[clue-tech] Qwest DSL download speed reduced

Nate Duehr nate at natetech.com
Fri May 26 13:33:39 MDT 2006 

Bruce Ediger wrote:

> Almost.  In "routing" mode the Cisco 675 does DHCP and NAT.  The way
> that the 675's NAT works, only well-known port-numbered TCP and UDP
> packets get in to my network.
> 
> I want to do away with the C675 doing NAT and DHCP and any filtering:
> everything comes in to a short segment of CAT-5 cable, connected to some
> machine with 2 ethernets.  That machine does the DHCP, NAT, firewalling,
> etc on the basement-area-network side, and from its console, I can look
> at whatever goofy packets come in, be they TCP, UDP or ChaosNet.
> 
> Also, I can see more of what the Qwest DSLAM allows in to the Cisco 675.

Yep, what you're describing is putting the 675 into Bridged mode, if you 
don't want it to do anything other than be a translation device from the 
DSL wire-protocol to Ethernet.

Then you'd have to do the PPPoX on the Linux machine and make it the 
network's router/gateway.  (Gateway was always a better/more accurate 
term for the maching doing that job...)

As far as "seeing everything" at the IP level unless you're doing 
filtering in the 675, you'd see everything at the Linux box in either 
configuration.

You will not see the in-band DSL signaling and other things happening 
between the CO/DSLAM and the modem itself without a protocol analyzer.

So basically you have two choices:
1. Leave the Qwest/Cisco 675 in routing mode and create a 
bridge/firewall to see all packets.
2. Switch the Qwest/Cisco 675 to bridged mode (may need to have Qwest 
change the configuration on their end to make this work), and build a 
PPPoX router out of the Linux box.

Both configurations add a second machine to your critical path for all 
IP services to the network downstream, effectively doubling your chances 
of a failure taking your service down.

Another (more expensive) option:

3. Plug the cable going from the 675 to the LAN into a managed "smart" 
switch with port-mirroring capabilities.  Mirror the port over to 
another and plug the "monitoring" machine into that new port.  Plug the 
LAN into the switch also.

(It's less likely that a good quality switch will die than your Linux 
box dying.  No moving parts in the switch.)

Nate

More information about the clue-tech mailing list