[Rack] Fwd: [Noisebridge-discuss] Omar: Please don't "re-build" the network

Jonathan Lassoff jof at thejof.com
Sat Oct 26 21:35:05 UTC 2013

On Fri, Oct 25, 2013 at 10:41 PM, Omar Zouai <ozouai.bavc at gmail.com> wrote:
> I agree, regressions are not a good thing. My main reason to implement a
> full blown server as a router is for traffic shaping and possibly image
> caching. It was stated that when the network was "broken", it was remarkably
> faster.

> Maybe I wasn't clear enough with my idea. Doing away with the switches are a
> terrible idea. We currently have 2 switches that connect almost all the
> equipment.
> My idea wasn't to get rid of them, but to change how they are used. The
> server could be running any flavor of Linux(my choice would be either Ubuntu
> Enterprise Cloud, or straight up Debian. but this looks promising
> http://www.zentyal.org/server/, maybe that could be up while we configure
> our own version?), and DNAT could be achieved with IPtables. First, the line
> from the ISP(s) would be connected to a small switch, then that switch would
> in turn be plugged into the server. The server would then have 2 other
> NICs(one builtin, and 2 PCI), one of them would run equipment that would be
> like Minotaur, the door, Pony, Stallion, Mode-S, etc. These systems would
> have more upstream bandwidth allocated to them. The next subnet would be for
> NoiseBridge users, they would have more downstream bandwidth, and possibly
> an image cache(Squid3) to reduce network load while surfing the web.
> Then, the 2 switches would have their respective networks, and would branch
> off to their clients. All the equipment except for BikeShed would still be
> there.
> Again, I've implemented a similar network in my home. My modem feeds
> straight to my linux box, then I have it connected to a gigabit switch,
> which then in turn connects to all my devices. Squid3 caches all static
> images that are requested without https(haven't configured an ssl bump yet),
> and serves them locally out of Apache2. DNAT is setup with IPtables, and the
> only ports forwarded are to my Xbox.
> This is still just my preliminary idea, there is still a lot more room for
> improvement.

Take a look at how bikeshed and minotaur are configured.
We already do traffic shaping and rate controls to ensure fairness and
to prioritize latency-sensitive applications.

It's true that we don't do any transparent HTTP caching. I generally
shied away from the idea because hackers generally don't like it when
there are boxes monitoring their traffic and forcing their "help". If
it's transparent, there's no way to opt out. A local SOCKS service
could accomplish the same goal, but would only have a benefit if a
large number of users opted in, *and* view the same content.
My goal for the IP connectivity at the space is to share the transit
paths fairly, and to just get users out to the internet and local
resources with minimal magic or hidden functionality.
> _______________________________________________
> Rack mailing list
> Rack at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/rack

More information about the Rack mailing list