Zero Shell Implementation Scenarios



Similar documents
Using ZeroShell as a NetBalancer, QoS server & Captive Portal.

Networking Topology For Your System

Edgewater Routers User Guide

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011

Edgewater Routers User Guide

Network Virtualization and Data Center Networks Data Center Virtualization - Basics. Qin Yin Fall Semester 2013

Hosted Voice. Best Practice Recommendations for VoIP Deployments

Optimizing Enterprise Network Bandwidth For Security Applications. Improving Performance Using Antaira s Management Features

Layer 3 Network + Dedicated Internet Connectivity

Campus Network Best Practices: Core and Edge Networks

NComputing L-Series LAN Deployment

ADVANCED NETWORK CONFIGURATION GUIDE

Vocia MS-1 Network Considerations for VoIP. Vocia MS-1 and Network Port Configuration. VoIP Network Switch. Control Network Switch

Implementation of Virtual Local Area Network using network simulator

HOSTED VOICE Bring Your Own Bandwidth & Remote Worker. Install and Best Practices Guide

Exhibit n.2: The layers of a hierarchical network


Walmart s Data Center. Amadeus Data Center. Google s Data Center. Data Center Evolution 1.0. Data Center Evolution 2.0

Region 10 Videoconference Network (R10VN)

Microsoft Exchange Solutions on VMware

Secured Voice over VPN Tunnel and QoS. Feature Paper

Configuring an efficient QoS Map

Burning Bridges - Routing Your Bridged WISP Network With MikroTik

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Lab Diagramming Intranet Traffic Flows

1.1. Abstract VPN Overview

Introduction. Technology background

Leased Line + Remote Dial-in connectivity

Lab Diagramming External Traffic Flows

Ranch Networks for Hosted Data Centers

Voice Over IP. MultiFlow IP Phone # 3071 Subnet # Subnet Mask IP address Telephone.

Procedure: You can find the problem sheet on Drive D: of the lab PCs. Part 1: Router & Switch

VIA COLLAGE Deployment Guide

Vidyo Network Configuration Guide Windows XP and Vista

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

Truffle Broadband Bonding Network Appliance

Expert Reference Series of White Papers. Cisco TelePresence Zones

Quality of Service. Traditional Nonconverged Network. Traditional data traffic characteristics:

IP SAN Best Practices

CCNP SWITCH: Implementing High Availability and Redundancy in a Campus Network

CCNA Discovery: Designing and Supporting Computer Networks

Cisco PIX vs. Checkpoint Firewall

LAN Planning Guide LAST UPDATED: 1 May LAN Planning Guide

The need for bandwidth management and QoS control when using public or shared networks for disaster relief work

Network Considerations for IP Video

July, Figure 1. Intuitive, user-friendly web-based (HTML) interface.

Lab Testing Summary Report

VoIP technology employs several network protocols such as MGCP, SDP, H323, SIP.

How To Use The Cisco Wide Area Application Services (Waas) Network Module

The Advantages of Using EIGRP on an Enterprise Network

Data Sheet. V-Net Link 700 C Series Link Load Balancer. V-NetLink:Link Load Balancing Solution from VIAEDGE

Elfiq Networks Vital for Hospitality

How To Configure InterVLAN Routing on Layer 3 Switches

QoS in PAN-OS. Tech Note PAN-OS 4.1. Revision A 2011, Palo Alto Networks, Inc.

Deployments and Tests in an iscsi SAN

Carrier Ethernet: New Game Plan for Media Converters

Part-1: SERVER AND PC

Feature Support Cisco 2960 Cisco 2960S Brocade ICX 6450 Brocade ICX GE SFP, 2 10GE SFP+, 4 1GE SFP, 2 DUAL PURPOSE PORTS, 1GE OR SFP

Router and Routing Basics

Best Practice Recommendations for Implementing VLANs in a ShoreTel VoIP Environment with IP Phones

1.. Know the capabilities of the network system you are going to be adding cameras and/or DVR s to. Meaning, know if the present LAN has the

KFUPM Enterprise Network. Sadiq M. Sait

Best Practices: Pass-Through w/bypass (Bridge Mode)

IP videoconferencing solution with ProCurve switches and Tandberg terminals

Datasheet. Enterprise Gateway Router with Gigabit Ethernet. Models: USG, USG-PRO-4. Advanced Security, Monitoring, and Management

vsphere Networking vsphere 6.0 ESXi 6.0 vcenter Server 6.0 EN

Voice Over IP Performance Assurance

Layer 2 Network Encryption where safety is not an optical illusion Marko Bobinac SafeNet PreSales Engineer

Digi Certified Transport Technician Training Course (DCTT)

Dante: Know It, Use It, Troubleshoot It.

