Rate limiting and Vlan

[people3]

Hi All,

We recently moved into a new office and have had a 10mb leased line installed.

We would like to securely share this internet connection with 2 other companies.

Each company has their own firewall and router and each company has their own static IP.

We need to limit the 10mb so each company has their own limit (so one company does not use all the 10mb)

company 1 has 2mb
company 2 has 4mb
company 3 has 4mb

Is the best way to do this to use a rate limiting switch and vlan the ports?

Our connection into the building is fiber into a Cisco router, I assume this will plug into the switch which can then be connected to the companies firewall.

If this can be done, what switch would people recommend?

Hope this makes sense.

 

[unclerico]

what kind of switch??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[unclerico]

Rate limiting is extemely easy; however, it's just a small portion of your overall implementation. Let me back up and ask this:
- What model router will you be using??
- What size CIDR block have you been assigned??
- Will you (meaning you personally) be controlling the main CE router??
- Is there a requirement for access from the outside for such things as a web server, e-mail, vpn, etc??
- Is high availability a requirement??


I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[people3]

Hi, Thanks for the replys.

We have a Cisco 1800 router that is provided by BT - this is not managed by us by BT.

At present this then connects to an unmanaged switch (netgear).

Into this switch we have our Cisco pix 516 plugged in using External IP's for several functions (mail, web, ssl)

Also into the switch is another company’s router \ firewall on a separate external IP address.

This setup works fine at the moment as we don't use all the available bandwidth but adding another company this many change so we would like to limit it.

In total we have 16 External Ip address (subnet 255.255.255.240)

 

[unclerico]

If you were to replace that netgear with a managed switch that is QoS enabled then absolutely you'd be able to limit the traffic (a 2960 or a 3560 would work nicely). Depending on which switch model you went with you could either police the traffic orshape it according to your requirements. If you need help in configuring it we're here to help.

There are two problems I can see with this though:
1) Multiple single-points of failure (if that makes sense). If you lose the switch all three companies are down. If you lose the CE router all three companies are down
2) With only a single uplink to the router there will be contention so at peak times you may see performance degrade

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[people3]

Hi,

Thanks for the advice.

I understand what you mean by single points of failure, but we have backup plans in place.

I have been looking into

http://www.netequalizer.com/nda.htm

Does anyone have any experiance of these?

Many Thanks

 

[unclerico]

Honestly, everything that device can do a Cisco switch can do. The best part is that QoS is fast switched (ie in hardware) so you won't see any kind of degradation. If you're not comfortable with the MQC or QoS in general then perhaps something like that appliance would be warranted, but then again I've never heard of it before; that doesn't necessarily mean it's bad or anything. My .02

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)