The RedHat 5.2 WAN options - T1 and DS3 cards

WAN Options using PCI T1/E1 and DS3 cards + DSL

So you have a company that wants to use a T1/E1 or DSL line to connect to the Internet. Welcome to high speed access! You have many options when using the Linux operating system to connect your company to the 'net. First of all - it is not as complicated as you may think. I have gotten LMC's T1/E1 adapter cards working under kernel 2.0.36 in just a few minutes. I haven't tried their DS3 cards yet (soon!) but I will describe the general options involved in this setup.

First, you have to decide what you want your gateway to do for you. Is your ISP going to give you a block of addresses to work with, or just one? Will the gateway machine also run your services, like mail, web, ftp or masquerade? Decide all of this first. If you plan to masquerade your network - and you have a lot of clients - be sure and get a higher end machine that can handle the stress. If you have real IPs, then a lesser machine will do fine.

You should first understand what T1 and DS3 mean to you. Depending on your area (US Only), a T1 line to your ISP may run from $300 to $1200 per month plus ISP charges - depending on how many central telephone offices you need to hop through to get to your destination. A T1 will give you 1.544 Megabits of throughput. Compared to Ethernet, this is about 1/6th the speed, but it is a lot of speed for a small or medium office. Consider that not all of your users are downloading or uploading at the same time. At any one time a user could download at a rate of 190kb+ per second (compared to 6kb or so on a 56k modem). A DS3 will run you from $4500 to $8000 per month, plus ISP charges. That gives you 45 Megabits of throughput, which translates to 3.5 times the speed of Ethernet. Of course, you can't really get more than 65% of Ethernet bandwidth, but you get the idea. DSL will vary in speed, but typically can go as high as 2Mb upstream and downstream.

Once you have a line, you will need a bit of equipment. The telco will handle terminating the line to your building, and run it to your data room. From there, you have a flat cable or fiber optic cables that need to plug into something. Depending on the type of PCI card you use in your Linux box, you may need a CSU/DSU. This is like a high speed modem that clocks the line and talks with the telco. Some cards have this feature built in. I am using the LMC 1000 T1 cards now ($500 or so), and they do not have a CSU/DSU, so I had to buy one. They do offer a model with internal CSU/DSU. I prefer to use the Motorola FS100, which runs around $500. Your T1 plugs directly into the CSU/DSU, and then a cable runs to your card. There are several settings for the CSU/DSU that you will need to know. Your telco will be able to help set that up for you. A T1 is really just 24 channels of 64kb each, and the CSU/DSU sends out across all of them as it needs them. That is a very basic description.

So now you have a card installed (I assume the T1 LMC card) and a CSU/DSU with working T1 line. At the very least, your ISP needs to give you a few numbers to get going. They will likely give you a /30 2 IP subnet for the point to point (ppp) connection to them. They will probably give you a subnet for your lan as well, maybe a /26 (64 IPs) or a /24 (254 useable IPs) if you are lucky. Lets worry about that later.

Depending on the card, you may have to compile the driver on your machine and get it running. Some manufacturers require that you compile the file into the kernel, but you could get lucky and run it as a module like I did. They will provide details for this portion.

Then add a route statement so traffic can flow across it "route add -net x.x.x.z 255.255.255.252 x.x.x.x".

Do a netstat -nr and you should see the card's IP in the list. Try to ping it, and the other end. Troubleshoot from here.....

Now you can add a subnet for your local lan (or if you are masquerading, you are done). Configure your Ethernet card with one of the IPs they gave you (edit the files in /etc/sysconfig) and add a route like this "route add -net y.y.y.y 255.255.255.192 y.y.y.1" where the 255.255.255.192 is the subnet they assigned you, the y.y.y.y is the network IP they assigned, and the .1 is the IP you gave the router.

If you did everything correctly, your clients are now on the net. Be sure and run ipfwadm or ipchains to protect the vulnerable users!