|
||||||||
Greetings, In the near future I may need to configure a network for two separate organizations that are to share a single T3 line. All of the hardware and administrative responsibilities will need to be separate. What I need right now is to come up with a good way to implement that separation, but allow us to share the network connection with minimal headache. Right now, I'm thinking about setting up about setting up a Soekris net5501 with m0n0wall as our main gateway. The system would have three network interfaces - one external, and two for our separate networks. This system would not be doing any packet filtering, it will simply forward traffic received for a given IP to either one or the other internal interface - completely transparent. That part should be straightforward. What I need help with is figuring out how to share bandwidth evenly. As I mentioned, we have a T3 line that both organizations are paying for. We can't have a situation where one of the networks is monopolizing the available bandwidth. At the same time, I don't want to do a hard 50/50 allocation, since that's just wasteful. I need some traffic shaping policy that will allow either of the networks to consume 100% of the bandwidth when the other side is using none of it, but throttling should kick in as soon as someone on the other side begins sending or receiving data. Allocation should be 50/50 only when both sides are using the link. Can this be done with m0n0wall, and if so, can you give me a general idea of how to do this? On a side note, do you see any problems with using net5501 and/or m0n0wall to route traffic on a T3 line? I think since no filtering is being done there should not be any problems with performance. Each organization will set up their own firewall behind this router, but as for the router itself, it's a single point of failure for both networks, so I thought the simpler the better. Thanks for any advice, Max |