This chapter covers four comprehensive scenarios that draw on several design topics covered in this book:

Lab Testing Summary Report

L-Series LAN Provisioning Best Practices for Local Area Network Deployment. Introduction. L-Series Network Provisioning

EXINDA NETWORKS. Deployment Topologies

Skype Connect Requirements Guide

Zeroshell as filtering bridge with connection tracking log and HAVP proxy

What s New in VMware vsphere 5.5 Networking

ethernet services for multi-site connectivity security, performance, ip transparency

Application Note Gigabit Ethernet Port Modes

Redundancy and load balancing at L3 in Local Area Networks. Fulvio Risso Politecnico di Torino

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

If you already have your SAN infrastructure in place, you can skip this section.

Advanced routing scenarios POLICY BASED ROUTING: CONCEPTS AND LINUX IMPLEMENTATION

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

10.4. Multiple Connections to the Internet

vsphere Networking vsphere 5.5 ESXi 5.5 vcenter Server 5.5 EN

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version Rev.

I3: Maximizing Packet Capture Performance. Andrew Brown

ThinkTel SIP Trunks on UCP & emg80-p2

Quick Note 53. Ethernet to W-WAN failover with logical Ethernet interface.

Packet Tracer - Subnetting Scenario 1 (Instructor Version)

Development of the FITELnet-G20 Metro Edge Router

Netgear TA612VMNF & TA612VLD Netgear WGR613VAL. Quality of Service (QOS) function

Cisco Certified Network Associate (CCNA) Cisco Certified Network Associate (CCNA)

An Oracle Technical White Paper November Oracle Solaris 11 Network Virtualization and Network Resource Management

MyPBX. The All-in-One Business PBX with Advanced Features and Low Cost Calls.

A Study of Network Security Systems

Building Effective Firewalls with MikroTik P R E S E N T E D B Y: R I C K F R E Y, N E T W O R K E N G I N E E R I P A R C H I T E C H S O P E R AT I

Transcription:

Zero Shell Implementation Scenarios June 3 2011 By the time that this document was written, the latest ZS version was 1.0.14b In this Document you may find some of the Implemented but not thoroughly tested Scenarios. There are no Configuration Screen Shots (Routing-Netbalancer, Bridging-QoS etc) / Captures, as these can be found on-line. The CPU Overhead for the Scenarios may vary based on CPU of the ZS box, traffic, Total QoS Classification rules, type of and number of QoS Classification Rules etc. THIS IS NOT A TUTORIAL, the scenarios are just WiFs (What If) and/or HOWTO meaning food for thought. Your best friend is always try and error ;-) As a rule of thumb have always in mind that your implementation should be KISS ed (Keep It Simple Stupid), redundant (Less SPOFs Single Point Of failure- is a better and cheaper choice than All in One Box ) and scalable. In order to Implement any of the scenarios you don t need in depth knowledge of Networking nor *NIX (Thanks to Fulvio s excellent work) BUT you must not be a complete newbie If you are (a novice-newbie) then first do your homework In the forthcoming scenarios I ve used some low end hardware: - ZS Boxes: AMD Athlon 64x2 3800+ with 1GB Ram and 4GB USB Flash cards (I ve only changed partitions sizes based on some nice posts in the forum) - Cisco Catalyst 3560 L2/3 Switch you may use another L2/3 Switch or a router - Cisco 1800 Router - A Low end 8 Port Gigabit Switch (Level one GSW-0807) - adsl Modem/Routers from various manufacturers The network for which I ve implemented the scenarios is a: 40 Work Stations, 11 adsl (From 4 different ISPs) and the users are hungry for surfing, real time video, voice chat (Mostly Skype, but also MSN), gaming (They re getting paid for that!!! ) and real time stocks viewing. No other ZS Services are used, except of Routing/Load Balancing, QoS and Bridging. The ZeroShell versions used: 1.0.12b + athelings patch (for Implementing QoS AND Load balancing) and 1.0.14b These were all the facts. Happy reading Regards, Steve.

Scenario 1 (Sub Scenarios 1.1.0, 1.1.1 & 1.2) Sub Scenario 1.1.0 ZS Versions. A) 1.0.12b + athelings Patch B) 1.0.14.b Needs: a) Redundancy if something goes wrong the services should continue to be serviced although there will be some degradation. b) The VIP Customers (Actually the board members ) and Services (Games) must have VIP treatment meaning there must be a router with 2 (At least) connections servicing ONLY them. In order to accomplish that, we re using a Cisco 3560 that does PBR (Policy Based Routing) based on IP Ranges and protocols/ports. Fact: Not all ADSL Links have the same Upload/Download Bandwidth For Simplicity the Logical Network layout Map, does not contain all the ISP Links. In reality the ZS box that does the Load balance, has 5x2 Ports NICs. In the Network Diagram you will see that the First ZS Box works in Bridged mode QoS and it s placed BEFORE the GW. Why? 1) We need our GW (Cisco 3560) to route the priority packets first. So according to our QoS Rules Configuration (Classifier), the VIP IP Ranges and the VIP ports/protocols are tagged as Priority High (Class Manager, Class VIP) so they re serviced/forwarded first. 2) We need to offload the Second ZS Box that already does a lot!!! Load Balancing AND QoS for 9 Uplinks!!! So, the 1 st ZS Box does Prioritization for Outgoing Packets of Eth1 and also does traffic Shaping for incoming (For the LAN) packets actually the LAN incoming packets are outgoing packets for Eth2, I m clarifying this for people not having big experience (But you should already know that QoS,/Traffic Shaping can be applied only to outgoing packets didn t know that? DO YOUR HOMEWORK and then continue reading ) Now, regarding the 2 nd ZS Box, In order to do its duty, I had to usezs 1.0.12b. atheling s patch. The box is servicing as a Load balancer for Unequal cost Bandwidth Lines, for that reason I also needed QoS and traffic Shaping. But, as you may observe from the Network map, I m Traffic Shaping ONLY the outgoing packets TO the ISPs without applying QoS on the Eth2 (Facing the LAN).Traffic Shaping for incoming (for the LAN) packets, is done by the 1 st box as mentioned above. Scenario 1.1.0 Logical Network Topology Map:

