[kwlug-disc] Two ethernet ports - 1 in, 1 out

Mon Jan 25 14:11:14 EST 2010

kwlug-disc-bounces at kwlug.org wrote on 01/25/2010 01:28:26 PM:
> 
> Boiling it down to 'what do I want to do', I suspect that'll illustrate 
> how stupid of a question I'm asking.  I now recall when i've seen this 
> done in the past that it was for security reasons, where one port faces 
> outside and another port faces outside.

Did you mean inside/outside?

> The reason I was asking was really just for traffic issues - thinking 
> that if I had some network traffic and my voice traffic running though a 

> machine that perhaps having inbound traffic on one port and outbound on 
> another would prevent any possible traffic overloads.  But now I state 
> that explicitly, I suspect the answer is that there's not enough traffic 

> there to worry about.

You can bond interfaces and with the proper switch configuration utilize 
the throughput of both interfaces. This is just making things faster and 
doesn't address the traffic issue. You do need the ability to set up 
trunking on the switch ports and this generally is only available to 
expensive switches. A bond can be used in fail-over mode with any switch. 
Bonding works by assigning the same IP address to more than one port.

To actually control traffic it's called QoS (quality of service) or 
traffic shaping. Typically a system will have one queue to schedule 
outgoing packets and it's a FIFO (1st in 1st out) queue. It's not fair if 
one application is pumping huge packets and another app like VoIP is 
putting out a steady stream of small packets. Given infinite bandwidth 
it's fair, but with Internet connections it generally isn't.

Iproute2 also provides traffic shaping. It can be configured through the 
'tc' utility. The idea is to create several queues for a network device 
and distribute packets among the queues based on rules. So VoIP packets 
get one queue, downloads get another. Then, basically, you can assign 
guaranteed throughput to each queue, but allow them to burst if there is 
unused throughput.

Keep in mind that you can only directly control outgoing traffic. You can 
only indirectly control incoming traffic, but it doesn't work in all 
situations.

Asking an ISP to control your incoming bandwidth might be difficult, 
although I've never tried. I know that Unlimitel offers DSL connections 
that have built-in QoS for VoIP.

John Van Ostrand
Net Direct Inc.

CTO, co-CEO
564 Weber St. N. Unit 12
map

Waterloo, ON N2L 5C6

john at netdirect.ca
Ph: 866-883-1172
ext.5102
Linux Solutions / IBM Hardware
Fx: 519-883-8533