[ previous ] [ next ] [ threads ]
 
 From:  "Mitch \(WebCob\)" <mitch at webcob dot com>
 To:  "Peter Curran" <peter at closeconsultants dot com>, "Chris Bagnall" <m0n0wall at minotaur dot cc>, "Hugo Hamel" <hhamel at privalodc dot com>, "Pauline Middelink" <middelink at polyware dot nl>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] RE : [m0n0wall] Re: ATM WAS RE: [m0n0wall] RE : [m0n0wall] Traffic Shaping issue
 Date:  Wed, 28 Jul 2004 09:37:58 -0700
> You are absolutely correct.  The reason is because BT uses an ATM network
> for its data services and all ADSL retailers in the UK are either BT or
> wholesalers of the BT service.  (There are a couple of exceptions who
> actually put their own kit in the exchanges, but that is rare).
>
> Irrespective of your ADSL provider, 99.99% of the time you are being
> authenticated by a BT server and then routed across the BT ATM network to
> the ISP (ADSL provider) of your choice.
>
> BT only use PPPoA.
>
> ATM is expensive, unless you can acheive an economy of scale -
> which you can
> if you are BT.  (I should point point out at this point that ATM was
> designed by and for the large telcos - any idea that ATM should be used by
> anybody else is marketing BS :-)

This is the same scenario here I think.

At least I have some comfort that I'm not alone!

Vancouver Canada here ;-)

Before someone says "HEY take this off topic stuff off list", I'll repeat,
that I want to use monowall at all my end points, which I think (by a hair)
keeps me on topic ;-)

We are currently using the services of an ADSL wholesaler who buys their
service from the local telco. The telco owns the dslams and the ATM ring
that goes around the province. We get a port mapped to a vlan which
currently winds up with our traffic going to our ISP's router. My
understanding is that each of these ports, due to the vlan connection, can't
communicate directly with each other - only with the assigned head end
router, which for whatever reason is not smart enough to retransmit traffic
back out the same interface to a different IP to allow the clients to
communicate UNLESS they are on different subnets.

So... suggestions?

I want to take over that head end routing function. I am considering a
FreeBSD box in that location. I apparently have freedom of options for how I
connect my clients (currently a mismash of small cheap routers, hopefully
all converting to mono's)...

Some of the clients are mono's
Some are linksys / smc etc.

A common option is either DHCP / Static IP assignment

OR

PPPoE.

I COULD use private addresses and subnets, aliasing gateway addresses on the
FreeBSD box at the ISP colo, not sure this would work... I could do 1:1
natting there for their intended public address to allow port forwarding to
work to their router...

I could use PPPoE, but not sure how much load this would put on the central
router...

I could do things as they are now, with each box unable to communicate with
each other, and use OpenVPN's central hub support to selectively route and
firewall traffic between VPN end points...

Given the situation, are there any recommendations? I've never played with
PPPoE - isp's here don't use it... I'm not sure if FreeBSD will retransmit /
route traffic from two different subnets back out the same interface it came
in on...

The analogy I've used in the past (and confused some people, so if it
doesn't help, ignore it)...

Consider a vlan capable switch.

Port 1 is connected to my central router.
Port 2 - 24 are connected to clients.
Each client port (2 - 24) has a vlan with Port 1. I want to plug mono in at
each of the 2-24 ports, and something on FreeBSD at port 1. I want to be
able to allow traffic (all, filtered prefered) to travel between any two
ports (2-24) but this must be handled by the router on port 1. I can't
change this - it's the way the telco provides things.

Thanks for all your help so far - at least I know I'm not alone ;-)

m/