Saturday, September 8, 2007

My own private ISP

Setting up your own Internet service provider can sometimes be the only way to get satisfactory Internet access options. In case you should want to give it a try, here's a case study: my own experience.

Over the past year or two, thousands of computer users have been flocking to open source operating systems such as Linux, FreeBSD, and OpenBSD. A mere five years ago, however, the thought of a "free" operating system in the corporate environment was virtually unheard of. While designing the network topology for one of my first clients, it took months to convince them to allow Linux workstations into their Sun environment.

Now that open source is finally getting the recognition that it deserves, many corporations are starting to integrate "free" products into their networks. Other companies, mostly home businesses and geek startups, rely solely on open source software to create their magic. Sosik-Hamor Networks is 100% open source with the exception of a Cisco router and a few Macintosh workstations.

Bandwidth requirements
About six months ago my wife Kelly and I decided we had outgrown our current Internet connection and it was time to rethink our plans for the future. I was currently a UNIX systems administrator for Lucent Microelectronics but was looking for more of a challenge. I was also doing some freelance consultation and Web design and we started to question the reliability and security of using our 500 Kbps cablemodem to connect to our colocated Linux Web server.

Kelly and I started discussing different bandwidth options in our price range. ISDN was outrageously expensive, ADSL wasn't available yet, and the new breed of cable modems being released by our ISP were going to be DHCP-only, which was not an option for our home network. Then, as if to fully realize every geek's dream, Kelly said, "We're already paying an arm and a leg for the colocated server ... how much is a T1?" So, Sosik-Hamor Networks was born.

Installing the T1
After shopping around for bandwidth with local ISPs and some of the larger telcos, we started running into problems. Since we're located in the middle of nowhere and our local telco is a monopoly, we had extremely limited options. Our local telco was either unable or unwilling to bring in a co-op line from an external provider, so we were forced to go with them for our T1. With this experience, we found out that physical location is one of the most important things to consider when putting together a business that will require high-speed access. Make sure that your local telco can handle a high-speed line from any ISP of your choice.

Because the sales representative couldn't comprehend why a home business would need a T1, I was greeted with much suspicion. It took over four months just to get a price quote and another month before the fiber was run from the telco to our street. On top of that, every step of the installation was met with hostility from the ISP due to the fact that I took a very direct approach after being blown off for five months: "Give meservice or I'll sue you for not allowing me to choose an alternate provider." Although blunt and hostile, a contract was in my hands within two hours and fiber was dropped into the basement a week later.

The final price tag for fiber installation and ISP setup for the 950 foot fiber run was $2,500 total and $970/month for a full 1.544MBps T1. Telco circuit charges and ISP bandwidth fees are all covered under the monthly charge, which is an incredible deal compared to the $8,000 installation and $3,400/month quote I was getting from some other ISPs in the area.

Network planning
During the wait for the T1, Kelly and I came up with a detailed network topology map and decided exactly what hardware and software would be required to put together an inexpensive and upgradable network that could be modified with minimal service interruptions.

* Cisco networking equipment will be used exclusively.
* The DMZ outside the firewall must be switched and SNMP-aware.
* The LAN inside the firewall will eventually be switched and SNMP-aware.
* All software must be 100% open source.
* OpenBSD will be used exclusively outside the firewall.
* Linux will be used exclusively inside the firewall.
* Macintoshes will be used exclusively for project development.
* The internal file server must be AppleTalk or AppleShare capable.
* A secure auditing workstation will sit between the DMZ switch and the DMZ ethernet port on the router.

After taking stock of our current hardware, we then compiled a list of what we owned and what we needed. All of the purchased hardware was chosen because outstanding deals had been found.

* Available hardware: SPARCstation 2, 64MB RAM, 1.2GB HDD
* SPARCstation 1+, 32MB RAM, 540MB HDD
* AMD K6/233, 96MB RAM, 4.6GB and 5.2GB HDD
* AMD K6/266, 128MB RAM, 7.2GB HDD
* IBM Aptiva P166MMX, 64MB RAM, 3.5GB and 25GB HDD
* Team Internet 486dx2/66, 64MB RAM, 1.2GB HDD
* Apple iMac G3/266, 160MB RAM, 6.2GB HDD
* Apple PowerMacintosh G3/400, 144MB RAM, 9.2GB HDD
* Miscellaneous m68k Macintoshes
* MaxTech 24-port Unmanaged Hub
* 2 Addtron 8-port Unmanaged Hubs

* Hardware to purchase: Cisco 2611 router
* WIC-1DSU-T1 integrated DSU/CSU
* Kalpana EPS-2015 RS managed switch
* 19" wallmount telco rack
* 8' steel equipment rack

Next, we started distributing the machines. The AMD systems and SPARCstations would become OpenBSD servers in the DMZ and the IBM and Apple systems would become Linux and Mac OS 8.6 production boxes on the internal LAN. Linux was chosen for the IBM Aptiva because we not only needed a file server but also a workstation-style installation with the X-Window System to run X applications such as xload from the servers in the DMZ. The final Team Internet machine became an OpenBSD security and auditing workstation to keep track of traffic and the little gremlins that tend to creep into networks.

Getting online
When shopping around for Cisco hardware, I ran across a friend on #cisco on EFNet Internet Relay Chat. He gave me the pros and cons of each Cisco router and put together a great deal on a new Cisco 2611 with integrated WIC-1DSU-T1 DSU/CSU for $2,500. I later ordered a 32MB RAM upgrade from Crucial Technology for $70 to bring the router up to 40MB.

Now that we had a router, we needed to pick up a switch for the DMZ. Switching was absolutely required because sniffing would be an issue with any colocated servers. Since we only needed a switch to protect against sniffing and wouldn't need cutting-edge network management features for a while, we tracked down some surplus Kalpana switches and an EPS-2015 RS for $125.

http://itmanagement.earthweb.com/erp/article.php/615281