Primarily schools and small to mid sized companies. Networks that already have heavy traffic with segmentation needs but without the budget for a hardware solution such as a school. The case where a hardware ISDN router would typically be used.

To give the linux oriented systems administrator advice and examples on designing and implementing a segmented network without the costs typically involved with hardware solutions. I intend to use a large-scale setup I did for The Stony Brook School as a basis for examples throughout the book. I plan to cover network design, practical implementation and concerns for future growth, pointing out what can be done with a software solution while warning the reader about the performance and reliability tradeoffs.

While trying to decide how to deal with increasing network traffic, security issues and the lack of a budget for hardware solutions, I designed and implemented a campus-wide network using linux as routers for The Stony Brook School. While the installation was not without it's headaches, there now exists a network facilitating separate ethernets for students and faculty in each of the academic buildings and inter-building connectivity via underground cables. Obviously the "backplane" capacity of a linux machine, no matter how fast, pales in comparison to hardware routers, but within the budget of several thousand dollars, the school enjoys greater than 600k sustained rates campus-wide. A subnet of IPs are gatewayed through the Linux router supplying Internet connectivity via an ISDN circuit to selected hosts.

I feel that there are an overwhelming abundance of similar needs in education and small to mid sized businesses to warrant a book of this nature. Documentation on linux routing is basically non-existent. Your book on TCP/IP routing with Cisco routers is definitive for hardware routing, where as I intend to cover network design concepts and software segmentation / routing within tighter budgetary constraints. I'm proposing "poor man's routing" as linux is "poor man's Unix".

I am a systems administrator for Evantide Graphical in Stony Brook, New York who has, as mentioned before, donated the time and energy necessary to implement a campus-wide network for The Stony Brook School within a very confined budget. In the midst of the project, it became apparent to me that there are a large number of other institutions with similar needs who's only holdback is that fact that their resident linux guru lacks the advice and examples that a book like this could supply.

I have a small background in technical documentation as over the past few years I have written and maintained the Linux netatalk-HOWTO for the community. (netatalk is an AppleTalk fileserver for Unix) My HOWTO has been translated into Japanese and is a part of the Linux Documentation Project.

Other projects I have been involved in include the connectivity for my company's WAN, several network / programming related duties for Dow Jones in New York and the ongoing administration of all of our company's web servers. I have also worked on several database projects for Dow Jones and Evantide.

Software routers are slower and less reliable than their hardware counterparts, but they offer connectivity at a far lower price point. Bridging a workgroup onto an existing LAN can be done by re-purposing an old Pentium and stocking it with a second ethernet card and some free software. Bringing Internet connectivity to an ethernet can be done without the purchase of a common "ISDN router" with the use of Linux and an ISDN circuit, or even just a modem. These solutions, however, are not without their drawbacks.

What really matters in a router is how many packets can be routed in a given time slice, and this is largely an issue of the router’s backplane capacity. Obviously in a large, high bandwidth environment you are going to use a hardware router such as a Cisco because it has the capacity to take the load. However if a situation demands routers and money to purchase a hardware solution is not available, linux machines with several ethernet cards configured as a software router are becoming a very viable option. In many cases, especially schools, pure intranetwork speed is not as much a priority as the priority of connectivity in the first place. Sometimes a software routing solution can be implemented before the funds are available for a full hardware implementation granting connectivity where otherwise it would not exist. Admittedly the software solution is slower, but the ability to re-purpose a used Pentium and drop in several ethernet cards against the several thousand dollar cost of a Cisco makes it a viable option for the network with a tight budget.

Routing, weather hardware or software, generally facilitates communication between multiple ethernets while keeping foreign packets from flooding the connected networks. In some cases, routers are used to connect distant networks together over a serial connection such as a T1 while in other cases ethernets are bridged together with a router. Linux as a software router lends itself to the latter situation remarkably well with a few added abilities above hardware solutions. With a single point of entry to a network, a firewall can be implemented on the router (or downstream) to protect the entire ethernet from exterior intruders. A certain measure of security is also achieved when, for example, you route TCP/IP for a network and don’t route IPX, so the IPX traffic is "firewalled" by the TCP/IP router. Another capability of a software router is the use of software such as ssh to deploy an encrypted WAN.

With this book, I will give insight into the design and implementation of a software routed network using examples gleaned from clanging my own head against the wall so that you don’t have to! You will see how to bring Internet connectivity to an ethernet, plan and deploy segmentation within congested networks and route through multiple routers or a BGP routed backbone all via software routers. While the concepts are similar in hardware routing, there are many issues specific to a software-based setup that will be mentioned.

single router for Internet connectivity or segmentation

multiple routers for connecting networks and segmentation

hardware is fast, reliable and expensive

software is slower, less reliable but cheaper

Discuss issues involved in bringing TCP/IP connectivity to an ethernet through ISDN or a modem. (PPP) Getting a subnet sent to you from your ISP vs. using one IP and running proxies or a firewall on the router machine. Give examples of configuration files and statistics from a real world scenario.

Splitting up ethernets to keep traffic local with multiple ethernet cards. Routing only specific networks and protocols for security reasons.

Backbone implementation. Give examples from the Stony Brook School’s backbone project.

10Mb/100Mb/Gigabit ethernet

ATM for backbones

Pluses: bandwidth management

Minuses: difficult to set up

FDDI for backbones

Pluses: Speed / simplicity

Minuses: expensive

Overview of Firewalls and proxies for security. Issues involved in deploying these services.

TCP/IP

IPX

AppleTalk