[LUAU] TCP/IP WANs

Sat Jan 2 13:20:16 PST 1999

There have been lots of good suggestions about this.  There seem
to be several questions, and I'd like to just kind of recap.
Here is things as I see it.

What physical links are available for WANs?
Suggestions so far:
1) DSL
2) Cable modem
3) Frame relay

There are a number of other things to consider.  How WA is this WAN?
Between buildings downtown?  To the mainland?  How much bandwidth 
will be needed?  What kind of reliability are we shooting for?  What
kind of latency do you need?

At first, cable modem seems like a good plan assuming you do the
business route with oceanic.  However, in the last 2 weeks I've been
in hawaii, we're shooting about 30% uptime with our cable modem.
I think it has been working only 3 or 4 days out of the 2 weeks.
Support response time has been infinite.  No response other than
pre recorded messages.  Not great if you want to run a business by
this.

DSL is a great low to medium bandwidth solution.  Latency isn't that bad,
its relativly cheap (at least in boulder it is $60 with ISP charges included).
GTE reliability in my experience has been twice that of Oceanic (60% uptime),
and support response time has been about the same.  Still not good enough
to reliably run a business by.  

Frame relay is a good low bandwidth solution as well.  More reliable than
ISDN.  I havn't had experience with hawaii frame relay lines, but I think
it was at least bearable for Ed when he was here.

If the points to connect are within three miles of each other, you can
bypass the phone companies and cable companies and isp's all together.
You can get unidirectional wireless at 1mbit for $2000 per transmitter.
Downside of this is you need access to the roof of your building.
Some people won't like the idea that there is no one else to blame for
the link going down, but personally I think this is a feature.  I have
these for a 1mbit link from home to work, in boulder.
You can also get 1mile range with an omni-directional antenna.

If each office you wish to connect already has descent net connections,
two linux boxen running ipsec can easily create a VPN.  Thing to remember with
VPN is that it will not use the physical network as efficiently.
NT can also do "VPN", although it is really just VN.

A T1 may also be a possibility.  You are officially Big Time(tm) if you have
point to point T1 intranet.  This is expensive.

As for what hardware is needed, it usually doesn't matter.  Any link you
get, you won't have a whole lot of choice in the hardware.  In most cases,
the installation fee includes two identical sets of hardware.  Either
just a cable modem, or csu/dsu's and routers, or whatever.  You must buy
the equipment the provider supports, and you must buy two sets, one for you
and one for them.  This cost is usually trivial compared to the cost of the
actual link.

Now, the second question seems to be what can linux do in these situations.
This should not even be considered until after the networking needs have
been established.
Linux can do the firewalling, gatewaying, VPN, whatever, for all links up
to a T3 or DS3.  The only reason I would recommend Linux for this job is
if the support staff all is more familiar with linux than any of the
alternatives.  First choice would be a real router such as a Cisco 2500
series router.  The reason is because of reliability and standardization.
Like it or not, Cisco is what people expect to find if the current support
staff is either supplimented or replaced.  Also, a real router is much
more reliable than PC hardware.  Everything from the power supply to the
fact that there is no filesystem to hose.
However, if you must go with a PC and familiarity with the OS isn't much of
a factor, NetBSD has the best packet filtering code out there.

Good luck.
Rob