[c-nsp] The Information 2-lane highway

Drew Einhorn drew at technteach.com
Wed Feb 16 20:19:58 EST 2005 

We've got a remote office where there's no dsl, no cable modem, no
budget for a T1.

We had a bad experience with a satellite isp.

We've got an isdn bri.  It's slow and relatively expensive but it's
the best we can get.  Lots of subtle problems disappeared when it
replaced the satellite link.

It's currently running on a (Yuck!!) 3com lanmodem.  Got a used
Cisco 804 with the ip fw plus feature set.  Got a free security
upgrade to 12.1(26) from Cisco.

Want/Need a complex configuration.  Not even sure what I am thinking
of is even possible on:

  Cisco 804 ios 12.1(26) ip fw plus

Want one channel of the bri "nailed up" 24/7.  Want one channel on
demand preemptible by voice/fax calls.  When both channels are up
they are bonded together for 128K.

    That shouldn't be too hard.  Might even be an example config
    file for this somewhere.

I'd like to bridge the bri and eth0 with a transparent firewall
on a publc static ip block from the isp.

    Don't know if this is possible with ios.  I know it is possible
    with iptables on Linux, or pf on OpenBSD.  Even if it is possible
    it may be more trouble that it's worth.

And I'd like to set up 4 level priority queueing.

  Priority 1:  ntp, voip

  Priority 2:  limited low bandwidth streaming audio/video.

  Normal Priority: http, ssh, etc.

  Low Priority: smtp, ftp, rsync, etc.

    This part should be fairly routine.  Might even find an example
    config that won't take too much adjusting.

    Will probably have a few asterisk, linksys, or supura boxes for
    voip.  Running high compression codecs to the outside world for
    voice.  Eventually we will only prempt a BRI channel for fax. 
    Can fit a few voice channels in the 64K we current lose when
    a single voice call preempts a bri channel.

    Not sure I know all the tricks for getting all the traffic into
    the right queues.  I think ntp and voip are pretty much restricted
    to standard port numbers.  Streaming audio/video can use
    non standard port numbers.  We probably want to demote normal
    priority connections to low priority if they exceed set data
    transfer limits.  And we may want to add some extra delay on the
    low priority queue.
    
Starting from a config generated by Fast Step 2.5a

Any corrections, comments, suggestions would be appreciated.  This
will probably keep me busy for a while.

Thanks, Drew

More information about the cisco-nsp mailing list