Now, if you ask me: Was this the best implementation you could do? The answer is: It was the best for the time. A better one would be the one with 3 or 4 ZS Boxes (For redundancy + Less CPU Power/Box) where the first layer Load balance would be done by the catalyst 3560 (Without any prioritization or/and QoS). But, If you ask me: Was this the simplest implementation you could do? The answer is: No, there is a simpler (According to the needs) that is the upcoming scenario 1.2 If you ask: Is it right to put the QoS ZS Box (ZS0) before or after the GW? The answer is: According to our needs, this is right, but you can put it after the GW. As a matter of fact, if you read Fulvio s Documents and/or Forum posts, you will see that the recommended place for the QoS ZS box is after the GW. There is no correct or wrong approach; it depends of your needs. There are almost always more than one solution in Networking and that s one of the beauties Now, take a look of the Logical Network Layout Map for the second approach, just a Map, no words to write. Scenario 1.1.1 Logical Network Topology Map:

Sub Scenario 1.2 The needs for scenario 1.2 are exactly the same as scenario 1.1, but we needed to calm down the 2 nd (ZS1) ZS box (It had some CPU peaks up to 82% => lag everywhere ) plus a key factor#1 (The uploading Bandwidth) seems that can be manipulated easy and the key factor#2) (Downloading Bandwidth) doesn t seem to work bad (The are no Bottlenecks on the uplinks/downlinks nor Skype / MSN Voice-Video Drops, despite the huge amount of P2P downloading. Well, when P2P goes beyond 60Mb there are CPU peaks of up to 82% as I said before). Our first concern was the CPU Power of the 2 nd (ZS1) ZS Box, the second concern was the unequal cost Bandwidth between the many ISP Links, and the third concern was the Uploading bandwidth -> will there be enough bandwidth for Voice/Video Chat or the P2P will eat up everything? Regarding the first concern, we gave up QoS-Traffic Shaping the Outgoing TO the ISPs packets on the 2 nd (ZS1) ZS Box. Regarding the second concern, we did some upgrades and all the ISP Links are almost equal and there are no bottlenecks (OK we are lucky for the bottlenecks), regarding the third concern, the answer was pretty easy Traffic shape (Limit) the Outgoing P2P to an amount of less or equal than 1/6 of the total outgoing bandwidth of all the connections (Sorry for being rude to the community of P2Ps )!!! Some of our Uplinks are 512Kb and some 763Kb+. We gave a max of 800Kb to P2P and now we re sure that there will no bottlenecks in any of the uplinks. So, now the 1 st (ZS0) ZS box is the traffic shaper and QoS Prioritization and the 2 nd ZS box is just a Load balancer. By removing the QoS-Traffic Shaping on the 1 st (ZS0) ZS Box we ve manage to calm down the CPU. We ve also removed 4 of the 5 Dual Port NICs, introduced a low level Lan Switch to the topology and all the ISP modem/routers on the same IP Segment. Have a look at the Logical Network Topology Map for this scenario, it s almost the same as scenario 0, different colors on the links between ZS2 and the ISPs + a Low budget Unmanaged LAN Switch. For this Scenario we don t actually need atheling s patch, but we left the ZS Version unattached (1.0.12b with patch) Scenario 1.2 Logical Network Topology Map:

Now, If you ask me: Is there an even better (but not simple) implementation? The answer is: There is always a better one, almost the ultimate (According to the needs) that is the upcoming scenario 2, but not in this document stay tuned. Thanks for reading Regards Steve P.S: This is a draft Document, written in hurry. A reader with basic networking knowledge (Basic IP, Subneting and routing Knowledge) or a pre-ccna or CCNA Certified Engineer should have no problems understanding the Logical Network Layouts (Are you a CCNP, CCIE, JNCP engineer? Then you ve already set up your ZS Boxes and you re just curious seeing what others do ). A reader knowing only to Configure IP Address on A windows box with a subnet of /24 -> 255.255.255.0 should first do his homework

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information