In the near future I may need to configure a network for two separate
organizations that are to share a single T3 line. All of the hardware
and administrative responsibilities will need to be separate. What I
need right now is to come up with a good way to implement that
separation, but allow us to share the network connection with minimal
Right now, I'm thinking about setting up about setting up a Soekris
net5501 with m0n0wall as our main gateway. The system would have three
network interfaces - one external, and two for our separate networks.
This system would not be doing any packet filtering, it will simply
forward traffic received for a given IP to either one or the other
internal interface - completely transparent.
That part should be straightforward. What I need help with is figuring
out how to share bandwidth evenly. As I mentioned, we have a T3 line
that both organizations are paying for. We can't have a situation
where one of the networks is monopolizing the available bandwidth. At
the same time, I don't want to do a hard 50/50 allocation, since
that's just wasteful. I need some traffic shaping policy that will
allow either of the networks to consume 100% of the bandwidth when the
other side is using none of it, but throttling should kick in as soon
as someone on the other side begins sending or receiving data.
Allocation should be 50/50 only when both sides are using the link.
Can this be done with m0n0wall, and if so, can you give me a general
idea of how to do this?
On a side note, do you see any problems with using net5501 and/or
m0n0wall to route traffic on a T3 line? I think since no filtering is
being done there should not be any problems with performance. Each
organization will set up their own firewall behind this router, but as
for the router itself, it's a single point of failure for both
networks, so I thought the simpler the better.
Thanks for any advice,