked 872 Times in 725 Posts
    Blog Entries
    9
    Rep Power
    324
    Just thinking aloud here...

    I'd probably look at 1 VLAN for each ADSL modem (maybe not the two together if the Router is going in the same location as they could plug straight into the router). I'd then go for a Linux box with 4 Nic. 3 Nics for each ADSL modem and 1 nic for your regular network.

    Block outgoing connections on port 80 and choose another port only known to your proxy server for web requests. Infact probably block all outgoing traffic by default and then scope some rules depending on what ports are needed.

    Depending on the spec of the linux box may even have the web proxy/filtering server running on the linux router box.

  16. Thanks to tmcd35 from:

    dhicks (17th February 2010)

  17. #12
    mmoseley's Avatar
    Join Date
    Apr 2007
    Location
    Birmingham
    Posts
    749
    Thank Post
    109
    Thanked 105 Times in 80 Posts
    Blog Entries
    2
    Rep Power
    43
    Quote Originally Posted by tom_newton View Post
    There, fixed that for ya

    Had a BT man on the other day trying to sell me a leased line.

    BT Man: "Would you like a leased line, it is $$$$"
    Me: That's our entire connectivity budget, what about a backup line?
    BT: Err... this never breaks
    Me: What? Never?
    (this goes on for a while)
    BT: No, in all my years with BT I have never seen one break
    Me: Jeremy Beadle? Is that you?
    <click>
    HA HA HA!

    Tom - we have two leased lines....and either 1 is always down!!!! Useless!!!!

  18. #13

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,609
    Thank Post
    1,223
    Thanked 772 Times in 670 Posts
    Rep Power
    234
    Quote Originally Posted by tmcd35 View Post
    I'd probably look at 1 VLAN for each ADSL modem (maybe not the two together if the Router is going in the same location as they could plug straight into the router). I'd then go for a Linux box with 4 Nic. 3 Nics for each ADSL modem and 1 nic for your regular network.
    That's rather what I'm thinking at the moment, too. I'd just need to run the one ADSL connection over a VLAN to bring it to the same location as the two others, then plug all three in to a Linux machine of some description. I'm actually rather thinking that this will be a VM running SmoothWall with three virtual interfaces - I'll try and get hold of Tom tomorrow and see if this si practical.

    --
    David Hicks

  19. #14

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,673
    Thank Post
    3,205
    Thanked 1,029 Times in 954 Posts
    Rep Power
    361
    Quote Originally Posted by dhicks View Post
    That's rather what I'm thinking at the moment, too. I'd just need to run the one ADSL connection over a VLAN to bring it to the same location as the two others, then plug all three in to a Linux machine of some description. I'm actually rather thinking that this will be a VM running SmoothWall with three virtual interfaces - I'll try and get hold of Tom tomorrow and see if this si practical.

    --
    David Hicks
    any chance you can let us know the outcome ( brief or whatever ) ??

    Thanks

SHARE:
+ Post New Thread

Similar Threads

  1. Disconnect multiple connections
    By neilmc in forum Windows Server 2000/2003
    Replies: 1
    Last Post: 19th January 2010, 10:41 AM
  2. Webmail and multiple connections
    By gshaw in forum Internet Related/Filtering/Firewall
    Replies: 1
    Last Post: 17th September 2009, 09:16 PM
  3. Draytek 3300 and Multiple ADSL
    By Richie1972 in forum Wireless Networks
    Replies: 20
    Last Post: 29th June 2009, 04:19 AM
  4. BT Phoneline and ADSL
    By Midget in forum Wireless Networks
    Replies: 15
    Last Post: 4th December 2006, 02:03 PM
  5. Dual ADSL connections
    By Simcfc73 in forum Wireless Networks
    Replies: 1
    Last Post: 9th March 2006, 09:19 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •